8.2 Identity and Access Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

5 hours 49 minutes
Video Transcription
Hello, everybody, and welcome to the I T Security. Absurd Number 31 Coyote Identity and Max's Management. My name is 100 Gina and I'll be instructor for today's session.
Learning operatives of the session is to understand and be able to identify the main concepts off I. A T identity and excess monster in Solution
Secure Administrator have traditionally being concerned with managing the identity, some controlling access for the people that are part of the infrastructure.
Nearly at the concept of bring Your own device has what's introduced, which allowed individuals to actually associate personal devices with the record operate account and to receive service is like e mails or something like that.
Some business are still struggling with this US implementing B Y. O D
policies heart, especially when you're concerned with security privacy. In my imagine an employee opening a confidential report on a June broken phone on and connected to an airport wireless
made things harder. I change reduces our waiter connectivity environment that be way indeed, us
Many more I NT devices are expected to be deployed through their UN organization that are, you know, than the usual one or two moment phones or laptops forage employees.
You know, the tea nature is also, you know, also introduces new challenges for secure administrator in industrial and our incorporate environments.
Today, many I A T solutions are already being designed to be leased,
uh, right rather than owned. Consider, for example, off least rod Radiology machine that reports the number of scans and send it over to the club fighter.
Now imagine adding Federated authentication to this scenario, meaning that you or other use you're trying to shirk his data. Among other organizations. Insurance company, for example.
Access control decisions can potentially become very complex even when restricted to specific device or version.
Eso benders are currently working on solutions that can fingerprint I P based society devices to, you know, make things If you're
you know, I NT identity and access management is one aspect off on reaching security program or solution that must be designed to mitigate this dynamic environment.
You know where new devices can be secure, the other other to the network, you know, secure enrollment,
um, a rapid pace. That's the concern here. Data are even devices can sure not only within the organization, but with other decisions can Federated Authentication and privacy is maintained despite consumer that are being collected to stir and frequently shirt with others.
I mean, J D. P. R is a huge deal, as we just saw a couple of modules ago.
So make sure do you are actually doing that? So to begin to tackle this problem, I you know there's on identity life cycle, you know, to correctly implement on identity and medication management solution.
It is useful to late of the life cycle faces off the identity itself. Didn't the life cycle for an ill advised contains thes faces? The faces? I tried to put them together in four main principles
because at the end, there's a lot of faces that you have to go through
on each of these principles. So you know, the first one's establishing a naming conventions and UNIX my uniqueness requirements,
you know, uniqueness eyes a feature that is fairly simple to implement. It is on its only requirement is that there is no other identical to it.
For example, you can use the simplest unity that fart, which is a counter, you know, want to truth for five and go from that. Each values assigned us never repeats itself. It's like kind of the cutting the primary key off a database table.
Um, to this end, manufacturing need feels, maybe added to several ways
in a compliance when interesting convention, for example, the unique identified or u u i d
ah for which the U UD stuns a stunner. Specify in the Arab. See our request for common 41 22.
in the secure enrollment nothing's worse for security than I am t enable Systems are never Ripley off or full with false identities used to act, you know, and a spoof identities of devices from users.
for example, you can use, you know, uh,
safe of earlier day for lost off private information Can be, you know, started actually about by this spoofed identities. So it's a difficult task in the identity life cycle, you know, because you have to establish the initial trust in the device that allows
they devised to book drop itself into the system.
Among er, the greatest vulnerabilities, this security, identity and access management is insecure enrollment. You have to be really sure make really sure that any new device connecting to the network will be properly.
you have to run like a background check, even a screen check. I mean, you could convert. Do that. You have to be very terrible. Off what? Authentication metals you're reducing. Maybe to factor tree factor authentication or even four factors. Indication
something. You are something you own. So you you have
and where you are. Mean JIA Localization could be a huge deal because if all the customers are in, for example, North America are South America. It doesn't make sense that I'm a nightie devices trying to connect all the way from India or China, for example.
problem. Shannon, once different nation of for identities with the device is established. I mean, you know that the device is the legitimate. Andi doesn't repeat itself. Probably standing off operational credentials can occur.
These are the credentials that will be used within 90 system for secure communication authentication on in terry and protection, As you can recall from the cryptography models, using digital certificates for authentication and authorization can really boost your security controls. Implementing a public infrastructure or P K. I
is one of the best ways to keep things confidential on in this case, sending the credentials is something you should differently.
Kept confidential, you can just algorithms like a key wrapping key or key encrypting key algorithms like the difficult one algorithm. So you can actually exchange those credentials in a secure fashion.
I can monitor it and control after counts and credentials have been provisioned. Thes accounts must be continued to be monitor against defined security pulses. For example, you shouldn't be able to try to look into from the same device to the cloud service more than three times with an incorrect.
Is it just an example?
No suspension? Delish in our updates are dependent on several factors. Just make sure you have a clearly designed policy on that you're on Lee implementing them. I mean,
it's not the same us
just saying I have a policy and is in my desk that actually trying to implement it and using technology to enforce that policy.
What is the way of the what was that? B A. Bring your own device. It's something that you can, you know that let your employees to use their personal phones or personal devices. Toe consume. Corporate's service is
what is u U I D. Will is a unique that farm and is, you know, uh, industry convention that you can use to actually name your devices.
What is this proof in and why It is one of the biggest concerns in a rented the management solution.
Well, it's Impersonating another device. For example, I'm pretending to be the pacemaker off other person. And I'm telling server to stop the service because I don't. I'm no longer needed so you can see the harm and the and the concern right right here
in today's lecture with this cause, the main topics behind the IA ti identity management solution,
you can go to this link. It contains several several other topics on only the identity of Max's management, but it also leads them to some security solutions. And you can go back also to the cryptography model and see how you can actually use photography to boost
your security controls when it comes to identity and access management
looking for working and his video will review some concepts that will help us to reduce or accept
brightness of risk concerns off your infrastructure.
Well, that's it for today, folks, I hope in your day video institution
Up Next