Hello and welcome back the Siberia's 2019 cop T A security plus certification preparation course.
We're gonna continue our discussion on margarine before which in fact, is domain for and the top of discussion would be identity and access management.
Surprising enough. We have a brand new known object, which is 4.1, where we had to compare and contrast identity and access management concepts.
The first item on our agenda is a pre assessment quiz, and it reads asked Falls. Which of the following processes transpires when a user provides a correct user name and password? Is it a identification?
Be authentication, see authorization or D accounting.
If you select it be, you're absolutely correct, because authentication is the process that validates an identity. When a user provides their credentials, such as the user name and password, it is compared to those on file in a database on a local operating system or within an authentication server.
Continue on with this particular brand new learning objective, which again we're going to compare contrast identity and access management concepts
here again, awesome key concept, which encompasses this particularly objective, ranging from identification, authentication, authorization and accounting.
So let us turn our teacher toward access control. Now when you think about access control, basically it involves granting on the nine approval to use specific resource is
now within the contents. Excess control. You have physical access control, which consist of fencing, heart work, door locks and man chaps to limit contact with the dices.
Technical access control consist of technology with Scripture that limit uses on computers from access and data.
There are four standard access control models that you need to be aware of, which will be discussing an upcoming videos
now accident troll and able. An authorised person control access to areas and resource is in a given physical facility or computer based information system.
A key part of any X control system is the identification authentication of individuals. If you can't identify individual, everyone is in fact anonymous. If everyone is anonymous, there is no way you can control access to different resource is either. Everyone has access are no one has access
the overall process of identification, authentication authorization in other words, the user professors and identity
and validates that it didn't about providing authentication, type information
and authentication system. What it does. It verifies the credentials, then access control such as permissions authorized to use it. Access researchers such as Out stored on the server. If these three steps do do not, in fact come together, the user is not able to access. Resource is protected with access control.
This brings us to access control. Terminologies. Now we're beginning. Look at these. We have literally basic four different columns where we have the action. We have the description. We have a scenario. Example. Then we have a D computer process. Now we're beginning. Look at unification.
First of all description is a review of the credentials. So the never a type the deliver driver shows their employees batch
the computer process to use a interest, their user name. So again, there's just one of many that's listed on this particular slide. We do. We gotta how that we are not going to highlight at this point in time.
Tendonitis toward the staff access control.
First thing in terms accident. So we have identification. Other words you present credentials. Example would be the deliver driver visiting his or her employees badge.
Then we have authentication is whether you actually check those credentials. Example will be examining the delivery drivers badge.
Then the authorization process is basically is entails. Granting permission to take action
example would be allowing that deliver driver here, he or she to pick up the package.
When you look at X can show you process, you have the subject, the subject literally, what he or she does. They present their credentials to the system
doing authentication price of what happened, that system it verifies. And it validates the credentials that, in fact, ensuring that they are authentic
authorization grants. Permission to that allow resource is
now. When you presented it into a system, that system want you to prove that is indeed you and not someone else. Where in authentication is the process ascertaining that somebody really is who he or she here, she claimed, professed to be.
Continue on with this particular topic In terms of subjective Carol, which deals specifically with comparing and contrast identity and access management concepts, let's take a look at some additional objectives again. Some topics Rupert tear turn out toward the definition. Other words that find exactly what motive factor authentication years, other words,
somewhere you are something you do
when we begin to look at the topic up. Multi factor authentication.
It's a security mechanism in which individuals authenticate room or than one require security and validation procedures.
More type of authentication is a built from the combination off physical, logical and biometric validation techniques used to secure a facility, product or service. So motor fact they get referred to use at least two different types of factors for authentication, the two different types of authentication factors might be a tightening password
This brings us to five factness of authentication that you need to be aware that first, where I'm going to highlight doing this particular video is something you are.
Now. When you look at something, you are basically verified. What Byron mention, such as your fingerprints or your retina scan
This includes the physical devices that are user prevent, possesses, in other words. Example includes a smartcard heart work, token memory card or a USB drive.
Something you know, this could be a password, person identification number, other words pen or past praise, for instance,
this includes and actionable characteristic of an individual examples our signature
and keystroke dynamics,
This includes an actual character myself, in a good example, signature and keystroke dynamics.
Then we turn our attention to what single factor authentication Now with single factor authentication, only one factor is use. Single factor. Authentication, in fact, is the simplest form authentication method with single factor. Authentication of person matches one credential to verify himself or herself online.
The most popular example of this would be a password. Other words, a credential
to your user name. Most of application. They uses this type of indication type method.
Continue our discussion of comparing a contrast identity and access magic concept again. Dis objective. What? We don't take a look at some additional topics, which encompasses this particular objective, ranging from federation single sign on to transit trust.
So taking a look again at what we call Federated access what that does that allows users and different networks to log on only once,
even if they are accessing multiple system. The system can be different operating system owned and operated by different types of organizations.
Then we have the security assertion, markup language, other words, a sampler.
It has a principle, has a dentist identity provider in the service about her.
Now when we look, for example, at the principle, the president is typical user that logs on to the system
if necessary, use a must or might request a principal identity from the identity provider
they didn't provide. It basically creates and maintains and maintains the dinning information for the principal.
The service provides provider is a survivor is the entity that provides a service to the press. Before example, a banking institution that host different banking services is the service provider.
The next one we have is called a secure
European system for application in a multi vendor environment. This was created as an alternative to curb owes in the European countries. However, with improvements to curable
the what we call the secure European system application in a motive an environment Israeli used, if not today,
then we have the kryptonite. Basically, this was created by IBM
as an alternative to curb ALS. It does not have as much network over here s horribles, however, like sesame other words, because the secure European system app for application A multi vendor environment
Israeli used today as well
because of the advanced modification and features that they've had with the curb owes of dedication.
This brings us to a term called trust transitive ity.
Before we could talk about the trust, models were talking a little bit about trust transit E
Trust Transit City is a control feature for trust relationships.
In essence, it allows you to trust other entities, would not directly knowing them,
and may allow you to extend the trust beyond domain, despite the fact that you may not trust them directly. So in this example here,
off trained to trust. Let's say, for example, if a trust be
that trust relationship exists and b trust see and that trust relationship exists, then transit trusts as well.
A. Because I trust be I could trust everybody you know and everybody you know, actress. And so you have this what we call transit trust relation between
a. N. C. Even though a doesn't know, see directly, it's using B as a root of trust, if you will, and using that to say OK because you trust, See now actress see as well the embers of this you can use is that the natural relationship as well.
You can say that well known, trusted non transit trust says, because you trust other domains. I'm not going to trust those. The borders are those domain that you trust, and that's none transit because it denies those trust relationships.
Then we have a term call one way trust, a warm where trust is a single trust relationship, where a trust be
all one way trust relationship are non transitive, and all non transit trust are one weight authentication quest can only be passed from the trusting domain to the trust domain.
This means that if a has a one way trust with B and B has a one where trust with C A does not have a trust relationship with C,
continue on with two way trust A to a trust said that we're going to trust each other, so I trust you and explicitly therefore you trust me,
and that's a two way trust. And because of that, what you have with this is a situation where devices and people can actually authenticate across domains based upon those trust relationship
to a trust says everything in here is going to trust everything in a resource domain is going to trust everything in that counter may and by Syverson.
And so you have people in If I sit in both domains, cross authenticated, if you have will between a different domains, and users can authenticate in both directions when you have what we call a two way trust.
This means that a thinner case of quest can be passed between the two domains and both direction. Some to a trust relationship can either be non transitive or transited pin upon the type of trust being created. All the main trust in the accurate force are two way other words. Transits trust when a new child domain is created.
What we have, in essence, is a two way transit trust.
It's automatic, created between a new child of Maine and the parent domain.
Now, transit trust is a two way translation that automatic create between a parent and child in a Microsoft active directory type environment.
This brings us to a post assessment Quist, and we have a statement here
and what you need to determine whether or not this statement is in fact a true statement or in fact, is it false,
and it reads, asked bottles
multi factor authentication refers to using two different types of factors for authentication purposes. Is this true or false?
If you should let the true you're absolutely correct
at this point in time. It brings us to our key takeaways from this particular video, and they are as follows. We learned that single sign on uses Federated identities to provide a more seamless experience for users when access and resource is.
We also learned that a two way trust says that everything in here is going to trust everything in the resource of Maine that's going to trust
everything in account may and by subversive
we don't get transit Transit City determines whether trust can be extended outside the two domains between which the trust was in fact formed.
We also learned that federal excess allows users and different networks and long and only wants, even if they're accessing multiple systems.
We learned that transit trust is a two way trust relationship automatic created between a parent and child and on Microsoft active directory forests.
We learned also that the one where trust is a unit directional authentication path created between two domains. Other words. The trust flows in one direction and access flows in the other
and our upcoming video. We'll continue our discussion by taking a look at a brand new one objective, which is 4.2, which is titled Giving a Scenario
and Stalling and Figure Did It and access services
look forward to seeing in a very next video?