Time
7 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
12

Video Transcription

00:02
Hello, everyone. Welcome to the S S. C. P. Example. I'm your instructor, Peter Sip alone.
00:08
This is the fourth
00:10
and last lesson off the main one.
00:13
So far in the main one, we've seen
00:16
access control, fundamental concepts,
00:19
types of access control,
00:21
security models,
00:23
authentication mechanisms.
00:26
And now,
00:27
for the last couple objectives, we will take a look at trust, architectures, trust direction and the identity management life cycle.
00:36
Let's get started.
00:40
These are the four trust architectures and how they relate to each other.
00:44
We'll start with the Internet.
00:47
The Internet is a personal, localized network belonging to organizations.
00:53
Onley members of a particular organization can access the Internet.
00:58
Um,
00:59
that organization.
01:02
The extra net
01:03
is a computer network that allows controlled access from outside
01:07
for specific business or educational purposes.
01:11
So if two Internet with networks want to share data or have a vial of go back and forth, they create an extra net, and then each Internet can put the shared things in the extra net
01:26
and the end. Then, at that point, the other intranet
01:30
can access those files.
01:33
Third type of the architecture is the D M Z.
01:36
This architecture since between the Internet and the Internet.
01:42
It's like considered a neutral, neutral zone. It prevents outside users from getting direct access to a server that has company data.
01:53
And, of course, the last time of the architecture is the Internet, which were very, very familiar with
01:59
the Internet is a global system of interconnected computer networks that used, you know, the TCP i P suite to link devices all around.
02:10
So
02:12
what is trust?
02:13
Trust is the belief in the security of a connection between domains or networks.
02:20
Trusted Pat is a series of trust relationships that authentication requests must follow between domains.
02:28
There are really three kinds of trust. There's one way trust,
02:31
two way trust
02:32
and trust. Transitive ity.
02:37
One way trust is very simple.
02:38
Domain has access to domain be,
02:44
but Domain B does not have access to demean
02:49
two way trust me trust and go in any direction. So with doing a has access to do me, B and D maybe has access to domain
03:01
trust. Transitive ity determines whether a trust could be extended outside the two domains between which the trust was formed.
03:09
So
03:10
would trust transitive ity.
03:13
If domain A has access to domain be
03:16
and domain be has access to domain. See,
03:22
therefore domain A has access to do means see
03:25
for domain beat without the access being direct
03:31
the identity management life cycle There five areas that make up this life cycle and this life cycle exists to manage users and people who are a part of an organization.
03:46
Five parts of the identity management lifecycle Our authorization
03:51
proofing, provisioning, maintenance and entitlement
03:55
authorization, as we looked at in a previous video, determines what a user can access after they've been authenticated.
04:05
Proofing
04:06
is more or less. The authentication purpose it involved verifies the person's identity before that person is issued. Any accounts or credentials,
04:17
provisioning is the automation of all procedures and tools.
04:24
Maintenance to the life cycle is comprised of user management, password management and roll group management
04:32
in total minutes. Similar authorization where it's a set of rules for managing access to a resource and for what purpose?
04:42
In today's brief lecture,
04:44
we discussed trust, architecture, the different kinds of networks and the trust associated with them.
04:49
Trust direction, how authentication requests
04:54
have to go back and forth through certain different ways. We saw that there was one way trust to wait, Trust and trust, transitive ity
05:02
and the identity management lifecycle How users are managed in an organization.
05:10
Kristen,
05:12
a software channel that is used for communication between two processes
05:15
that cannot be circumvented, is a one way trust.
05:19
Be two way trust.
05:21
See trusted computing based
05:25
de Trusted path.
05:30
If you said D trusted path, you are correct.
05:35
Hope you guys learned a lot. Thanks for watching and congratulations on finishing the first domain.

Up Next

Systems Security Certified Professional (SSCP)

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Instructed By

Instructor Profile Image
Pete Cipolone
Cyber Security Analyst and Programmer
Instructor