1.

Layers of abstraction in computer networking include the following:

1.1 ISO’s Open Systems Interconnected (OSI) model.

1.2 IETFs (Internet Engineering Task Force) layer to the TRANSPORT layer)
1.3 Design Paradigms including data, control and management planes.

CHAPTER_02:ACCESS CONTROLS:

1. Terminology commonly used in Identity and Access Management:

1.1 Entities: Foundation of the identity model.

1.2 Identities: Roles that entities play within an organization.

1.3 Attributes: Characteristics that an entity possesses.

2. Non-Person Entities include:

2.1 Business units.

2.2 Servers.

2.3 Network segments.

2.4 Access groups.

3. Effective Biometric Systems Should Have:

3.1 Easy enrollment.

3.2 Low false acceptance rates.

3.3 Low false rejection rates.

3.4 Low intrusiveness.

4. FINGERPRINT SCANNING IS THE MOST EFFECTIVE BIOMETRIC SCAN:

Fingerprint scanning is not considered intrusive by users and cannot be vulnerable to any
replay attacks.

5. The registration Process is as follows:

5.1 Request: Someone must make a request for a new entity in the system (Hiring manager).
5.2 Approval: Someone must approve the request (Approval authority).

5.3 Identity Proofing: The registration authority must conduct identity proofing and other
checks.

5.4 Issuance: Someone issues the credentials to the individual.

6. Identify Proofing Steps Include The Following:

6.1 Photo identification (multiple forms).

6.2 Fingerprinting.

6.3 Background checks.

7. Authentication Factors:

7.1 Something you know: The most common authentication factor, usually a password,
passphrase or password key.

7.2 Something you are: Known as biometrics.

7.3 Something you have: Smartphone with authentication app or authentication key fob.

8. Cross Error Rate: Administrators tune the systems to have equal FAR and an FRR rates.

9. Multi-Factor Authentication: Using more than one factor of authentication together to

increase the security of confidential information.

E.G. Password (Something you know) and a Smart Card (Something you have).

10. The following is an example of non multi-factor authentication:

Password and security questions (both something you know).

11. The password authentication protocols are:

11. Password Authentication Protocol (PAP): Both the client and the server know the
clients password. All the user does is give the server their username and password and the
server confirms the request. This protocol doesn’t offer encryption to the users data.

11.2 Challenge Handshake Authentication Protocol (CHAP): The user and the server both
know a shared secret but do not share it over the network for security reasons.
HOW CHAP WORKS:

1. Once the link is established the server sends a random link to the client, known as the
challenge value.

2. When the client receives the challenge it combines the challenge value with the secret
value and creates a cryptographic hash of the 2 values (irreversible).

3. The client transmits the hash value back to the server, known as the response.

4. The server receives the response and stores it in memory, it then computes its own hash
value by using the same hash function on the challenge that it sent to the client and the
shared secret they both know.

5. The server then compares the response it computed with the response that it received from
the client, if the 2 match the server knows that the client’s secret is identical to its secret.

Much more secure than PAP.

MS-CHAP and MS-CHAPV2 are both insecure.

12. Federated Identity Management: Takes note that users have different accounts at the
organization, FIM shares identity information. THIS REDUCES THE AMOUNT OF
INDIVIDUAL IDENTITIES A USER MUST HAVE.

13. Single Sign-On (SSO): Asks users to only sign in and authenticate once preventing them
from having to sign in multiple times.

14. Trust characteristics across different authentication domains include the following:

14.1 Direction (one way or two way):

One way trust: In a connection between domain 1 and domain 2 domain 1 will trust domain 2
but domain two will not trust domain 1.

Two way trust: In a connection between domain 1 and domain 2 domain 1 will trust domain 2
and domain 2 will trust domain 1

14.2 Transitivity (transitive or non-transitive):

Transitive Trust: Trust relationships transfer across domains. If domain 1 trusts domain 2
and domain 2 trusts domain 1 domain 1 and 3 will AUTOMATICALLY trust each other without
an administrator making that happen.
Nontransitive Trust: Trust relationships do not transfer across domains. If domain 1 trusts
domain 2 and domain 2 trusts domain 1 domain 1 and 3 DO NOT AUTOMATICALLY trust
each other.

15. More common security zones include:

15.1 Network border firewall: Have 3 different network interfaces because they connect 3
different security zones together including the internet zone, intranet zone and DMZ zone.

15.2 Extranet: Extend intranet to third parties (Through VPN for example for a limited time).

16. Identity and Access Management(IAM) platforms are the foundation of zero-trust
approaches.

17. SIEM and SOAR platforms provide coordinated and sophisticated monitoring that
zero-trust environments require on an everyday basis:

17.1 Security Information and Event Management (SIEM): Aggregate log entries received
from a wide variety of security components and correlate those records to identify suspicious
activity.

17.2 Security Orchestration Automation and Response(SOAR): Allowing cybersecurity

teams to program responses to potential security incidents through the use of automated
incident response playbooks.

18. Cloud Access Security Brokers(CASBs): Enforce security policies in the cloud making
the process easier for the organization to protect its information in the cloud.

19. Endpoint Detection and Response(EDR): EDR continuously monitors endpoints to

detect and respond to cyber threats.

20. Security Assertion Markup Language(SAML): Allows single sing-on(SSO) within a

web browser across a variety of systems.

21. There are 3 actors in a SAML request:

21.1 Principal: End User(Wants to use a web-based service) known as the PRINCIPAL.

21.2 Identity (provider): Organization providing the proof of identity.

21.3 (Service)Provider: Web-based service that the user wishes to access.

22. Benefits of SAML:

22.1 True SSO experience for the end user.

22.2 No credential access for the service providers.

23. Oauth: Organization protocol. “Auth” in Oath means authorization. Clarify permissions
for one service to access another.

24. OpenID Connect: Authentication protocol that works with oauth. Identity and
authentication provider that helps users prove their identities to other services. USED ON
THE WEB FOR AUTHENTICATION.

25. Key-based authentication:

25.1 Connection request(user).

25.2 Random challenge message(server).

25.3 Challenge encrypted with private key(user).

25.4 Connection authenticated(server).

26. Certificate Authentication uses:

26.1 SSH connections.

26.2 Smart cards: Common Access Card(CAC). Personal Identity Verification(PIV).

26.3 Network access(802.1x): IEEE standard for network authentication.

27. Account Management Life Cycle:

27.1 Provisioning: The process of granting new users access to systems, ensuring they
have correct entitlements.

27.2 Modifying Roles: Modifying roles when user changes job or requires new access.

27.3 Modifying Permissions: Reviewing access on a regular basis and removing access
following the process of recertification.

27.4 Deprovisioning: Removing the access of terminated users completing a lifecycle.

28. Group Policy Object(GPO): Applies configuration settings to users and computers.

29. COMPLEX PASSWORDS SHOULD BE ALLOWED BUT ARE NOT REQUIRED!

30. Normal password expiration policies require that passwords be changed(expire) every 90
days.

31. NIST RECOMMENDS PASSWORDS SHOULD NOT EXPIRE!

32. Lockout Policy: Locks out accounts after many incorrect login attempts.

33. Disablement: Disable unused accounts.

34. Windows Security Group: Implements role-based security.

35. Roles remove the need for shared, generic accounts.

36. Account monitoring issues include:

36.1 Inaccurate Permission: Blocks work and/or violates least privilege. A result of privilege
creep.

37. User Account Audits include:

37.1 Pull a listing of account permissions.

37.2 Review with managers.

37.3 Make necessary adjustments.

37.4 Prioritize review of users with job changes.

38. Attestation: Formal approval of user privileges.

39. Unauthorized Use: Illegitimate actions by legitimate users.

40. The solution to unauthorized use of permissions is continuous account monitoring:

40.1 Watch for suspicious activity.

40.2 Alert administrators to anomalies.

41. Access Policy Violations include the following:

41.1 Impossible travel time logins.

41.2 Unusual network location logins.

41.3 Unusual time-of-day logins.

41.4 Deviations from normal behavior.

41.5 Deviations in volume of data transferred.

42. Geotagging: Tags logs with user location.

43. Geofencing: Alerts administrators to devices leaving defined boundaries.

44. Provisioning and deprovisioning accounts is a crucial identity and access management
task.

45. The provisioning and deprovisioning processes:

45.1 Provisioning: After onboarding, administrators create authentication credentials and

grant appropriate authorization.

45.2 Deprovisioning: During the offboarding process, administrators disable accounts and
revoke authorizations at the appropriate time.

46. PROMPT TERMINATION IS CRUCIAL after user leaves organization!

47. Organization should have processes for the following types of workflow:

47.1 Routine workflow: When a user leaves the organization or is retiring there should be a
scheduled basis for planned departures.

47.2 Emergency Workflow: Immediately suspends access when a user is unexpectedly

terminated.
48. Account Reviews: Regular account reviews limit privilege creep.

49. BE ABLE TO IDENTIFY LEAST PRIVILEGE AND SEPARATION OF DUTIES ISSUES

INA SCENARIO!

50. Mandatory Access Control(MAC): Access control system where the operating system
restricts authorization based on labels. Users are not permitted to modify those
authorizations. MAC is a rule-based access control.

51. Security Enhanced Linux(SELinux) provide MAC functionality.

52. Discretionary Access Control(DAC): Access control system where permissions may be
set by the owners of files, computers and other resources. MOST COMMON FORM OF
ACCESS CONTROL.

53. Windows NTFS: NTFS permissions are an example of a discretionary access control
system.

54. NTFS Permissions:

54.1 Full Control: Grants complete authority over a resource.

54.2 Read: Allows the user to read a file.

54.3 Read and Execute: Allows the user to execute an application.

54.4 Write: Allows the user to create files and modify their contents.

54.5 Modify: Adds the ability to delete files and includes read and execute permissions.

55. Implicit Deny: Any action which is not explicitly allowed must be denied. E.g. Firewalls.

56. THE DEFAULT DENY PRINCIPLE IS A CRUCIAL CONCEPT FOR THE EXAM
(ESPECIALLY FOR FIREWALLS)!

57. Role-Based Access Control(RBAC): In role-based access control systems, permissions

are grouped together into functional roles and users are assigned to those roles.
58. Attribute-Based Access Control(ABAC): In ABAC systems administrators make access
control decisions based upon the characteristics of the user, object and environment. MORE
GENERALIZED ACCESS CONTROL THAN RBAC.

59. Location-Based Access Control: Limit access based on geographic location.

60. Time-of-Day-Restrictions: Limit access based on login time.