Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 08_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Gouncil
Tags
Full Transcript
Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 User Access Management (AM): Accounting QO Accounting is a method of keeping track of user actions on the network. It keeps track of who, when, and how the users access the network QO It helps in identif...
Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 User Access Management (AM): Accounting QO Accounting is a method of keeping track of user actions on the network. It keeps track of who, when, and how the users access the network QO It helps in identifying authorized and unauthorized actions QOO The account data can be used for trend analysis, data breach detection, forensics investigations, etc. (What rights do you have?) User Access Management (AM): Accounting User accounting involves tracking the actions performed by a user on a network. It keeps track of who, when, and how the users access the network. This includes verifying the files accessed by the user and functions such as alteration or modification of the files or data. It helps in identifying authorized and unauthorized actions. The account data can be used for trend analysis, data breach detection, forensics investigations, etc. » Q Authentication » ‘ @ “ (Who are you?) Authorization » | a Identity (What rights do you have?) » Efi fi Object Object Figure 4.17: User Accounting Module 04 Page 493 EC-Gouncil Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Account Types e User Accounts Guest Accounts = = * Default accounts of operating systems = * and manipulating files services to communicate with the operating system Do not have any privileges to and run programs modify system files, directories, or settings Administrator/Root Accounts o Domain or local accounts that allow applications or system resources applications/programs and creating = Service Accounts passwords, created to share Run with the least privileges, with permissions such as running o @ Least privileged accounts without. N Ha.svadmmlstratlve privileges based on the application requirement Privileged Accounts Privileged accounts that can perform = various system-level functions such Have administrative control over one or several systems as install and uninstall applications or system software and modify system-level settings = Permitted to access any resources in the system, configure drivers, add/discard applications from service, etc. Copyright © by | L All Rights Reserved. Reproductionis Strictly Prohibited Shared/Generic Accounts = (Credentials are shared among multiple users = Typically used when the network is divided and needs individual centralized units for network management Application Accounts * Used by applications to interact with databases and execute batch scripts * Have wide access to the data stored in the organization’s database Group-based Account = (Created to simplify the process of allocating access rights to individual users = Asingle user can be a participant in several groups and can have permissions from all the participating groups Third-party Accounts = Used by enterprises to handle cloud applications or other third-party services = Set up with a cryptographic key or password-based authentication to use hosts through APIs or SSH Copyright © by | L All Rights Reserved. Reproductionis Strictly Prohibited Account Types Organizations use different types of privileged accounts for managing systems, applications, and networks. Privileged accounts may be assigned to system or network engineers, network devices, and services. These accounts can be primary targets for attackers because they have elevated access to critical assets. Improper management or misuse of these accounts cause invite significant threats to the entire business infrastructure. Module 04 Page 494 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization The following are common account types generally found in every organization. User accounts: User accounts are the default accounts of operating systems (OSes). User accounts permit individuals to log into the system and access resources. Initially, the system can be accessed by a single account that an administrator creates during the OS installation. These accounts run with the least privileges, with permissions such as running applications/programs and creating and manipulating files that belong to their profile. Guest accounts: Guest accounts are least privileged accounts and have no password; they are created to share system resources. These accounts do not have any privileges to modify system files, directories, or settings. Windows automatically configures guest accounts, but they can be enabled or disabled based on preferences. In Linux-based systems, an administrator is required to manually create a guest account after installing the OS. Most web services have default guest accounts that allow users to access web servers without providing credentials. Service accounts: Service accounts, referred to as domain or local accounts, allow applications or services to communicate with the OS and run programs or services. Service accounts may also have administrative privileges based on the application requirement or purpose they are intended to serve. Windows has three types of services: system, local, and network services. System services run with higher privileges compared to other accounts. These services use a local system account to start the OS and will have complete privileges on the running system. Local and network services run with the same privileges as a standard user and are allowed to access only network resources. Linux also creates service accounts while installing web servers and applications. Administrator/root accounts: These accounts are privileged accounts that can perform various system-level functions such as installing and uninstalling applications or system software; modifying system-level settings; and reading, modifying, or deleting any file on the system. It is recommended to create a small number of such accounts with elevated privileges to perform administrative activities and access the components of the file system. In general, it is difficult to remove default administrator accounts, which are created by the application or OS during its installation. The default account can have all the permissions enabled. These accounts are also known as superuser accounts. They are called administrator accounts in Windows environments and root accounts in Linux environments. Privileged accounts: Privileged accounts are granted administrative control over one or several systems. These accounts are permitted to access any resources in the system, configure or run drivers, add/discard applications from services, and make configuration changes. Typically, few accounts will have this type of elevated privileges to manage the system, network, or applications. Shared/generic accounts: In shared accounts, the login credentials are shared among multiple users. This approach is typically used when the network is divided and needs Module 04 Page 495 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization individual centralized units for network management. Shared accounts can violate the non-repudiation mechanism; further, they can make the task of maintaining accurate audit trails challenging. If an organization’s password policy requires frequent password changes, then a password change needs to be intimated to every user having access to a shared account, which is a challenging task and may lead to many security risks. Shared accounts are not considered a best security practice because there is high probability of their credentials being compromised. = Application accounts: Application accounts are used by applications to interact with databases, execute batch scripts, and allow access to other applications. These accounts have wide access to the data or information stored in the organization’s database. If the credentials for these accounts are integrated and saved in unencrypted files, may pose a severe threat to the organization. = Group-based accounts: Group-based accounts are created to simplify the process of allocating access rights to individual users. Instead of providing rights directly, the owner of the system allocates them to individual group accounts. The rights are then reflected for all the group members. A single user can be a member of several groups; they can acquire permissions and access rights from all those groups. * Third-party accounts: Third-party credentials are used by enterprises to handle cloud applications or other services provided by third-party vendors. Along with administrative sign-ins, third-party services or devices should be set up with a cryptographic key or password-based authentication to use hosts through APIs or SSH. Inefficient handling of these keys or passwords, such as their insertion in code in an unencrypted form, can cause several security breaches. Module 04 Page 496 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.