Code Monkey home page Code Monkey logo

identity-and-access-management's Introduction

Identity and Access management (IAAA)

The practice of ensuring that people or objects have the right level of access to assets

  1. Identification
  2. Authentication
  3. Authorization
  4. Accountability

Identification

A way of claiming an identity (The act of indicating someone's or an object's identity)

  • Username
  • SSN

Authentication

Ensuring the claimed identity is valid (Verifying someone's or an object's identity)

Authentication factors

  • Something you know
    • Password
    • PIN
  • Something you have
    • Passport
    • Smartphone
    • Smart Card
    • Token
  • Something you are
    • Fingerprint
    • Facial recognition
    • Iris Scan
  • Somewhere you are
    • IP address
    • MAC Address
  • Something you do
    • Pattern unlock
    • Picture Password

Authorization

Determining if someone or an object has permission to do after their identity is verified

  • Access Control
    • A security technique to protect a system against unauthorized access

Accountability (Auditing)

 The ability to trace an action back to someone or an object

  • Audit logs

Account types

  • User account
    • Used by humans
  • Privileged accounts
    • They have higher-level access privileges (Administrative privileges)
    • Domain Administrator
      • Complete control of the Active Directory (AD) domain
    • Local Administrator
      • Complete control of the local computer in Windows (Not AD)
  • Shared accounts
    • Can be used by multiple individuals or objects
  • Guest accounts
    • Provide limited access or a temporary basis
  • Service accounts
    • They are non-human accounts that used for running processes
      • Webserver
  • Application accounts
    • They are non-human accounts that provide access applications
      • Access to databases

Passwords

A series of characters used for authenticating

  • Shared passwords
    • Credential Stuffing
  • Simple Passwords
    • Password guessing
  • Strong Passwords
    • Password dumps
    • Password cracking
  • Password Managers
    • Account reset
    • Account takeover
  • 2FA
    • Phishing
    • SMS Swapping
    • Device compromise

Access Control

A security technique to protect a system against unauthorized access

Attribute-based Access Control (ABAC)

Access based on attributes

  • User attributes
  • Object attributes
  • Environment conditions

Discretionary Access Control (DAC)

Access based on owner decision - This modal uses an Access Control List (ACL) authorization (ACL is used it to determine who can access resources)

  • The data owner of an organization determines the level of access

Graph-based Access Control (GBAC)

Access based on how data relates to other data

  • Using an organizational query language

History-Based Access Control (HBAC)

Access based on real-time evaluation of a history of activities

  • A user declined access to sensitive info because of past behavior

Identity-Based Access Control (IBAC)

Access is based on the identity of the user (this access is by the individual, not by group)

  • A specific user has access to sensitive information

Mandatory Access Control (MAC)

Access based on regulations by a central authority

  • A user must demonstrate a need for the information before granting access

Role-Based Access Control (RBAC)

Access based on a user role

  • Job title

Rule-Based Access Control (RAC)

Access based on a predefined set of rules or access permissions

  • Allowing access to specific IP

Responsibility-Based Access Control (ReBAC)

Access based on the responsibilities assigned to a user or users

  • Data engineer has access to a backup management interface

id

fee711fd-43d3-40f4-8974-e81e78f4c678

References

identity-and-access-management's People

Contributors

giga-a avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.