Treacherous 12 Part 2: Insufficient Identity, Credential and Access Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Number 2 on our treacherous 12,
00:00
insufficient identity credential,
00:00
>> and access management.
00:00
>> In this lesson, we want to talk about the risk of
00:00
insufficient IAM controls,
00:00
the impact of insufficient IAM controls,
00:00
and maybe the techniques,
00:00
and best practices for reducing
00:00
the risks associated with insufficient IAM controls.
00:00
As you probably have realized,
00:00
it makes sense as number 2,
00:00
because you can't access or leverage anything in
00:00
the Cloud without utilizing an Internet connection.
00:00
Anybody who's accessing a Cloud environment remotely
00:00
has to go through the identification,
00:00
authentication, and authorization process
00:00
in order to do anything in the Cloud.
00:00
That's why having effective controls is essential,
00:00
and also why malicious actors are quick
00:00
to try and steal credentials in the Cloud environment.
00:00
The impact of these vulnerabilities
00:00
>> is really devastating
00:00
>> because it comprises all aspects of
00:00
the STRIDE model that we've covered previously.
00:00
Once an individual's identity is compromised,
00:00
the person impersonating them is really able
00:00
to tamper with
00:00
the underlying Cloud system and infrastructure.
00:00
They may be able to alter or delete data,
00:00
may be able to disclose information by
00:00
accelerating it using the user's credentials,
00:00
and then they also may be able
00:00
>> to compromise the system,
00:00
>> and hamper availability
00:00
through changes to configurations.
00:00
Now, all of that is
00:00
contingent on the controls
00:00
that the organization has in place.
00:00
As we talked about,
00:00
you're going to be accessing
00:00
the Cloud environment over the Internet.
00:00
A proper encryption controls need to be
00:00
put in to protect data in transit to
00:00
ensure that those credentials somebody's using to
00:00
authenticate are not stolen.
00:00
Then when it comes to data that's in the Cloud,
00:00
it's essential that that data,
00:00
and the keys they're used to encrypt and decrypt it
00:00
are well protected to ensure
00:00
that the information will remain confidential.
00:00
That's especially important in a public Cloud contexts.
00:00
Although risks to identity
00:00
and access management are really across
00:00
the board because you're going to need to
00:00
be accessing all of
00:00
these different Cloud services through the Internet.
00:00
Now, a number of different things can be done to
00:00
mitigate or reduce the impact of these compromises.
00:00
First and foremost is training for your users
00:00
so that they aren't using week passwords.
00:00
It's amazing how even highly technical people often
00:00
reuse the same password or
00:00
a weak password for convenience.
00:00
However, this has led to many
00:00
>> large-scale data breaches.
00:00
>> Another thing companies can do
00:00
is really make sure that they
00:00
have effective password management tools in place,
00:00
and enforce multi-factor authentication.
00:00
Even if credentials become compromised,
00:00
if MFA is installed,
00:00
it really prevents the attacker from
00:00
moving forward without
00:00
that other aspect of authentication.
00:00
We've talked about the four different types
00:00
of authentication in past modules.
00:00
Something you know, something you have,
00:00
something you do, and something you are.
00:00
Now, one of the other very important things
00:00
is in order to reduce the impact of
00:00
compromised credentials is to ensure
00:00
that you have effective segregation of
00:00
duties amongst the role
00:00
is in your Cloud-based environment.
00:00
Although the attacker may try to escalate privilege.
00:00
If the amount of
00:00
privilege is really reduced at the bare minimum,
00:00
it will reduce the impact of what
00:00
they're able to do if credentials become compromised.
00:00
Which of the following is the most effective control
00:00
against IAM vulnerabilities?
00:00
Multi-factor authentication,
00:00
biometric authentication, or federated authentication?
00:00
If you said multi-factor
00:00
>> authentication, you're correct.
00:00
>> This really put some more controls,
00:00
and really prevents an attacker
00:00
from compromising credentials nearly
00:00
as easily in Cloud environments.
00:00
Biometric authentication is
00:00
>> more important when it comes
00:00
>> to accessing physical infrastructure.
00:00
It's interesting that biometric authentication as
00:00
often been a point
00:00
of interests among security professionals.
00:00
However, in the age
00:00
where people are working more remotely,
00:00
the need or use of biometric authentication has waned.
00:00
Federated authentication is the practice of
00:00
ensuring that identity and
00:00
access management that they're
00:00
shared trust between organizations.
00:00
Really making sure that you test
00:00
and confirm the strength of
00:00
your federated authentication is
00:00
another important best practice
00:00
when preventing its vulnerabilities like this.
00:00
In summary, we talked about
00:00
the impact of insufficient IAM controls.
00:00
We talked about various methods such as training,
00:00
better use of encryption key rotation, key protection,
00:00
and implementations of multi-factor authentication
00:00
to really try and reduce
00:00
the risk caused by
00:00
threats associated with identity and access management.
00:00
I'll see you in the next lesson.
Up Next