|
5.0 Access Control and Identity Management
5.1 Explain the function and purpose of authentication services
- RADIUS
- TACACS
- TACACS+
- Kerberos
- LDAP
- XTACACS
5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control
- Identification vs. authentication
- Authentication (single factor) and authorization
- Multifactor authentication
- Biometrics
- Tokens
- Common access card
- Personal identification verification card
- Smart card
- Least privilege
- Separation of duties
- Single sign on
- ACLs
- Access control
- Mandatory access control
- Discretionary access control
- Role/rule-based access control
- Implicit deny
- Time of day restrictions
- Trusted OS
- Mandatory vacations
- Job rotation
5.3 Implement appropriate security controls when performing account management
- Mitigates issues associated with users with multiple account/roles
- Account policy enforcement
- Password complexity
- Expiration
- Recovery
- Length
- Disablement
- Lockout
- Group based privileges
- User assigned privileges
|
|
|