**Identity Access Management (IAM)**

IAM is a critical aspect of cybersecurity, encompassing the management of authentication and

authorization within a system, especially focusing on the management of privileged users. The process of
IAM involves four primary phases:

1. **Identity:** In this phase, users provide identification information, such as usernames, email
addresses, or any other unique identifiers.

*Example:* A user provides their username and password to log in to a company's network.

2. **Authenticate:** After identity information is provided, it needs to be verified. This step ensures that
the user is who they claim to be. Verification can be achieved through various means, including
passwords, biometrics, or security tokens.

*Example:* A user provides their fingerprint to unlock their smartphone.

3. **Authorize:** Once authentication is successful, the system determines what actions the user is
allowed to perform based on their verified identification. Authorization ensures that users have access
only to the resources and data that they are permitted to access.

*Example:* After logging in, a user is authorized to access specific folders and files based on their role
within the organization.

4. **Audit:** The system keeps track of all actions performed using the identified credentials. This phase
is crucial for monitoring and maintaining security, as it allows for the detection of any unauthorized or
suspicious activities.

*Example:* The system logs all access attempts, including successful and failed logins, file accesses,
and system configuration changes.

**Identity & Access Threats**

Several threats exist in the realm of identity and access management, including:

- **Spoofing:** Where an attacker impersonates a legitimate user or device to gain unauthorized access
to the system.

*Example:* A hacker uses phishing techniques to trick users into providing their login credentials,
allowing unauthorized access to their accounts.

- **Identity Theft:** Unauthorized individuals gaining access to another user's identity, often through
stolen credentials or other means.

*Example:* An attacker steals a user's credit card information to make unauthorized purchases online.

- **Keylogging:** Malicious software recording keystrokes to steal login credentials and other sensitive
information.

*Example:* A keylogger secretly installed on a user's computer captures their username and password
when they log in to their online banking account.

- **Escalation of Privilege:** Illegitimate elevation of user privileges within a system, allowing attackers
to access restricted resources or perform unauthorized actions.

*Example:* An attacker gains access to a low-privileged user account and exploits a vulnerability to
elevate their privileges to that of an administrator.

- **Information Leakage:** Unauthorized access or disclosure of sensitive information, either

intentionally or unintentionally.

*Example:* A disgruntled employee leaks confidential company data to a competitor.

**IM Tools & Techniques**

To counter these threats, various tools and techniques are employed:

- **Identity Manager:** Software solutions for managing user identities and access rights, allowing
organizations to centrally manage user access to resources.

*Example:* Microsoft Azure Active Directory provides identity management and access control
capabilities for cloud-based applications.

- **Fraud Analytics:** Advanced analytics tools used to detect and prevent fraudulent activities, such as
identity theft and unauthorized access.

*Example:* IBM Trusteer uses machine learning algorithms to detect fraudulent login attempts and
protect against account takeover attacks.

- **Multi-Factor Authentication (MFA):** Requires users to provide multiple forms of verification to

access a system, significantly enhancing security. MFA typically involves a combination of something the
user knows (e.g., a password), something the user has (e.g., a security token), and something the user is
(e.g., biometric verification).

*Example:* Google's two-step verification requires users to enter a password and a unique code sent to
their mobile device to access their Google account.

**AM Tools & Techniques**

Authentication and authorization are further secured using:

- **Single Sign-On (SSO):** Allows users to access multiple applications with a single set of credentials,
reducing the need for multiple passwords and enhancing user convenience.

*Example:* Microsoft Active Directory Federation Services (ADFS) enables SSO across different
applications and services within an organization.
- **Behavior Analytics:** Analyzes user behavior to detect abnormal activities that may indicate a
security breach, such as unusual login times or locations.

*Example:* Splunk User Behavior Analytics (UBA) monitors user activities and detects anomalies
indicative of insider threats or compromised accounts.

- **Role-Based Approach:** Users are assigned roles with specific access permissions based on their job
functions, simplifying the management of access rights.

*Example:* An employee is assigned the "HR Manager" role, granting them access to HR-related
documents and systems.

**Authentication Factors**

Authentication factors play a crucial role in determining user identity:

1. **Something You Know:** Such as passwords, passphrases, or personal identification numbers (PINs).

*Example:* A user enters their username and password to log in to an online banking website.

2. **Something You Have:** Devices like smart cards, hardware tokens, or smartphones.

*Example:* A user inserts a smart card into a card reader and enters a PIN to access a secure building.

3. **Something You Are/Do:** Biometric identifiers such as fingerprints, facial recognition, or behavioral
traits.

*Example:* A user scans their fingerprint using a biometric scanner to unlock their smartphone.

**Multi-Factor Authentication (MFA)**

MFA combines multiple authentication factors, making it significantly harder for attackers to gain
unauthorized access. It can involve two-factor or three-factor authentication, depending on the level of
security required.

*Example:* A user logs in to an online account by entering their password and then receiving a one-
time code on their mobile device.

**Authentication Attributes**

Authentication attributes complement authentication factors:

- **Somewhere you are:** Geographic location using IP addresses, which can be used as an additional
authentication factor.

*Example:* A bank requires users to verify their identity by confirming their location before allowing
access to their account.

- **Something you can do:** Behavioral characteristics such as typing speed, mouse movement
patterns, or other user behaviors.

*Example:* A system monitors a user's typing speed and style to detect if someone else is attempting
to log in using their credentials.

- **Something you exhibit:** Unique behavioral patterns like the way you use applications or interact
with devices.

*Example:* An e-commerce website analyzes user browsing behavior to detect suspicious activities,
such as rapid changes in shopping cart contents.

- **Someone you know:** Trust models where new users are vouched for by existing users, enhancing
the security of user identities.
 *Example:* A user gains access to a private online community after being invited by an existing
member.

**Biometric Authentication**

Biometric authentication provides a high level of security and includes various methods such as:

- **Fingerprint & Facial Recognition:** Widely used biometric authentication methods due to their
accuracy and convenience.

*Example:* An employee uses facial recognition to clock in and out of work, eliminating the need for
manual timekeeping.

- **Retinal & Iris Scans:** More advanced biometric methods that offer even higher levels of security
but may be more expensive to implement.

*Example:* A high-security facility uses retinal scans to grant access to restricted areas.

- **Behavioral Technology:** A Template Is Created By Analyzing A Behavior Such As Typing Or Walking.

*Example:* A system analyzes the typing speed and pattern of a user's keystrokes to verify their
identity.

**Continuous Authentication**

Continuous authentication ensures that the

user who initially logged in is the same person operating the device throughout the session.
 *Example:* A banking app prompts the user to re-authenticate if there is a significant change in their
transaction behavior, such as an unusually large transfer of funds.

**Password Concepts**

Passwords remain a fundamental authentication method, and various concepts ensure their security:

- **Password Length:** Enforcing a minimum length for passwords to increase security.

*Example:* A website requires users to create a password of at least eight characters, including
uppercase letters, lowercase letters, numbers, and special characters.

- **Password Complexity:** Requiring passwords to meet specific complexity requirements, such as

including a mix of letters, numbers, and special characters.

*Example:* A system requires passwords to contain at least one uppercase letter, one lowercase letter,
one number, and one special character.

- **Password Aging:** Forcing users to change their passwords regularly to reduce the risk of
compromised credentials.

*Example:* A company policy requires employees to change their network passwords every 90 days.

- **Password Reuse and History:** Preventing users from reusing old passwords to enhance security.

*Example:* A system remembers the user's last five passwords and prevents them from using any of
those passwords again.

Under the latest NIST guidelines:

- Complexity rules should not be enforced, and the focus should be on blocking common passwords.
- Aging policies should not be enforced, and users should have the flexibility to change passwords based
on their assessment of risk.

- Password hints should not be used to avoid making passwords easier to guess.

**Password Managers**

Password managers are tools used to store and manage passwords securely, mitigating the risks
associated with poor credential management practices. However, they also come with their own set of
risks:

- **Weak Master Password:** The master password used to access the password manager should be
strong and unique to prevent unauthorized access.

*Example:* A password manager user sets their master password to "password123," making it easy for
attackers to guess.

- **Vendor's Cloud Storage or Systems Compromise:** Storing passwords in the cloud introduces the
risk of the password manager's vendor being compromised, leading to unauthorized access to stored
passwords.

*Example:* A hacker gains access to the servers of a popular password manager service, compromising
millions of user passwords.

- **Impersonation Attacks:** Attackers may attempt to trick users into entering their passwords into a
fake or spoofed password manager application or website.

*Example:* A user receives an email claiming to be from their password manager provider, asking them
to log in to their account to verify their identity. However, the email is a phishing attempt, and the login
page is fake, designed to steal the user's credentials.

**Privileged Access Management (PAM)**

Privileged accounts have elevated permissions within a system, making them prime targets for attackers.
PAM involves policies, procedures, and technical controls designed to prevent the compromise of
privileged accounts. Key considerations for PAM include:

- **Restricting Administrative Accounts:** It is essential to restrict the number of administrative

accounts as much as possible to reduce the risk of compromise.

*Example:* An organization limits the number of employees with administrator privileges to only those
who require them to perform their job duties.

- **Just-in-Time (JIT) Permissions:** Instead of assigning standing permissions to administrative

accounts, JIT permissions grant elevated privileges for a limited period, reducing the risk of long-term
compromise.

*Example:* An employee requires temporary administrative access to perform a system upgrade. They
request elevated privileges, which are granted for a specific time frame.

- **Temporary Elevation:** Temporary elevation of privileges allows users to gain administrative rights
for a limited period, enhancing security while minimizing the risk of abuse.

*Example:* A system administrator requires elevated privileges to perform maintenance tasks. They
temporarily elevate their permissions using a privileged access management tool.

- **Password Vaulting/Brokering:** Privileged accounts can be "checked out" from a repository and
made available for a limited amount of time, with administrators required to log justifications for using
the privileges.

*Example:* An administrator needs elevated privileges to install software on a server. They check out
the required credentials from a password vault, and the system logs the request for auditing purposes.

- **Ephemeral Credentials:** Systems can generate temporary credentials for performing administrative
tasks, ensuring that access is only granted when necessary and revoked once the task is complete.
 *Example:* An employee needs to access a sensitive database to retrieve information for a report.
They are granted temporary access, and the credentials expire once the report is completed.

**Local, Network & Remote Authentication**

Authentication can occur at various levels, including:

- **Windows Authentication:** Involves local sign-in, network sign-in, and remote sign-in using the
Kerberos or NTLM authentication protocols.

*Example:* A user logs in to their Windows workstation using their username and password.

- **Linux Authentication:** Local user account authentication and authentication using pluggable
authentication modules (PAM) for enhanced security.

*Example:* A user logs in to a Linux server using SSH and provides their username and password.

- **Single Sign-On (SSO):** Allows users to access multiple applications with a single set of credentials,
reducing the need for multiple passwords and enhancing user convenience.

*Example:* A user logs in to their corporate network and gains access to email, file storage, and other
applications without needing to enter additional credentials.

**Kerberos**

Kerberos is a widely used single sign-on network authentication and authorization protocol, commonly
implemented in Microsoft’s Active Directory service. It comprises three main parts: the Authentication
Service (KDC), Principal, and Application Server. Kerberos authentication provides a robust and secure
method for users to access network resources.

*Example:* A user logs in to their Windows workstation using their Active Directory credentials, and
Kerberos authenticates their identity to access network resources such as file shares and printers.