IT 369 Session 3 Identity and Access Management
Order ID:89JHGSJE83839 Style:APA/MLA/Harvard/Chicago Pages:5-10 Instructions:
IT 369 Session 3 Identity and Access Management
Identity and Access Management
Three Review and Challenge Questions
Please define Authentication, Authorization, and Non-repudiation
Describe Multifactor Authentication?
Question: Where would I look to see what has been happening on my linux machine? For example, if any daemons were running?
Logs and How to View Them
Location of logs (typically) in Linux: /var/log
Syslog is a process that generates lots of log data
Without having external tools, use of grep, tail, cat all likely
Here’s the fancy answer, and let’s explain:
tail -200 syslog.1 | grep daemon
(these commands will be helpful to you in securing your LAMP stack which is the third lab!)
Stay updated…
If VirtualBox alerts you to a newer version at startup, it is recommended that you update VirtualBox
Housekeeping
Readings on Syllabus
Lab progress: #2 due Tuesday night. #3 has been posted but will be reviewed in next class session.
Today we discuss Identity & Access Management.
Chapter: Identity & Access Mgmt
Recommend studying Topic Review from book prior to test
Recommend Chapter Practice test
Some topics of note:
Authentication v. Identification v. Authorization
Multiple factors of Authentication
Password Complexity: how much is too much? how to find a happy medium?
Fobs, Tokens, RFID vs. Swipe
Access Control models
DAC v. MAC v. ABAC v. RBAC etc.
Spatial vs. Temporal
User Accts v. Privileged Accts v. Service Accts (Least Privilege)
IAM Chapter Critical Thinking
What process is in place (or should be) to prevent social engineering of a user’s password?
Is every action in an organization logged? Is every transaction traceable to a single human?
Are new accounts hackable because of default passwords?
If a systems administrator abruptly left your organization, are you vulnerable? What is the process when someone with elevated access leaves? Is it written? How long does it take to execute?
Do account lockout policies add risk? What is the risk of having no lockout policy? (Door PIN example)
Your analysis?
IAM Chapter Critical Thinking
Does hashing a password solve the problem?
If MD5 Hash was used, probably not:
https://www.my1login.com/resources/password-strength-test/
https://www.md5hashgenerator.com
https://www.md5online.org/md5-decrypt.html
Does your organization have written password policies?
Could you write one if needed?
Do your applications have this issue resolved?
How would you know?
Overt: Interview, code review, whitebox testing
Covert: blackbox testing
Your analysis?
What does this indicate?
How might this differ from pseudocode outline of what should be happening?
Three Tier Architectures
Q: Purpose?
Q: # machines?
Q: Phys/Virt Diff?
Q: Cloud?
Q: Firewalls?
Linux File Permissions
File Type (blank=file, d=Directory, l=link, etc.)
Three sets (User, Group, Others)
Read (4), Write (2), Execute (1) gives combinations of 1,2,3,4,5,6,7
Easily set using the CHMOD command (e.g. “chmod 777 test.txt”)
Linux Hands On: Looking at Logs
EXAM: LEARN THE CAPABILITY – NOT THE SYNTAX
more <filename>
wc -l <filename>
grep <string> <filename(s)>
Examples (from /var/log)
ls -l sysl*
wc -l syslog.1
more syslog.1
tail syslog.1
grep daemon syslog.1
tail -200 syslog.1 | more
sudo and updating your sandbox
sudo allows you to do (do) something as super user (su)
Super user often called “root” but Ubuntu slightly different
Before attempting labs #3 and #4, you’ll want to make sure you on the latest and greatest:
sudo apt-get update
sudo apt-get upgrade
(This operation could take several minutes, fyi)
Lab Status
Lab #1 complete
Lab #2 due Tuesday night
Lab # 3 will be the LAMP stack, for those looking ahead. It is posted for those who want to jump ahead or have conflicts. Do so at your own risk, but I encourage it.
You may wish to export for safety & resiliency before and after successful completion.
LAMP is Linux, Apache, MySQL, and Python for us (M & P are often replaced with alternatives such as MariaDB, Perl, PHP)
Stretch Goals
If you’re all caught up, stretch goals:
Install additional instances under VBox, perhaps another O/S ? Post a report of it to a thread on the discussion board perhaps?
Test NAT-Network to connect both to one another (test using ping). Instructions in last weeks’ slides.
We will implement a firewall between them using UFW. Why not look into it on your own?
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow IT 369 Session 3 Identity and Access Management
IT 369 Session 3 Identity and Access Management