all right. Now, the next way, we're gonna protect our network and our information in our environment is we're going to be very restrictive of who gets access to that environment, and that's where identity and access management comes in.
So with identity and access management, it's all about who gets an account in our environment,
how that account is created,
how the user's then gonna take that account information, identify themselves to a system. They're gonna prove that information,
and then they're gonna be authorized to access certain features
Um then, of course, users are audited, they're held accountable, and then our accounts are ultimately gonna be de provisioned. So this is identity and access management. Again, we don't really need to get in depth. But the first stage identity proofing before I'd ever let you on my network
your identity. Show me your driver's license, your social Security card. Think about all the things you have to do before getting hired with the company. And then once you're hired, before you'd ever get an account, right? So you're going through the phase of identity proofing your proof. You're providing proof of your identity
now, once I believe that I'm going to create an account for you.
That's the provisioning peace. It would be great if we automatically provisioned accounts. So, for instance, when you come on board nine or your information into our HR database would be great if that information was pulled over to active directory and you were automatically created an account based on what we enter
right, that makes it very, very smooth for administrators.
Once you have your account as a user, when you attempt to access a resource, you go through the eye triple a identification, authentication, authorization and auditing.
So identification. You make a claim, your user name and account number and I p address a Mac address. However you make your claim, but it claim it's no good cause claims air very easily spoofed right. I mean, I can claim to be administrator. That doesn't mean I am.
So we have to provide proof and that's authentication. So identification Make a claim authentication. Prove it,
and we authenticate with something. I know
So I know a password.
I am Kelly Hander hand based on my biometrics right thumb print, retina scan, hand geometry, whatever
the best and strongest authentication is multi factor.
Not multiple things, but a combination of types. So it's something I know in a something I have
something I have and something I am
something I am something I know. So like a driver's license and passport that would not be multi factor. They're both something I have,
but a retina scan in depend.
That's multi factor.
All right, now, once you've proven your identity, your then authorized based on who you are, So authorization is all about getting your rights and permissions assigned to you.
when we create an account, when we're crate creating accounts that are based on you as an individual or me as an individual, so I'm Kelly Hander hand I get the account
que handwriting, right.
Um, the problem with that in an environment is the longer I'm in the company and the moron move from department to department or within the organization.
What tends to happen is I accumulate rights and permissions. We sometimes call that privilege creep.
So with identity based accounts, you know when you move, you just tend to keep and continue to accumulate, so role based access control is a really is A is a better way to control what users are authorized to do.
So instead of Kelly Hander Han, I'm granted access to an account called Trainer one.
Um, when I'm done being trainer. Wanna move to sales? I'm given sales one
that way. My permissions from before don't follow me. And I'll tell you on the exam. There is a big preference placed on role based access control because it really can limit privilege creep in abusive privileges.
All right, so identify Kelly H. I prove it. Here's my thumbprint. My password, I'm authorized to gain certain resource is and then auditing or accountability just simply means that actions that happen can be traced to an individual.
And then all good things must come to an end. At that point in time, perhaps when I leave the organization, my account would be de provisions