7 hours 35 minutes
Hello, everyone. Welcome to the S S. C. P. Example. I'm your instructor, Peter Sip alone.
This is the fourth
and last lesson off the main one.
So far in the main one, we've seen
access control, fundamental concepts,
types of access control,
for the last couple objectives, we will take a look at trust, architectures, trust direction and the identity management life cycle.
Let's get started.
These are the four trust architectures and how they relate to each other.
We'll start with the Internet.
The Internet is a personal, localized network belonging to organizations.
Onley members of a particular organization can access the Internet.
The extra net
is a computer network that allows controlled access from outside
for specific business or educational purposes.
So if two Internet with networks want to share data or have a vial of go back and forth, they create an extra net, and then each Internet can put the shared things in the extra net
and the end. Then, at that point, the other intranet
can access those files.
Third type of the architecture is the D M Z.
This architecture since between the Internet and the Internet.
It's like considered a neutral, neutral zone. It prevents outside users from getting direct access to a server that has company data.
And, of course, the last time of the architecture is the Internet, which were very, very familiar with
the Internet is a global system of interconnected computer networks that used, you know, the TCP i P suite to link devices all around.
what is trust?
Trust is the belief in the security of a connection between domains or networks.
Trusted Pat is a series of trust relationships that authentication requests must follow between domains.
There are really three kinds of trust. There's one way trust,
two way trust
and trust. Transitive ity.
One way trust is very simple.
Domain has access to domain be,
but Domain B does not have access to demean
two way trust me trust and go in any direction. So with doing a has access to do me, B and D maybe has access to domain
trust. Transitive ity determines whether a trust could be extended outside the two domains between which the trust was formed.
would trust transitive ity.
If domain A has access to domain be
and domain be has access to domain. See,
therefore domain A has access to do means see
for domain beat without the access being direct
the identity management life cycle There five areas that make up this life cycle and this life cycle exists to manage users and people who are a part of an organization.
Five parts of the identity management lifecycle Our authorization
proofing, provisioning, maintenance and entitlement
authorization, as we looked at in a previous video, determines what a user can access after they've been authenticated.
is more or less. The authentication purpose it involved verifies the person's identity before that person is issued. Any accounts or credentials,
provisioning is the automation of all procedures and tools.
Maintenance to the life cycle is comprised of user management, password management and roll group management
in total minutes. Similar authorization where it's a set of rules for managing access to a resource and for what purpose?
In today's brief lecture,
we discussed trust, architecture, the different kinds of networks and the trust associated with them.
Trust direction, how authentication requests
have to go back and forth through certain different ways. We saw that there was one way trust to wait, Trust and trust, transitive ity
and the identity management lifecycle How users are managed in an organization.
a software channel that is used for communication between two processes
that cannot be circumvented, is a one way trust.
Be two way trust.
See trusted computing based
de Trusted path.
If you said D trusted path, you are correct.
Hope you guys learned a lot. Thanks for watching and congratulations on finishing the first domain.
ISC2 Systems Security Certified Practitioner (SSCP) Practice Assessment
The SSCP exam preparation package helps students prepare for the ISC2 SSCP certification exam. ...
(ISC)2 Certified Information Systems Security Professional 2015
(ISC)2 Certified Information Systems Security Professional 2015 is a practice exam preparing for the CISSP ...