Scribd
Upload
51 views

1-Identify and Access Management (IdAM), IAM ATTACKS-09-01-2024

The document discusses identity and access management (IAM), including what IAM is, its goals of assigning digital identities and roles to users, and the benefits it provides like enhanced security and control. IAM involves defining user roles and access privileges, as well as managing identity lifecycles. The document also covers access control models, types of access control like discretionary and role-based, and security tools used for IAM.

Uploaded by

dummyfr07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views

1-Identify and Access Management (IdAM), IAM ATTACKS-09-01-2024

The document discusses identity and access management (IAM), including what IAM is, its goals of assigning digital identities and roles to users, and the benefits it provides like enhanced security and control. IAM involves defining user roles and access privileges, as well as managing identity lifecycles. The document also covers access control models, types of access control like discretionary and role-based, and security tools used for IAM.

Uploaded by

dummyfr07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Identity Access

Management
What is Identity and Access Management?

● Identity and access management (IAM) is an enterprise system which


defines and designates roles and access privileges of individuals on the
network.
● The IAM system creates roles and dictates what resources those roles
have access to and then manages the assignment of roles to individuals
and ensures each individual can only access the resources which they
have been approved to use.
The primary goal of IAM is to ensure each user is assigned a single digital
identity, and each identity is assigned the roles that apply to them and the
access that each role permits them.

Each user is assigned a digital identity (a unique username and password)


and this identity is then assigned the roles which provide them with access to
the data and applications they require.

IAM is also sometimes called identity management or rights management and


is responsible for processing user requests to access resources.
What are the Benefits of IAM?

The implementation of IAM systems and best practices allows you to open up your
network to employees and customers alike without exposing the network to undue
risk.
Identity management allows access to be extended for on-premises applications as
well as mobile apps and SaaS tools without negatively impacting network security.
Properly managed identities provide administrators with enhanced control over
user activities and permissions.
IAM helps to ensure organizational networks remain secure and compliant with
regulations.
Introduction to User Access Management
● User Access Management (UAM), also known as identity and access
management (IAM), is the administration of giving individual users within a
system access to the tools they need at the right time. For businesses, this
usually includes access to external applications, permissions, and security
requirements.
● User Access Management allows IT administrators to securely manage
access to services and resources for all the users in an organization. All this
can be done simply within a Universal Directory.
Access Control Models
Access controls are designed to allow, deny, limit, and revoke access to resources
through identification, authentication, and authorization.

Concepts :

● Identification: Identification is the introduction or presentation of an entity


(person or device) to another entity.
● Authentication: Authentication is a process in which the credentials provided
by an entity are compared to the entity’s information stored on a system to
validate the identity.
● Authorization Authorization occurs after an entity’s identification and
authentication have occurred to determine exactly what they are allowed to
do.
● Principle of Least Privilege The principle of least privilege dictates that we
should only allow the bare minimum of access to an entity which may be a
person, device, account, or process to allow it to perform the required
function.
● Principle of Separation of Duties The Separation of Duties principle is
achieved by dividing a task and authority for a specific business process
among multiple users.
● Access Control List Access control list or ACL is a file, typically referred to a
computer file system, which attaches permissions to an object or entity. An
ACL specifies which users or system processes are granted access to
objects, as well as what operations the objects are allowed.
Capabilities Where ACLs define the permissions based on a given
identity and a set of permissions, capability-based access provides an
alternative method of granting access based entirely on something we
possess such as a token, access badge, or pass code.In a capability-
based system, applications can share with other applications the token
that defines their level of access.
Access Control Methodologies

Depending on the access control methodology, access may be granted based on


something that we know, have, and are.The most common set of simple access
control models includes discretionary access control, mandatory access control,
rule-based access control, role-based access control, and attribute-based access
control.
Types of Access Control Models

● Discretionary Access Control Discretionary Access Control (DAC) is a model


of access control based on access being determined by the owner of the
target resource.
● Mandatory Access Control Mandatory Access Control (MAC) is a model of
access control in which the owner of the resource does not get to decide who
gets to access it, but instead access is decided by a group or individual who
has the authority to set access on resources.
● Role-Based Access Control Role-Based Access Control (RBAC) is a model of
access control that, similar to MAC, functions on access controls set by an
authority, rather than by the owner of the resource.
● Attribute-Based Access Control (ABAC) is based on attributes. These can be
the attributes of a particular person, of a resource, or of an environment.
● Multilevel access control models may be used by military and government
organizations which is not be considered robust enough to protect the
information to which we are controlling access.
● Physical Access Controls When discussing physical access controls, we are
often largely concerned with controlling the access of individuals, devices,
and vehicles
Effective IAM Security Tools
Here question arises Why You Need Identity and Access Management Tools

● Improved Security
● Enhanced Business Productivity
● Enhanced Individual Productivity
● Collaboration
● One Control System
● Single Sign-On (SSO)
● Effective Time Management
Types of Identity and Access Management Tools

● Password Management Tools

● Provisioning Softwares

● Security Policy Enforcement Applications

● Reporting and Monitoring Apps

● Identity Repositories
thycotic
● thycotic.com

● Your privileged accounts are hackers’ favorite targets

You might also like