2 cissp ® Official Study Guide Eighth Edition

Understand the difference between identification and authentication

Download 19,3 Mb. Pdf ko'rish bet 580/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• Understand the difference between authorization and accountability.
• Understand the details of the primary authentication factors.
• Understand single sign-on.

Understand the difference between identification and authentication. Access controls  depend on effective identification and authentication, so it’s important to understand the  differences between them. Subjects claim an identity, and identification can be as simple as  a username for a user. Subjects prove their identity by providing authentication credentials  such as the matching password for a username. Understand the difference between authorization and accountability. After authenticat- ing subjects, systems authorize access to objects based on their proven identity. Auditing  logs and audit trails record events including the identity of the subject that performed an  action. The combination of effective identification, authentication, and auditing provides  accountability. Understand the details of the primary authentication factors. The three primary fac- tors of authentication are something you know (such as a password or PIN), something  you have (such as a smartcard or token), and something you are (based on biometrics).  Multifactor authentication includes two or more authentication factors, and using it is more  secure than using a single authentication factor. Passwords are the weakest form of authen- tication, but password policies help increase their security by enforcing complexity and history requirements. Smartcards include microprocessors and cryptographic certificates,  and tokens create onetime passwords. Biometric methods identify users based on charac- teristics such as fingerprints. The crossover error rate identifies the accuracy of a biometric  method. It shows where the false rejection rate is equal to the false acceptance rate. Understand single sign-on. Single sign-on (SSO) is a mechanism that allows subjects to  authenticate once and access multiple objects without authenticating again. Kerberos is the  most common SSO method used within organizations, and it uses symmetric cryptography  and tickets to prove identification and provide authentication. When multiple organizations  want to use a common SSO system, they often use a federated identity management system,  where the federation, or group of organizations, agrees on a common method of authenti- cation. Security Assertion Markup Language (SAML) is commonly used to share federated  identity information. Other SSO methods are scripted access, SESAME, and KryptoKnight.  OAuth and OpenID are two newer SSO technologies used on the internet. OAuth 2.0 is  recommended over OAuth 1.0 by many large organizations such as Google. Download 19,3 Mb. Do'stlaringiz bilan baham: