Access Control and Identity Management

Access Control And Identity Management

• Access Control Models:
  • Mandatory Access Control (MAC): Enforces access control through a set of rules based on user identity and resource classification
  • Discretionary Access Control (DAC): Grants access based on user identity and permissions
  • Role-Based Access Control (RBAC): Assigns access based on user roles
  • Attribute-Based Access Control (ABAC): Grants access based on user attributes
• Identity Management:
  • Authentication: Verifies user identity
  • Authorization: Grants access to resources based on user identity
  • Accounting: Tracks and monitors user activity
• Identity Management Protocols:
  • Kerberos: Provides secure authentication using tickets
  • LDAP (Lightweight Directory Access Protocol): Manages and authenticates users and devices
  • RADIUS (Remote Authentication Dial-In User Service): Authenticates and authorizes network access
• Access Control Technologies:
  • Biometric Authentication: Uses unique physical or behavioral characteristics for authentication
  • Smart Cards: Stores user credentials and authentication information
  • Tokens: Generates one-time passwords for authentication

Threats And Vulnerabilities

• Threat Types:
  • Insider Threats: Threats from within an organization
  • External Threats: Threats from outside an organization
  • Advanced Persistent Threats (APTs): Sophisticated and targeted attacks
  • Zero-Day Threats: Exploits previously unknown vulnerabilities
• Vulnerability Types:
  • Network Vulnerabilities: Weaknesses in network infrastructure
  • System Vulnerabilities: Weaknesses in operating systems and applications
  • Application Vulnerabilities: Weaknesses in software applications
  • Human Vulnerabilities: Weaknesses in human behavior and decision-making
• Threat Actors:
  • Hackers: Individuals who exploit vulnerabilities for personal gain or malicious purposes
  • Script Kiddies: Inexperienced hackers who use pre-existing tools and scripts
  • Nation-State Actors: Government-sponsored hackers
  • Organized Crime: Criminal organizations that use hacking for financial gain
• Vulnerability Scanning:
  • Network Vulnerability Scanning: Identifies vulnerabilities in network infrastructure
  • System Vulnerability Scanning: Identifies vulnerabilities in operating systems and applications
  • Application Vulnerability Scanning: Identifies vulnerabilities in software applications

Application Data And Host Security

• Secure Coding Practices:
  • Input Validation: Verifies user input to prevent attacks
  • Error Handling: Handles errors and exceptions securely
  • Secure Data Storage: Protects sensitive data at rest
• Secure Communication Protocols:
  • SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data in transit
  • HTTPS (Hypertext Transfer Protocol Secure): Encrypts web traffic
  • SFTP (Secure File Transfer Protocol): Encrypts file transfers
• Host Security:
  • Host-Based Intrusion Detection Systems (HIDS): Monitors and detects malicious activity on hosts
  • Host-Based Intrusion Prevention Systems (HIPS): Prevents malicious activity on hosts
  • Host Security Baselines: Establishes a secure configuration for hosts
• Data Protection:
  • Data Encryption: Protects data at rest and in transit
  • Data Loss Prevention (DLP): Prevents unauthorized data exfiltration
  • Data Backup and Recovery: Ensures data availability and recoverability

Compliance And Operational Security

• Compliance Regulations:
  • HIPAA (Health Insurance Portability and Accountability Act): Protects sensitive health information
  • PCI-DSS (Payment Card Industry Data Security Standard): Protects sensitive payment card information
  • GDPR (General Data Protection Regulation): Protects sensitive personal data
• Operational Security:
  • Incident Response: Responds to and manages security incidents
  • Disaster Recovery: Ensures business continuity in the event of a disaster
  • Business Continuity Planning: Ensures business continuity in the event of a disaster
• Risk Management:
  • Risk Assessment: Identifies and evaluates potential risks
  • Risk Mitigation: Reduces the likelihood and impact of potential risks
  • Risk Acceptance: Accepts potential risks and implements compensating controls
• Security Policies and Procedures:
  • Security Policy: Outlines the organization's security goals and objectives
  • Security Procedures: Outlines the steps to implement security policies

Network Security

• Network Security Fundamentals:
  • Network Segmentation: Divides a network into smaller, isolated segments
  • Network Access Control (NAC): Restricts network access to authorized devices
  • Network Encryption: Encrypts data in transit
• Network Security Protocols:
  • IPsec (Internet Protocol Security): Encrypts data in transit
  • SSH (Secure Shell): Encrypts remote access to network devices
  • DNSSEC (Domain Name System Security Extensions): Encrypts DNS traffic
• Network Security Devices:
  • Firewalls: Blocks unauthorized access to a network
  • Intrusion Detection Systems (IDS): Monitors and detects malicious activity
  • Intrusion Prevention Systems (IPS): Prevents malicious activity
• Network Security Threats:
  • Malware: Malicious software that damages or exploits a network
  • Denial of Service (DoS) Attacks: Overwhelms a network with traffic
  • Distributed Denial of Service (DDoS) Attacks: Overwhelms a network with traffic from multiple sources

Access Control And Identity Management

• Mandatory Access Control (MAC): Enforces access control through a set of rules based on user identity and resource classification.
• Discretionary Access Control (DAC): Grants access based on user identity and permissions.
• Role-Based Access Control (RBAC): Assigns access based on user roles.
• Attribute-Based Access Control (ABAC): Grants access based on user attributes.
• Authentication: Verifies user identity.
• Authorization: Grants access to resources based on user identity.
• Accounting: Tracks and monitors user activity.
• Kerberos: Provides secure authentication using tickets.
• LDAP (Lightweight Directory Access Protocol): Manages and authenticates users and devices.
• RADIUS (Remote Authentication Dial-In User Service): Authenticates and authorizes network access.
• Biometric Authentication: Uses unique physical or behavioral characteristics for authentication.
• Smart Cards: Stores user credentials and authentication information.
• Tokens: Generates one-time passwords for authentication.

Threats And Vulnerabilities

• Insider Threats: Threats from within an organization.
• External Threats: Threats from outside an organization.
• Advanced Persistent Threats (APTs): Sophisticated and targeted attacks.
• Zero-Day Threats: Exploits previously unknown vulnerabilities.
• Network Vulnerabilities: Weaknesses in network infrastructure.
• System Vulnerabilities: Weaknesses in operating systems and applications.
• Application Vulnerabilities: Weaknesses in software applications.
• Human Vulnerabilities: Weaknesses in human behavior and decision-making.
• Hackers: Individuals who exploit vulnerabilities for personal gain or malicious purposes.
• Script Kiddies: Inexperienced hackers who use pre-existing tools and scripts.
• Nation-State Actors: Government-sponsored hackers.
• Organized Crime: Criminal organizations that use hacking for financial gain.
• Network Vulnerability Scanning: Identifies vulnerabilities in network infrastructure.
• System Vulnerability Scanning: Identifies vulnerabilities in operating systems and applications.
• Application Vulnerability Scanning: Identifies vulnerabilities in software applications.

Application Data And Host Security

• Input Validation: Verifies user input to prevent attacks.
• Error Handling: Handles errors and exceptions securely.
• Secure Data Storage: Protects sensitive data at rest.
• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data in transit.
• HTTPS (Hypertext Transfer Protocol Secure): Encrypts web traffic.
• SFTP (Secure File Transfer Protocol): Encrypts file transfers.
• Host-Based Intrusion Detection Systems (HIDS): Monitors and detects malicious activity on hosts.
• Host-Based Intrusion Prevention Systems (HIPS): Prevents malicious activity on hosts.
• Host Security Baselines: Establishes a secure configuration for hosts.
• Data Encryption: Protects data at rest and in transit.
• Data Loss Prevention (DLP): Prevents unauthorized data exfiltration.
• Data Backup and Recovery: Ensures data availability and recoverability.

Compliance And Operational Security

• HIPAA (Health Insurance Portability and Accountability Act): Protects sensitive health information.
• PCI-DSS (Payment Card Industry Data Security Standard): Protects sensitive payment card information.
• GDPR (General Data Protection Regulation): Protects sensitive personal data.
• Incident Response: Responds to and manages security incidents.
• Disaster Recovery: Ensures business continuity in the event of a disaster.
• Business Continuity Planning: Ensures business continuity in the event of a disaster.

Network Security

• OSI model consists of 7 layers
• TCP/IP model consists of 4 layers
• Network devices include router, switch, hub, and bridge
• Firewalls come in three types: network-based, host-based, and application-based
• Network segmentation can be achieved through VLAN and subnetting
• Network access control includes 802.1X and NAC

Risk Management and Compliance

• Risk assessment involves identifying, analyzing, and prioritizing risks
• Risk mitigation strategies include avoid, transfer, mitigate, and accept
• Security policies include acceptable use, password, and incident response policies
• Compliance frameworks include HIPAA, PCI-DSS, and NIST
• Operational security includes backup, disaster recovery, and incident response

Threats and Vulnerabilities

• Malware types include virus, worm, Trojan, spyware, and ransomware
• Network threats include DoS, DDoS, spoofing, and man-in-the-middle attacks
• Social engineering types include phishing, pretexting, and baiting
• Vulnerability scanning can be network-based or host-based
• Penetration testing types include black box, white box, and gray box
• Vulnerability remediation involves patching and configuration hardening

Application, Data, and Host Security

• Secure coding practices include input validation and error handling
• Secure communication protocols include SSL/TLS and HTTPS
• Data classification includes public, internal, confidential, and top secret categories
• Data protection methods include encryption, access control, and backup
• Host hardening involves disabling unnecessary services and removing unnecessary software
• Host-based intrusion detection systems (HIDS) are used for host security

Access Control and Identity Management

• Access control models include MAC, DAC, and RBAC
• Authentication methods include username/password, biometric, and smart card
• Identity and access management (IAM) systems are used for identity management
• Single sign-on (SSO) and federated identity are used for authentication