Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 07_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 User Access Management < (AM): Authorization Authorization involves controlling the access of information for an individual (E.g.: A user can only read a file, but not write in it or delete it) = I7 Application Server Application Server Read only Access Control Authorization User System g Application Server Copyright © by k User Access Management L All Rights Reserved. Reproduction is Strictly Prohibited (AM): Authorization (Cont’d) Types of Authorization Systems Centralized Authorization Implicit Authorization v’ Authorization for network access is done using a single v’ Users can access the requested resource on ¥’ It maintains a single database for authorizing all the network resources or applications v The access request goes through a primary resource to access the requested resource v’ Itis an easy and inexpensive authorization approach centralized authorization unit behalf of others 6 = Decentralized Authorization v’ v Each network resource maintains its authorization unit and performs authorization locally It maintains its own database for authorization il I @.. Explicit Authorization 1 \® v Unlike implicit authorization, explicit authorization requires separate authorization for each requested resource v It explicitly maintains authorization for each requested object ) e L Al Rights Reserved. Reproduction is Strictly Prohibited User Access Management (AM): Authorization Authorization refers to the process of providing permission to access the resources or perform an action on the network. s can decide the user privileges and access permissions of users on a multiuser system. The mechanism of authorization can allow the administrator to create access permissions for users as well as verify the access permissions created for each user. Module 04 Page 490 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization ¥, Application Server A e Read-write rrosesecsnsessentsscsnsnnssasaesnsnns " Application Server Read only P SRR A% AR F " Access Control Authorization User System Application Server Figure 4.16: lllustration of an authorization system Authorization can take different forms based on the needs of the organization. = (Centralized Authorization The need for centralized authentication came into existence when it became difficult to implement the authorization process individually for each resource. It uses a central authorization database that allows or denies access to the users and the decision on the access depends on the policies created by the centralized units. This enables an easy authorization for users accessing different platforms. Centralized authorization units are easy to handle and have low costs. A single database provides access to all applications, thereby enabling an efficient security. A centralized database also provides an easy and inexpensive method of adding, modifying, and deleting the applications from the centralized unit. = Decentralized Authorization A decentralized authorization maintains a separate database for each resource. The database contains the details of all users who are permitted to access a particular resource. The decentralized authorization process enables users to provide access to other users as well. This increases the level of flexibility of the users in using the decentralized method. However, certain issues related to the decentralized authorization include cascading and cyclic authorizations. * Implicit Authorization Implicit authorization provides access to the resources indirectly. A task is possible after a user receives authorization for a primary resource through which access to the requested resource is possible. For example, a user requesting a web page has permission to access the main page as well as all pages linked to the main page. Hence, the user is gaining an indirect access to the other links and documents attached to the main page. The implicit authorization provides a level of higher granularity. Module 04 Page 491 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization = Explicit Authorization An explicit authorization maintains separate authorization details for each resource request. This technique is simpler than the implicit technique. However, it takes up a large amount of storage space for storing all authorization details. Module 04 Page 492 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.