Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:00
Welcome to Cyber Res Video Siris on the comp. T s security plus 5 +01 Certification and exam. I'm your instructor Round Warner,
00:10
please visit cyber harry dot i t. For more information about the security Plus and other certifications,
00:18
the fourth domain of the Security plus exam is all about identity and access management. For I am
00:25
identity and access management is the security principle that defines the proper authentication Authorization and access to resource is for user's
00:36
section 4.1 requires you to compare and contrast identity and access management concepts.
00:42
It is necessary to understand the process and function of access control, including identification, authentication, authorization and auditing, or I Triple A.
00:55
This part focuses on the four main principles of identity and access management.
01:00
I am concepts selecting appropriate identity and access service solutions,
01:06
implementing identity and access management controls and following account management. Best practices
01:12
in this video will cover logical access controls,
01:15
defining the terms I, a
01:19
multi factor authentication
01:23
federation and Federated Identity,
01:26
single sign on and transitive trust.
01:29
Let's start by defining some of the terms
01:33
identification and authentication
01:36
identification is that first step where you're providing your identity, something to show who you are.
01:42
It's where the subject provides identification information unique to that subject. So my user I deem my account number all should be unique. As I'm providing an identity. Saito, a website,
01:55
or even physically driver's license or passport is an identity.
02:00
The second step is authentication proving my identity, verifying the identification information
02:08
for examples. Past phrase passwords, pins, fingerprints, smart cards, all methods for authentication.
02:17
We'll cover this topic in a little more detail in just a few minutes.
02:23
A couple of other terms you need to be familiar with associated with I am
02:29
authorization and auditing
02:31
authorization. What you're allowed to see or do. It's your permissions. What permissions do you have on the system?
02:38
It's determined it's determining the operation's a subject may perform on an object.
02:46
Then there's auditing or accounting.
02:49
This is reactionary. This is the tracking of who does what when, where, how on the system
02:55
record of events normally captured in logs.
03:00
Be familiar with the definitions of each of these terms. As we move forward with this section,
03:06
there are many methods to prove your identity. To authenticate yourself on the screen, you see five factors first being something you know, such as your pin or password. Second, something you have you own like a smart card, a token identification device,
03:24
a driver's license, for example, or
03:29
even your smartphone.
03:30
Third, something you are
03:34
such as fingerprints,
03:35
eyes, et cetera.
03:37
It could also be something you do
03:39
your action. You take to complete authentication how fast you type, how fast or slow you walk.
03:46
Also part of biometrics.
03:49
The last factor you need to be familiar with is that geographic location where you are. If you're normally signing in from a certain location
03:58
that could be considered a factor,
04:00
keep all of these in mind for the next section.
04:02
When you use on Lee one of those factors it called single factor authentication S F A.
04:10
Traditionally, it's a password. But even now, with many phones, were you just using your fingerprint
04:15
single factor authentication. It's best to combine factors. The more factors you bring together,
04:23
stronger their security
04:25
and that's called multi factor authentication were M F. A.
04:29
May also see this refer to as a T f A or two factor authentication. Were you using two of those factors when you're proving your identity
04:38
by the way, the factor should not be of the same category. So, for example, two passwords
04:44
not considered multi factor authentication because it's both something you know.
04:48
Then there's mutual authentication where each party authenticates each other. Like I could authenticate a website
04:57
by using their certificate. They authenticate me with my user I D and password.
05:01
That's mutual authentication.
05:05
Many of you are familiar with biometrics or type three authentications, something you are.
05:12
It's your fingerprints. Phase voice,
05:16
eyes
05:17
All can be used to prove your identity.
05:21
A challenge with biometrics, though, is the potential for error. For example, the three terms you see on your screen You should be familiar with these for the security plus exam
05:32
F A r false acceptance rate when the system accepts someone, an intruder who should be rejected
05:42
false rejection rate when the system rejects an authorized user. We've all seen this
05:47
when these come together, when they match, it's known as the crossover error rate.
05:53
The image on the screen shows an example. It's a metric for comparing biometric systems, So if you're wondering which one works, better
06:00
check out the crossover air aerator C e. R.
06:03
Be familiar with these biometric error terms. You might see a question on this on the security Plus example,
06:11
Another common term you may see
06:14
is Federated Identity or Federation.
06:16
For example. You want to just sign in once and gain access to multiple resource is in and outside of your organization.
06:25
That's Federated identity to means of linking a person's Elektronik identity and attributes straw stored across multiple distinct identity management systems, taking you and your privileges outside of your own an organization and leveraging those within others.
06:42
So the other organizations Federated your identity from your employer. For example,
06:47
commonplaces. You'll see this is with Google, Facebook country, Amazon and Microsoft.
06:55
You log in using your Google I D. And it's Federated out too many. Other Resource is
07:00
an associated term is single sign on or es eso
07:05
were allows the user to authenticate one time and then access Multitude of resource is in and out of their organization without needing to re authenticate. It's not the same as password synchronization. Sometimes not. A synchronized sign on your password is the same across multiple systems.
07:24
That's where you log in one's can access to many
07:27
sites, and resource is
07:29
the risk. There though, is that if someone finds out your user I d and password to log in to your S S o they are you across all the systems where you have permissions
07:40
or authorization to access
07:43
may also be a single point of failure. That SSO site goes down to be challenging for you to access those other resource is
07:51
we're seeing this more and more across the Internet. So be familiar with this term.
07:58
Transitive trust,
08:00
transitive access.
08:01
Keep in mind the transitive principle you may have learned in school where one party a trust, another party B
08:09
be then trust See So therefore, relationship can exist between A and C.
08:16
This is seen in all versions of active directory.
08:18
The default is that all domains in a forest trust each other
08:24
with two way transitive trust relationships.
08:26
If we can also see a potential risk with a trusting see because they also trust be
08:33
this concludes the lecture portion of section 4.1 comparing and contrasting identity and access management concepts.
08:43
Let's practice on a sample quiz question
08:46
question.
08:46
Which of the following is a term used whenever two or more parties authenticate each other?
08:54
The answer is
08:56
be mutual authentication.
08:58
Refer to the definition mentioned earlier.
09:03
There's also a lab associated with Federated Identity, but you may want to consider doing to help cement the ideas we've covered in this section. Active Directory, Federation Service or a. D. F. S is a Microsoft technology that provides identity Federation that uses claims based authentication.
09:20
Acclaim is basically a statement regarding a user such as the username email address,
09:26
along with other attributes that identify the user to the application and the resource being requested
09:31
in this lab
09:33
to walk through a domain and how to establish Federated Service's
09:39
in this video
09:41
I covered section 4.1 comparing and contrasting identity and access management concepts.
09:46
Please see your study material for more information on this section.

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor