Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Description

This lesson covers the Domain 7 which is identification and Authentication and discusses basic requirements 3.5.1 and 3.5.2.

Video Transcription

00:04
all right, We move on to domain seven, where we talk about identification in authentication, and this is actually the fifth requirement specified by missed 801 71.
00:15
So here, when we look about the look at the basic security requirements, you know, if you talk about identification and authentication, identification is all about making a claim. I claim to be Kelly Hander Hand, but that identification should be followed up with authentication, which is proof.
00:34
And if we don't follow with authentication, I can claim to be anyone. I claim to be the administrator, but you can't put the faith in that. And if identification is left alone than spoofing becomes very easy, I can say I'm Michelle Obama, but until I provide proof of that,
00:53
uh, you probably shouldn't trust that or give me the keys to the White House, All right, So for basic security requirements were gonna identify users
01:02
and processes that act on behalf of users or devices. And one of the things that we've got to realise is the user logs in. You know, the activities of the processes run at the level of the user that's locked in, which is exactly why we don't log in with our administrator accounts. We log in with their garden variety
01:22
user accounts
01:23
right, because we don't want to give process is too much power. And that's where user account control comes in with, like the Windows products. Starting with Vista. You know the attempt. There's two really authenticate the fact that this process it's not a road process but it is running on behalf of a user is intended. Okay,
01:42
so the second point
01:45
authenticate the identity of those users processes or devices as a prerequisite to allowing access right. We don't allow access until you've authenticate,
01:57
and those were the two basic security requirements as defined in relation to identification and authentication.

Up Next

NIST 800-171 Controlled Unclassified Information Course

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor