Wednesday, September 10, 2014

Chapter 3: Identity Management

 A. What is Identity Management?
  • Identity management is just a broad term to describe the different products that identify, authenticate, and authorize users through automated means.
  • Many people view IdM as user account management, access control, password management etc.
  • It is too large and contains many components that people don't understand the entire picture, they only understand the component they work with.
  • The goal of IdM is to simplify administration of tasks and bring order to the chaos because there are so many different types of employees with different access rights it's difficult to manage them all. 
B. Describe the change from traditional IdM and the present IdM
  • Traditionally IdM was managed through a manual process with directory services with permission, access control lists (ACLs), and profiles. Presently, traditional methods have been replaced with automated applications with functionality that work together to create an identity management infrastructure. 
  • Identity Management Technologies covered in the CISSP exam are the following:
    • Directories
    • Web access management
    • Password management
    • Legacy single sign-on
    • Account management
    • Profile update
C.  Directories:
  • A directory has information pertaining to the company's network resources and users.
  • Most follow a hierarchal database form which is based on the X.500 standard, and a type of protocol, such as Lightweight Directory Access Protocol (LDAP), which allows subjects and applications to interact with the directory.
    • What this means is that applications can request information about a user by making a LDAP request to the directory and the users can also request information about the resource by using a similar request. 
  • How does the directory work?
    • The directory is composed of objects that are managed by a directory service.
    • A directory service allows administrators to configure and manage how identification, authentication, authorization, and access control takes place within the network and on individual systems. 
    • The objects in the directory are labeled/identified with namespaces.
  • The problem with using a directory product for identity management is that legacy devices and applications cannot be managed by the directory service because they were not built with the necessary client software. 
D. Web Access Management:
  • Web Access Management (WAM) software helps controls what users can access when using a web browser to interact with web-based enterprise assets. 
  • An infrastructure is usually made up of a web server farm (many servers), directory that contains users' account and attributes, database, couple of firewalls, some routers, which is all laid out in a tiered architecture. 
  • WEM can be thought of as a gateway between users and the corporate web-based resources, it acts as a plug-in for  web server and works as a front-end process.
  • WAM console allows administrators to configure access levels, authentication requirements, and account setup workflow steps, and perform overall maintenance. 
E. Password Management:
  • It takes a lot of time and resources to manage passwords for an entire organization especially if there are many employees that have to constantly update their passwords for different platforms. 
  • The following are common password management approaches:
    • Password Synchronization:
      • reduces complexity of keeping up with different passwords for different systems
    • Self-Service Password Reset
      • reduces help-desk call volumes by allowing users to reset their own password
    • Assisted Password Reset
      • reduces resolution process for password issues for the help desk

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)