https://github.com/qeeqbox/identity-and-access-management

The practice of ensuring that people or objects have the right level of access to assets
https://github.com/qeeqbox/identity-and-access-management

access iaaa identity infosecsimplified management qeeqbox

Last synced: 2 days ago
JSON representation

The practice of ensuring that people or objects have the right level of access to assets

• Host: GitHub
• URL: https://github.com/qeeqbox/identity-and-access-management
• Owner: qeeqbox
• License: agpl-3.0
• Created: 2023-03-29T01:54:18.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-01-29T00:54:28.000Z (10 months ago)
• Last Synced: 2024-05-01T11:27:23.724Z (7 months ago)
• Topics: access, iaaa, identity, infosecsimplified, management, qeeqbox
• Homepage:
• Size: 38.1 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE-CC-BY-NC-ND

Awesome Lists containing this project

README

        
### Identity and Access management (IAAA)

The practice of ensuring that people or objects have the right level of access to assets

1.  Identification

2.  Authentication

3.  Authorization

4.  Accountability

* * *

### Identification

A way of claiming an identity (The act of indicating someone's or an object's identity)

*   Username

*   SSN

* * *

### Authentication

Ensuring the claimed identity is valid (Verifying someone's or an object's identity)

#### Authentication factors

*   Something you know

    *   Password

    *   PIN

*   Something you have

    *   Passport

    *   Smartphone

    *   Smart Card

    *   Token

*   Something you are

    *   Fingerprint

    *   Facial recognition

    *   Iris Scan

*   Somewhere you are

    *   IP address

    *   MAC Address

*   Something you do

    *   Pattern unlock

    *   Picture Password

* * *

### Authorization

Determining if someone or an object has permission to do after their identity is verified

*   Access Control

    *   A security technique to protect a system against unauthorized access

* * *

### Accountability (Auditing)

 The ability to trace an action back to someone or an object

*   Audit logs

* * *

### Account types

*   User account

    *   Used by humans

*   Privileged accounts

    *   They have higher-level access privileges (Administrative privileges)

    *   Domain Administrator

        *   Complete control of the Active Directory (AD) domain

    *   Local Administrator

        *   Complete control of the local computer in Windows (Not AD)

*   Shared accounts

    *   Can be used by multiple individuals or objects

*   Guest accounts

    *   Provide limited access or a temporary basis

*   Service accounts

    *   They are non-human accounts that used for running processes

        *   Webserver

*   Application accounts

    *   They are non-human accounts that provide access applications

        *   Access to databases

* * *

### Passwords

A series of characters used for authenticating

*   Shared passwords

    *   Credential Stuffing

*   Simple Passwords

    *   Password guessing

*   Strong Passwords

    *   Password dumps

    *   Password cracking

*   Password Managers

    *   Account reset

    *   Account takeover

*   2FA

    *   Phishing

    *   SMS Swapping

    *   Device compromise

* * *

### Access Control

A security technique to protect a system against unauthorized access

* * *

### Attribute-based Access Control (ABAC)

Access based on attributes

*   User attributes

*   Object attributes

*   Environment conditions

* * *

### Discretionary Access Control (DAC)

Access based on owner decision - This modal uses an Access Control List (ACL) authorization (ACL is used it to determine who can access resources)

*   The data owner of an organization determines the level of access

* * *

### Graph-based Access Control (GBAC)

Access based on how data relates to other data

*   Using an organizational query language

* * *

### History-Based Access Control (HBAC)

Access based on real-time evaluation of a history of activities

*   A user declined access to sensitive info because of past behavior

* * *

### Identity-Based Access Control (IBAC)

Access is based on the identity of the user (this access is by the individual, not by group)

*   A specific user has access to sensitive information

* * *

### Mandatory Access Control (MAC)

Access based on regulations by a central authority

*   A user must demonstrate a need for the information before granting access

* * *

### Role-Based Access Control (RBAC)

Access based on a user role

*   Job title

* * *

### Rule-Based Access Control (RAC)

Access based on a predefined set of rules or access permissions

*   Allowing access to specific IP

* * *

### Responsibility-Based Access Control (ReBAC)

Access based on the responsibilities assigned to a user or users

*   Data engineer has access to a backup management interface

* * *

## id

fee711fd-43d3-40f4-8974-e81e78f4c678

## References

- https://en.wikipedia.org/wiki/Identity_management