iT邦幫忙

2025 iThome 鐵人賽

DAY 19
0
Security

30 工挑戰 CompTIA Security SY0—701系列 第 19

Day 19 Implement and maintain identity and access management(IAM)

  • 分享至 

  • xImage
  •  

1. Provisioning User Accouts

Provisioning 是根據使用者的工作角色建立、管理佮設定使用者提取組織資源的權限。這个過程包括建立使用者的 identities、分配 privileges 佮分配資源。

Active Directory(Directory Services)
在公司的環境下 Identity management 會使用一个 directory database。
Microsoft 的 Active Directory 使用 "Lightweight Directory Access Protocol(LDAP) 管理伊的 objects

New User Accounts

Kerberos
提供 single sign-on(SSO) authentication,使用者毋免 koh 在 log in 一遍 chiah 會用得使用其他資源。

Linux

useradd alicedoe

使用者口座資訊囥佇兩个所在:/etc/passed 佮 /etc/shadow

2. Deprovisioning User Accounts

3. Permission Assignments and Implications

  • Group-based authentication
  • context-aware authentication
    考慮傳統 authentication 以外因素:
    • Location
    • Time
    • Device
    • Network
    • Biometrics

4. Identity Proofing

5. Federation

6. Single Sign-On(SSO)

三種使用 SSO 的 authentication types:

  • Kerberos authentication
  • Open Authorization(OAuth)
  • Security Assertions Markup Language(SAML)

7. Interoperability

8. Attestation

  • Certificates
  • Tokens
  • Federation
  • Microsoft's Active Directory

9. Access Controls

  • Mandatory Access Control(MAC)
  • Role-Based Access Controls(RBAC)
  • Attribute-Based Access Control(ABAC)
  • Discretionary-Based Access Control(DAC)
  • Time-of-Day Restrictions
  • Least Privilege

10. Multi-Factor Authentication(MFA)

  • Biometric Authentication

    • Fingerprint scanner
    • Retina scanner
    • Iris scanner
    • Voice recognition
    • Facial recognition
    • Vein pattern recognition
    • Gait analysis

    Biometric 系統會柱著的錯誤:

    • False Acceptance Rate(FAR)
    • False Rejection Rate(FRR)
    • Crossover Error Rate(CER)
  • Hard Authentication
    各種形式的 Hard Authentication 技術:

    • Smart cards
    • Fobs
    • Security keys
    • Secure Shell(SSH) keys
  • Soft Authentication

    • One-Time Password(OTP)
    • Biometric authentication
    • Knowledge-Based Authenticaton(KBA)
  • Factors of Authentication

    • Something you know
    • Something you have
    • Something you are
    • Something you do
    • Somewhere you are
  • Tokens

    • RSA SecureID
    • Google Authenticator

11. Password Concepts

  • Password length
  • Password complexity
  • Password reuse
  • Password expiry
  • Password age
    • Minimum password age
    • Maxmum password age
  • Account lockout

12. Password Managers

13. Passwordless

14. privileged Access Management(PAM)

PAM Tools

  • JIT permissions
  • Password vaulting
  • Ephemeral credentials

上一篇
Day 18 Modifying enterprise capabilities to enhance security
系列文
30 工挑戰 CompTIA Security SY0—70119
圖片
  熱門推薦
圖片
{{ item.channelVendor }} | {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言