Get Started. It's Free
or sign up with your email address
Module 6 by Mind Map: Module 6

1. Motivation

1.1. Controlling access to resources, information, and assets is essential to maintain security.

1.2. Need to understand the importance of identity, authentication, and authorization, and their relation to the CIA triad.

2. Identification, Authentication and Authorisation

2.1. Verifying identity- a comerston of security

2.2. The processes of Identification, Authentication and Authorisation should be separated from each other.

2.3. The failure of one of these can result breakdown of security.

2.4. Privileges- permissions to perform an action.

2.5. Identity and Access Management (IAM).

2.5.1. The process of authorizing access to resources based on identity

2.6. Importance of identification

2.6.1. Enforce different privileges to allow or limit access to resources.

2.7. Identity enrolment links user info to system security controls.

2.8. Identity and trust

2.8.1. Identity verification requires trust in systems or individuals

2.9. Example of authentication records

2.9.1. Password

2.9.2. Personal information

2.9.3. Biometric data. The House of Lords expressed concerns about the new EU Electronic Border Management System requiring Brits' biometric data for entry.

3. Authentication

3.1. Verify someone is who/something is what they claim tobe.

3.1.1. Some thing you know Passwords, shared secrets

3.1.2. Some thing you have Access card

3.1.3. Some thing you are Physical

3.2. Authentication vs Authorisation

3.2.1. Authentication: Verification of identity

3.2.2. Authorisation: The right to do something

3.3. Challenge- Response Protocols

3.3.1. Challenge-response protocols are methods of confirming identity by verifying secret information.

3.4. Single/Multiple Factors for Authentication

3.4.1. Single: username & password

3.4.2. Multiple Factor Authentication(MFA) username&password + another factor

4. Basic Single Factor Authentication

4.1. Plaintext Password

4.1.1. Easily exposed to attackers

4.2. Hashed Password

4.2.1. Store and send a hash of the password.

4.3. Hash Rainbo Table

4.3.1. A precomputed table used to quickly crack hashed passwords

4.4. Entropy (Salt)

4.4.1. A random data added during password hashing to prevent rainbow table attacks Brute force password attacks are still possible for a single account.

4.5. Use slow or expensive algorithms

4.5.1. More safety, but take more CPU time and computer memory.

4.5.2. Example: Iteratively Hashing Password

4.6. Cracking Passwords

4.6.1. Attacker tries all passwords till system lockout. Preferable: steal database for offline attack.