Hello and welcome back to Sai Berries. 2019 Comp Tier Security plus certification Preparation Course We're going continue our discussion off marginal before which in fact, is the bane for and the top of discussion will be identity and access management.
Before we get going, let's take a look at a pre assessment quiz and the question reads as follows US and letting authentication method
for your company service. You're looking for method that Irakli re authenticates client to prevent session hijacking.
Would your father would be your best choice? Is that a PAP?
or the see chap? Or is it d
if you said let to see you? Absolutely correct. Correct answer would be challenged. Hand shake authentication protocol A champ Pure Alpha Has the client re authenticates? This is transparent to use but specifically is done to prevent session hijacking
As mentioned earlier, we begin in a brand new objective which is 4.2, with simply states given a scenario and stolen configured entity in access services here again on some topics which encompasses this particular objective. First of all, we begin by taking a look at lightweight directory
Terminal Access Control, Access Control System plus
Challenge Handshake, Authentication Protocol or CHAP,
Password, Authentication Protocol or PAP,
Microsoft Challenge Handshake Authentication Protocol or M s. Chap
Remote, a dedication, dahling User Service or radius
Security Assertion, Markup language,
and lastly, open authorization.
Let's not turn our teacher toward defining or exactly explaining what is lightweight directory access protocol or air damp.
Now, air depth is a centralized, every restored in a database that stores information about users and other objects and is typically used as an access control type system.
Now, many older, they use a centralized directory stored in a database that stored the favorite about the using an object. What example will be the lightweight directory access protocol?
So what is curveballs? That parables is a single sign authentication who was developed between 1983 1991. The protocol gets its name from the three headed dog or curveballs that guarded the gates of Haiti's and Greek mythology.
Terribles is a network protocol that uses a secret key cryptography to authenticate client server applications.
Curveballs request an encrypted ticket via what we call an authentication service sequence to the use the service, in other words, that used that service. So in this case, pass was never sent across the network, and regards to the curb owes protocol.
Here's some key points. I want to take away
that. Probably win which attacker would tip to compromise your curveballs. Infrastructure would be to attack the curb a server,
the attack. It may also explore outdated software in your infrastructure on the methods of attacking you. Curveballs and prescription include replay attacks and password guessing type attacks.
This brings us to terminate access control,
terminal access, control, access control system. Now, this system and Cripps, all authentication information not just the path were as radius does.
So this is a basic get again just to reiterate
tackiness. Basic encrypts, all inthe dedication information. Not just the password.
This is one of the authentication protocol used over point to point protocol
Challenge hands chance handshake, authentication protocol Basic. What it does. Encrypts a user name and password and perform the indication using a challenge response dialogue that cannot be replayed
path would authentication or pap.
Basically it transmits your user name and password in clear text and it all for us, no form of encryption. So it's one of the reasons would not use this type of dedication protocol because your information going over the air in clear text.
We have the Microsoft Challenge Hands Take a medication protocol
basic at Mica's our challenge Handshake authentication protocol was introduced with Windows 2000 machines. This protocol allows as laws for as much stronger open option than the chap does.
Remote authentication, dialing service or radius. Basically, it use eyes. A centralized authentication for your moat connections is typically used when an older that had more than one remote access server a user can connected any network access server, which *** passes that user credentials onto the radius server. Fourth Indication
authorization as well as accounting.
We have security assertion, markup language. Basically, it's extendable markup language, or XML based data format used for your single sign on on the Internet.
For the principle of presidents typically using that lost in the system if necessary, they used might request of personal identity from the identity founder
in terms of dealing, provided a dinner provided Critz, it maintains, imagined any information for the principal.
Your service provider is the entity that provides a service to the present. For example, a bank instance that host different banking services. Esti service provider.
This brings us to the open i d. Connect
basic. This is authentication layer that uses again the zero
what we call 2.0, framework.
The open I. D Connect provides decentralized authentication. Allow your users to log into multiple unrelated websites with one set off credentials.
Then that's what we have implies. The open authentication of the words is an open standard used for access delegation.
Basically, it also is the latest version of this off. The open authentication is a 2.0. It is supported by many online service providers nowadays.
Continuing discussion of projective 4.2 with simply states given a scenario and stole look and figure identity and access services. Surprising enough, we have some brand new sub categories which encompass this particular objective. We begin by first taking a look at the term call
The next item will be secure token
and last night's unusal, which new technology land manja often time refer to as in T l m.
So without further ado, let's begin by taking a look at the concept shibboleth Now Shibboleth is a free, open standards software package that's used for single sign on and federation between and within organization,
the software's owned and managed by the International Shibboleth Consortium.
Then we have a secure token.
A security token is a physical device used for authentication, either in addition to or in place off passwords. Example of a secure token includes a Wallace key card or USB device. Some token store, cryptic graphical keys. Such a digital signatures,
biometric data such as fingerprint details or your passwords.
This brings us to new technology. Land Manager is a sweet off Microsoft security protocols that provides authentication, integrity and confidentiality users.
The new technology Lan Manager Protocols, which is an improvement in the security support provider, which combines the Land Manager authentication protocol.
This brings us to our post assessment quiz,
and it reads as follows.
You work for Social Media Website.
You wish to integrate your user account with other well, resource is to do so, you need to allow authentication to be used across different domains without exposing your user password to these other services. Would you have followed would be the most helpful in a conference and this go what you used parables.
What you use be what you use open on occasion or open i d.
If you select that, see you absolutely correct. It's called open authorization.
This is an open standard for token based authentication and authorization on the Internet and allows and in use the information to be used by third party services without exposing the user's password.
Let's not turn our teacher toward discussing our key takeaways from this particular video presentation, and they are as follows. We learned that Microsoft chuckles hand shake. A dedication protocol was introduced with Windows 2000 machines. This protocol allows for a much stronger security option, then chop.
We also learned that a security token is a physical device used for dedication, either in addition to or in place of a pass work.
We also learned that the anti land manager is a suite of Microsoft security protocols that provides a dedication, integrity and company jelly to users.
We also learned a similar is a free and open standards software Pakistan's used for single sign on and federation between and within organizations.
Additionally, we learned in a remote authentication dialing user service or radius provides centralized authentication for your remote connections.
In our upcoming video, we continue our discussion off the main number four by taking a look at a brand new learning objective, which simply states 4.3. Given a scenario, implement identity and access management controls again. I look forward to seeing, you know, very Let's