3.1 Authentication, Authorization, and Accounting Part 1
2 hours 22 minutes
Hello and welcome to the side Berries MT. A 98 3 67
security fundamentals certification prep course.
Now, in this particular model, which is actually margin number two, we're gonna be discussing authentication,
authorization and accounting.
So let's turn our teacher toward the objectives. They're actually gonna be too objective will be covered doing this presentation because this particular video, or marginal too, is broken down into two parts are two part videos. In other words, in this first video, we could discuss understanding user authentication
as well as understanding permissions. And the next video disc will proceed. This video, we're gonna look discuss on the stand and encryption, as was understanding protocol, security and last, but certainly so which understanding on it policies. So let's take a quick pre assessment quiz
and the questions as follows.
What is the most common form of authentication? Is a pass worked? Is it be a pin
or that see digital certificates or D smart cards?
If you said that the password your afternoon correct, because more much of the world's data protection it's based upon passwords. Now what you see happening today, you use a password to secure you voicemail you're 18 excess, your
email account, Facebook account and a host of other things as well.
So let's begin by first time discussing these the Triple A's.
It's called authentication Authorization and a County. So when you think again about authentication authentication refers to unique in the identify information from each system user Jill in the form of user name and password. Since administrators Martin add or delete authorized users from the system, then we have a term call
Now authorization refers to the process of adding or denied individual user access to a computer network, and its resource is using, maybe given different authorization level that limit their access to the network. And associated resource is
so what is accounting
Now? We think about account and counter refers to a record keeping and tracking abuse activity on a computer network. Forgiven time period. This may include, but it's a little too real time, accounting and time spent accessing your network. The network service is implore or access
her passing and chain analysis network cause allegation,
billing data, logging data for user's dedication and authorization, and the data or debt amount access or transferred.
Then we have a term called non repudiation. Simply speaking on imputation is the assurance that someone cannot deny something.
Typically, non repudiation refers to the ability to ensure that a party
to a contract or a communication cannot deny the authenticity of this signature on a document or sending off a message that they obviously originated.
Then we come into Logan Ah, log and bases a set of credential Jews to authenticator users. Most often these consists of a user name and password. Log ins are used by websites computer application, mobile applications well against some examples of law against Man Cube, for example, your operating system Log in.
For example, what if the Windows or Mac every website log in your application store log in
and so forth?
This also brings us to your leader the very important term. Call multi factor authentication. Now, if you never heard a mother for that, that medication, that's not a problem. So what I'm gonna do is kind of break it down for you so you can understand exactly what it is now. Multifaceted dedication or M f. A.
Two factors dedicates and three fat authentication, or T f. A
is a former security authentication that requires a user
to present two or more of the three possibly indication factors in order for the dedication to be complete. The other party, the computer, that website, the building interest system must validate each factor after it's actually been presented.
Then we come to a term call, a password, a password and nothing more than a screen of characters used for authenticating a user on a system. For example, you may have an account on your computer that required to log in. In order to successfully access your account, you must provide a valid user name as well as a password.
Then we have a term called digital certificates.
Now you may act. What is this sensitivity? It's nothing more than basic. What it does is it enables an entity to share their public key in a way that could be a thin ***. Ated desiccant, stiffest are used in public cheick cartography. Other words, P k I. They are most commonly used for initializing secure SSL are scarce. I can leer
connection between your Web browser
as well as your Web service.
They're the smart card, on the other hand, is a device with the dimension of a credit card using a small microchip to store and process data. In many cases, you're smart cars have replaced what we call a magnetic cards because they can't handle more information. And if I'm or functionality,
smart cars are not in use in many industries, including
retail. You have your transit systems and security service is well and basically has had a non volatile memory basically his memory that does not forget its contents when the power is obviously disconnected,
we have a interesting term call a security token.
Now this is a portable device that authenticates a user identity. Eight electronically. By storing some sort of person information, the owner plucks the security token into a system to grant access. T network service Is that security? Token Service's issues. Security tokens, which authenticates again That person's identity
then we have a term called biometrics, not biometrics is a technological and scientific and dedication method is based on biology and use. And if mission assurance, biometric identification dedicates secure entry data or access via human biological information such as your DNA, your fingerprints.
When you look at biometric system that includes several linked
components for effective functionality, the biometric system connects an event to a single person way in other I D forms, such as your personal again. What we call personal identification I'm or pen may be used by anyone
when we look at Radius Now, Radius stands for remote access dialing users. Service's and tactics stand for Terminal Access Control system Plus now the primary function. Functional difference between radius and tack. This is that tightness separates out the authorization functionality.
Where Radius, What it does for combines both your dedication
as well as again will be called the Authentication.
Now that's interesting command car run ***. Now, if you think about it in computer terms of computing terms, it's a command. In the mikes are wonders line of operating system that allows the user wrote specific tools and programs under a different user name to the one that was used to log into again a computer system interactively,
we have a term again Call after directory.
Now active director is nothing more than a director service that Microsoft developed for Windows domain networks. It is included that most of your Windows server operating systems as a set of processes and service initially active direct, it was only in charge of centralized of main management.
Now the other thing. He has what he has with a term called Light with Direct Back Out what we call a lightweight directory access protocol L down. Now it's a client server protocol used to access and manage directory information. It reason and it's directories over your game. You're Happy Network
and runs directly over TCP I p. Using simple screen format for data transfer.
Now we're looking a domain controller. It's nothing more than a serving computer, that response to security authentication requests in terms of logging and chicken permissions within again a Windows domain. Again, this is based on looking at, For example, if you have your computer at home and you have your own domain controller set up, which is a centralized,
allows you to manage everything from one centralized location. In other words,
your domain controller controls everything, basically, is the brain of your network.
Then we have again next. I want to take a look at again. It's called again Auntie LM. Basically what this is is a is ah, Windows NT land manager. It's a security protocol suite for Microsoft Windows four Point, which replaced land manager and anti LM is used for
down level client and server compatibility up to
getting one of 2000 again. This, the anti manager based basically were replaced by Microsoft Terrible's, which would be discussing as well. So this this anti Ellen What it does that indicates climbing service veer. A challenge response met that compose a three messages. You have a negotiation
again. They have the challenge. You have dedication and so forth.
Now you look at parables. That then a case. It basically is a computer network authentication protocol that works in the base of tickets to allow knows communicated over a non secured network to provide the identity to one another in a secure manner.
Now, organization units, basically again on his issues, provides a way of classifying objects located in directories or names in a digital certificate. Hierarchy typically use either two different eight between objects with the same name like, for example, John Doe, an organization of market versus John Doe and again in customer service, is
an object again. We object, basically have object oriented programming are things that you think about first and designing your program, and they also the units of colds that eventually derived from the process. Each object is an instance of a particular class of subclass with the with the class on
methods or procedures. As worth data
variables, a user is a person who uses again, unites Computer Network, uses a computer system and software products generally like the theoretical what we call the technical expertise required to fully understand how they work. And then we have our computers, which is getting nothing more than a device.
We have groups again and computing the term group's gonna refer to a group of users and principal using. They belong to non one or more groups, although in practice some system placed limits on this.
So again, we also have these various groups we have security groups. Begin is a set of files groups under a unique name.
Do we also have direct also had distribution group with game, which refers to any group that doesn't have a security context? Your global security ones groups are often used to organize users who share similar again what we call network access to the organization and user who share similar network access. Global Group's on the hand are
basically our security groups are most often used to organize you
users who share similar network access requirements. Universal Groups is a security or displacing group that contains users groups and confused from any domain in its force.
We have rights again, use the rights of specific access again
and, ah, 1,000,000,000 permissions that a design assigned to customizable user groups again groups may may can then be a sign or removed from users to what we call specific user right special page. In other words,
permission is the most common objects objects assigned for missions or your network. What we call NT F s noot new technology files is when folders again, ultimately referring toe as rights and privileges, permissions or access details given by uses on network administrators.