5. Identity and Access Management

Descripción

5 (CISSP CBK) Mind Maps Mapa Mental sobre 5. Identity and Access Management, creado por Marisol Segade el 29/08/2015.
Marisol Segade
Mapa Mental por Marisol Segade, actualizado hace más de 1 año
Marisol Segade
Creado por Marisol Segade hace más de 9 años
45
1

Resumen del Recurso

5. Identity and Access Management
  1. 5.1 Understanding Access Control Fundamentals
    1. CISSP Exam Tips
      1. Authentication provides validity
        1. Authorization provides control
          1. Accountability provides non-repudiation (sometimes)
          2. Access management objectives
            1. Types of access controls
              1. Access control system attributes
              2. 5.2 Examining Identification Schemas
                1. Identification guidelines
                  1. Profiles
                    1. Identity management systems
                      1. Directory services including LDAP and MS AD
                        1. Single sign-on
                          1. Federated identity management
                            1. CISSP Exam Tips
                              1. Identification information although seemingly benign can contain sensitive or legally protected information
                                1. SSO & Federated Identity although convenient can be extremely dangerous if the system is compromised
                                  1. Accountability is when actions can be traced to their source
                                2. 5. Identity and Access Management - 5.3 Understanding Authentication Options
                                  1. Factor requirements
                                    1. Out-of-band authentication
                                      1. Password strengths & weaknessess
                                        1. Password management systems
                                          1. One time passwords or passcodes
                                            1. Tokens, memory cards and smartcards
                                              1. Biometrics
                                                1. Credential management systems (CM)
                                                  1. CISSP Exam Tips
                                                    1. Hashed passwords should always be "salted"
                                                      1. Biometric markers may be able to detect addiction, illness and pregnancy
                                                        1. Attacks can gain control of a CM system and issue privileged credentials
                                                      2. 5.4 Understanding Authentication Systems
                                                        1. Authentication authorities
                                                          1. Single sign-on
                                                            1. Kerberos
                                                              1. SESAME
                                                                1. Thin clients
                                                                  1. Federation Authentication
                                                                    1. Identitity as a service (IDaaS)
                                                                      1. CISSP Exam Tips
                                                                        1. Kerberos uses tikets for authentication
                                                                          1. Federated authentication is prominent on the web
                                                                            1. Single sign-on systems can be a single point of failure (SPOF)
                                                                          2. 5.5 Implementing Access and Authorization Criteria
                                                                            1. CISSP Exam Tips
                                                                              1. Privilege trumps rights and persmissions
                                                                                1. When in doubt, deny access
                                                                                  1. Authorization creep is the accumulation of access rights, permissions, and privileges over time
                                                                                  2. Rights and permissions
                                                                                    1. Privilege
                                                                                      1. Need to know and least privilege
                                                                                        1. Default allow and default deny
                                                                                          1. Authorization creep
                                                                                            1. Dual control and separation of duties
                                                                                            2. 5.6 Implementing Access Control Models
                                                                                              1. CISSP Exam Tips
                                                                                                1. The OS and the Application must support the access control model
                                                                                                  1. Role-based access control (RBAC) can be used to enforce separation of duties
                                                                                                    1. In DAC environment, the owner can delegate control decisions
                                                                                                    2. Access control models and techniques
                                                                                                      1. Mandatory access controls (MAC)
                                                                                                        1. Discretionary access controls (DAC)
                                                                                                          1. Role-based access controls (RBAC)
                                                                                                          2. 5.7 Implementing Access Control Techniques and Technologies
                                                                                                            1. Access control lists
                                                                                                              1. Capabilities table
                                                                                                                1. Rule-based
                                                                                                                  1. Content-dependent
                                                                                                                    1. Context-dependent
                                                                                                                      1. Constrained interfaces including menus, shells, database views and physically constrained interfaces
                                                                                                                        1. CISSP Exam Tips
                                                                                                                          1. Rules are not bound to a subject or an object
                                                                                                                            1. An ATM is an example of a constrained interface
                                                                                                                              1. ACLs and Capability tables are generally cumulative
                                                                                                                            2. 5.8 Identity and Access Provisioning
                                                                                                                              1. CISSP Exam Tips
                                                                                                                                1. Provisioning and review are iterative phases
                                                                                                                                  1. All rights and permissions should be documented in the assignment phase and checked when revocation occurs
                                                                                                                                    1. Users are vulnerable to social engineering
                                                                                                                                    2. Identity and Access provisioning lifecycle
                                                                                                                                      1. Oversight and privilege account management - Monitoring and auditing
                                                                                                                                        1. Social engineering
                                                                                                                                        Mostrar resumen completo Ocultar resumen completo

                                                                                                                                        Similar

                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        Andrea Leyden
                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        Sarah Egan
                                                                                                                                        GoConqr Getting Started Guide
                                                                                                                                        Norman McBrien
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        Manikandan Achan
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        croconnor
                                                                                                                                        Mind Maps with GoConqr
                                                                                                                                        Elysa Din
                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        laurie trost
                                                                                                                                        THE WAYS IN WHICH ICT IS USED
                                                                                                                                        antebellsayssup
                                                                                                                                        Mind Maps with GoConqr_1
                                                                                                                                        hurtado13071
                                                                                                                                        The Lungs
                                                                                                                                        Tamara Lancaster
                                                                                                                                        Creating Mind Maps with GoConqr
                                                                                                                                        alisamyfahmy