2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet565/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   561   562   563   564   565   566   567   568   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Single Sign-On
Single sign-on (SSO)
is a centralized access control technique that allows a subject to be 
authenticated once on a system and to access multiple resources without authenticating 
again. For example, users can authenticate once on a network and then access resources 
throughout the network without being prompted to authenticate again.
SSO is very convenient for users, but it also increases security. When users have to 
remember multiple usernames and passwords, they often resort to writing them down, ulti-
mately weakening security. Users are less likely to write down a single password. SSO also 
eases administration by reducing the number of accounts required for a subject.
The primary disadvantage to SSO is that once an account is compromised, an attacker 
gains unrestricted access to all of the authorized resources. However, most SSO systems 
include methods to protect user credentials. The following sections discuss several common 
SSO mechanisms.
LDAP and Centralized Access Control
Within a single organization, a centralized access control system is often used. For 
example, a 
directory service
is a centralized database that includes information about 
subjects and objects. Many directory services are based on the Lightweight Directory 
Access Protocol (LDAP). For example, the Microsoft Active Directory Domain Services is 
LDAP-based.
You can think of an LDAP directory as a telephone directory for network services and 
assets. Users, clients, and processes can search the directory service to find where a desired 

Implementing Identity Management 
603
system or resource resides. Subjects must authenticate to the directory service before per-
forming queries and lookup activities. Even after authentication, the directory service will 
reveal only certain information to a subject, based on that subject’s assigned privileges. 
Multiple domains and trusts are commonly used in access control systems. A security 
domain is a collection of subjects and objects that share a common security policy, and 
individual domains can operate separately from other domains.
Trusts
are established 
between the domains to create a security bridge and allow users from one domain to access 
resources in another domain. Trusts can be one-way only, or they can be two-way.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   561   562   563   564   565   566   567   568   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish