Security+ Certification/Access Control and Identity Management

Access Control and Identity Management

Explain the function and purpose of authentication services

• RADIUS
• TACACS
• TACACS+
• Kerberos
• LDAP
• XTACACS

Explain the fundamental concepts and best practices related to authentication, authorization and access control

• Identification vs. authentication
• Authentication (single factor) and authorization
• Multifactor authentication
• Biometrics
• Tokens
• Common access card
• Personal identification verification card
• Smart card
• Least privilege
• Separation of duties
• Single sign on
• ACLs
• Access control
• Mandatory access control
• Discretionary access control
• Role/rule-based access control
• Implicit deny
• Time of day restrictions
• Trusted OS
• Mandatory vacations
• Job rotation

Implement appropriate security controls when performing account management

• Mitigates issues associated with users with multiple account/roles
• Account policy enforcement
  • Password complexity
  • Expiration
  • Recovery
  • Length
  • Disablement
  • Lockout
• Group based privileges
• User assigned privileges