Please enable JavaScript.
Coggle requires JavaScript to display documents.
Identity and Access Management Security - Coggle Diagram
Identity and Access Management Security
Understanding Identity
Identity Systems and Security Design
Directories
LDAP directory
Authentication Protocols
TACACS+,
a Cisco-designed extension to TACAS, the Terminal Access Controller Access Control System.
RADIUS
, the Remote Authentication Dial-in User Service
Kerberos
Active Directory (AD)
uses the Kerberos protocol for authentication
Single Sign-On (SSO)
OpenID Connect
is an authentication layer built using the
OAuth
protocol
Access Control Models
Role-Based Access Control
Attribute-Based Access Control
Mandatory Access Control
Rule-Based Access Control
Discretionary Access Control
Threats to Identity and Access
Attacking AAA Systems and Protocols
LDAP Attacks
Attacks against insecure binding (connections)
Improper LDAP access controls
LDAP injection
Denial-of-service (DsoS) attacks
OAuth, OpenID, and OpenID Connect
Kerberos
RADIUS
Active Directory
Common Active Directory attacks
Malware
Credential theft
Privilege escalation attacks
Domain administrator rights that exist for more staff than is necessary,
The use of down-level versions of protocols used in Windows domains
Acquiring Credentials
Attacks against
credentials commonly occur
in the form
phishing
compromises of
other services
,
brute-force
Federated Identity Security Considerations
Federated Identity Technologies
SAML
is an
XML-based language
used to
send authentication and
authorization data
between identity providers and service providers
It is frequently used to enable
single sign-on
for web applications and services
ADFS
Active Directory Federation Services (ADF
S)
,OAuth,
OpenID Connect