Identity and Access Management (IAM) Solutions (OBJ 2.4 & 4.6)
Identity and Access Management (IAM)
- Ensures right individuals have right access to right resources for right reasons
- IAM technologies manage digital identities and access securely
- Components
- Password Management
- Network Access Control
- Digital Identity Management
IAM Processes
- Identification, Authentication, Authorization, and Accounting (IAAA)
- IAM System Processes
- Identification
- Claiming identity, e.g., username, email address
- Authentication
- Verifying user, device, or system identity
- Authorization
- Determining user permissions after authentication
- Accounting/Auditing
- Tracking and recording user activities for the purpose of monitoring or for security reasons
IAM Concepts
- Processes
- Provisioning
- Deprovisioning
- Identity Proofing
- Interoperability
- Attestation
Multi Factor Authentication (MFA)
- Factors
- Something you know
- Something you have
- Something you are
- Something you do
- Somewhere you are
- Implementations
- Biometrics
- Hard tokens
- Soft tokens
- Security keys
- Passkeys
Password Security
- Best Practices
- Password policies
- Password managers
- Passwordless authentication
Password Attacks
- Types
- Spraying Attacks
- Brute Force Attacks
- Dictionary Attacks
- Hybrid Attacks
Single Sign-On (SSO)
- User authentication service using one set of credentials for multiple applications
- Technologies
Federation
- Sharing and using identities across multiple systems or organizations
- Enable users to access different systems with a single set of credentials
Privileged Access Management (PAM)
- Involves the following
- Just-in-Time (JIT) Permissions
- Password Vaulting
- Temporal Accounts
- Gain administrative access to a system
Access Control Models
- Mandatory Access Control
- Discretionary Access Control
- Role-based Access Control
- Rule-based Access Control
- Attribute-based Access Control
Assigning Permissions
- Best practices to enhance organization security