Welcome back. A cyber. Very IittIe. My name is just Lingam. We'll be covering module 10 today. Cloud Plus we'll be covering security and recovery. First thing we have on the unit overview is access, control, information, security. Never security, high availability and recovery
for access control. We're gonna be covering authentications. Single sign on federation. Where else going becoming role based mandatory and describe it. Terry, Access control. First thing we have is a vindication. Authentication. There's three parts of vindication. Something you have something you know, something you are
never It comes to authentication. Something you have will be a device or a car that you have that you use the log onto a server or log onto a network. Something you know is something that you know in your head is something that you're able to provide
and something you are. It has to do with biometrics. It could be a fingerprint retina. Whenever it comes to authentication, you have factors. Whenever you authenticate, you can either have single fact earth indication, which would be a username and password.
Two factor authentication, which would be a smart card or a token and then a password or a pan associated with that,
and then three factor authentication would use all three
whenever. If somebody has a user name, password and a card that's still two. Factor authentication to facts. Vindication because two of those or something, you know that one of them is something you have.
If you throw in a fingerprint scanner so you have a fingerprint scanner and a pin that's still two factor authentication something you are. There's something you know.
But if you have a token, a USB chip or a card, and you use that to law again with a pan,
and you also have a fingerprint scan or a retina scanner, that's three factor authentication. Single sign on single Sign on is where you have your able to log into one server, and then you're able to access many servers with it. When have you log into Google? You're able to access your G plus on top of G plus. You're able to access your
your Gmail and then your G Dr also so single sign on lets you log into one, but then access many things Gmail, G Drive and G Plus. They're not on the same server. Their own different servers. They might not even be in the same location when might be in Seattle, Chicago, Washington, DC Atlanta. But because a single sign on
you're able to log into one and then access all these service within that company
but for Federation Federation is very similar to single sign on. However, with federation, it allows you to have a share trust with another company. For instance, you are going to Google. You're able to access YouTube. You're able to access Facebook. You're able to access other
companies. Other organizations
with the credentials that you provided to one
you can. If you notice you're able to log into some sites with, say, your Facebook account or you ever lock in with your G plus account and so on so forth. This is what Federation ISS This is what federation allows you to do a lot. Going to many organizations with one user name and password keeps everything simple.
But one drawback of that ISS. If somebody knows one of your accounts, user name and password, well, then they're able to log into all your accounts. You gotta remember that whenever it comes to
federation and single sign on
roll base, access control R B A C row Base access control is mainly using L doubt functions now that functions like
it is where you have permission is granted
for user's or groups and active directory. If anybody's ever mess with that, you know that you put yourself inside of a group. When you put yourself inside of a group, you're able to access whatever that group as permissions for.
For example, you're part of the accounting department being part of the accounting department, you're able to access files and folders that are offered with the accounting department.
You're part of the business department. You ever out access 1000 voters that are with business. But you're not able to access what accounting cast because you're part of the business group on Lee.
That's where roll base access control takes effect and mandatory access control it's for missions are determined by policy. The policies will be things like local group policies or GPO's that you're able to access these falls of voters because the policy says that you can, that says that you're a group can or that
you, as an individual, can
most of time. These air, enforced by the operating system itself. Policies have been around since early nineties, and they allow people to get onto a computer and access what they need. The reason why you can log into your account and access files and photos on your account is because of the policies.
But whenever your significant other or somebody else that shares a computer that you share
logs into that local computer, you're not able to access their information just like how they're not able to access your information. It's all because of mandatory access control. The next one is describing Terry access. It's true.
This one is determined by the user itself by the owner that you say on Lee, I can access this follow photo that nobody else can access that follow folder. The owner is the person that manages the permissions for this access control. It is not controlled by the operating system. It's not controlled by policies or it's not controlled by groups
is controlled by the owner itself. These air called access control list. It is just a list of who has access
to the resource is information, security, information, security. We have encryption, symmetric and asymmetric. We also have common ciphers that we're gonna talk about that appear in the cloud. Symmetric encryption allows people to encrypt files or folders, so that way only they could see it if they have the key.
A program that does this most of time is PGP,
and PGP is a program that lets you create tokens and then assign them to files and folders. So that way, you who owns the key is able to encrypt it or not.
Symmetric encryption has one key,
and that one key is what encrypts it and decrypt. Sit outside. It's much encryption you have asymmetric and asymmetric is two keys. You have a private and a public. Your public is what what is given to the people
out in the cloud. But your private is what you keep. Your private is usually save on your PC saved on it a cat, a common access card or it saved on a thumb drive, a particular type of token that you can purchase online
with asymmetric encryption. The two keys one encrypts it, the other one decrypt sit. If one decrypt it, then the other one will encrypt it.
You can't use the exact same key to encrypt it or decrypt it.
When have you use asymmetric, your encrypting a file with your private key? You're sending it out to somebody, and then they decrypt it with their with the public key from your private key that is offered to them
most of time. This key has offered through a gal
a global address list common ciphers. The common stock is that you have is A S Dez and RC four A s is pretty much the lead. Whenever it comes to encryption
it offers. It's mainly offered with WiFi,
and it has 256 bit encryption. There are three types of WiFi that you have. Debbie P W p a W p A to
a s is the encryption that goes on top of Debbie P. A. To it can be used with W P. A.
But most of time it's used with W p. A. To
the next you have is Dez.
With this. There are three different types of For that you have Dez. Two days and three days with Dez is a 56 bit encryption. Three days it's 56 plus 56 plus 56 which makes up a total of 168
with three days, it encrypts it once, and then it reverse, encrypts it and then encrypted again. So therefore, it is completely encrypted into 168 3 days. And as are a hash algorithms and hash, all that really means is that it's going to be encrypted, and it's never meant to be de encrypted.
Most Loggins are done with the hash algorithms whenever it comes to
L. Dap were active Directory RC four. RC four is a wife. I'm Christian that's offered with Debbie P and W. P. A. It's on offer with W P A to,
but it is used for Radius. Which radio says you just were authentication
and it is 100 28 bit encryption, but it's old. People can crack that fairly easily.
You can Google videos and people cracking and less in a minute