Chapter 4 Identity and Access Management

Using Tools to Assess Your Network

- Protocol Analyzer a.k.a packet sniffers, allow you to view that traffic and capture a copy of the traffic
for later analysis

- tcpdump (Linux common packet sniffer). (code : tcpdump -i eth0)

-Wireshark also a widely known network packet sniffers. Graphical user interface, free and versatile.

- Network Scanners

Or a network mapper can enumerate everything on your network.

Good for detecting rogue systems,

+ Solarwinds

+ Lan Helper

Wireless Scanners and Crackers

It’s important that network Security professionals scan their network with tools like crackers to fine issus
before an attack does.

+Aircrack (scanning and cracking Wi-Fi); tools like wzcook.exe, extract wireless data; main tool is
aircrack-ng

Password Cracker
Pwdump: copy the local password hashes from Windows SAM file. Once you have the password hases,
you can use rainbow table tool to check to see if the passwords can be recovered.

Ophcrack: another password cracking tools. It installed on a bootable CD,

Vulnerability Scanners
Netcraft.com : info about websites including what operating system they are running

Shodan.io This site is a vulnerability search engine

Isc.sans.edu: SANS Institute cyber storm center, provide information on current cyber threats

NESSUS.

MBSA (Microsoft Baseline Security Analyzer).

OWASP Zap

Exploitation Frameworks
 COMMAND-Line Tools
Ping : check if some website is accessible. (example ping www.google.com)
Nestat: current network connections
Tracert: tells the entire path to a given address.
Nslookup/dig
Arp (address Resolution Protocol)
Ipconfig/ip/ifconfig
Needs downloading:
Nmap : software, port scan machines.
Netcat free download

Troubleshooting Common Security Issues

Access Issues: “permissions”

Common issues for your network:
+ Good Password + Password Storage

+Least privileges + Protocols

+Strong Authentication

Configuration Issues
Default Passwords.

Failure to Patch

Limit Admin Access: Wireless access points have an administrative panel. Only accessible va physical
connection.

Filtering

Logging

Personnel Issues: Threat is the insider. Social engineering.

Other issues

+ unauthorized software
__________________________________________________________________________________

Security Technologies

IDS

A Host-based Intrusion detection system (HIDS) and HIPS (p for prevention)

Antimalware

Malwarebyte Antimalware software

Firewalls and related devices

Identity and Access Management Concepts

Identification means finding out who someone is. Authentication is a mechanism of verifying that
identification/proving it.

Authentication based on one or more of these 5 factors.

TYPE1: knows password or PIN

TYPE2: smartcard, token, Identification device

TYPE3: biometrics, fingerprints or retinal pattern

FACTOR 4: an action you must take to complete authentication

FACTOR 5: Geolocation, Somewhere you are

Authentication (Single factor) and Authorization

Multifactor Authentication

Federations

A federation is a collection of computer networks that agree on standards of operation such as a

security standards.

Potential Authentication and Access Problems

Transitive access

IF party (A) trust (b) and (B) trust (C) then A trust (C)

LDAP( Lightweight Directory Access Protocol)

PAP, SPAP, and CHAP
These three authentication protocols represent the evolution of authentication.

PAP (Password Authentication Protocol) : plain user id and password

SPAP (Shiva PAP): encrypts the username and password. Helps prevents packet sniffer. Not able to lmit
replay attacks or session hijacking.

CHAP (Challenge Handshake Authentication Protocol) : after logins, client computer send computer
generated number (cryptographic hash)

Kerberos: an authentication protocol, There’s a Key

distribution Center (KDC). Then KDC gives TGT (ticket
grating server). Then the client sent the token from
TGT to file server. The server will then check with TGT

Working with RADIUS

TACACS, TACACS+, XTACACS (same as Radius)
OATH (works with HTTP) : allow access tokens to be issued to third-party clients
with the approval of the resource owner.
OTP
SAML
Open ID

Install and Configure Identity and Access Services

Mandatory Access Control (MAC) is a inflexible method for how information access is permitted. Users
can’t share information unless their rights to share it are established by administrators.

Discretionary Access Control (DAC) model, allows users to share information dynamically with other
users.
ROLE-BASED ACCESS CONTROL (RBAC)

Implement access by job function or by responsibility.

Rule-Based Access Control(RBAC)

Uses the settings in preconfigured security policies to make all decisions.

Atribute-based access control (ABAC) Consider a lot more aspects of subject, object, environment
conditions.

Smartcards: access control and security purposes. Store permissions and access information

Common Access Card : Defense department, US GOV, has id, chip, barcode

PiVC : US gov

TOKENS: keycard, key fob

File and Database Security

Summary Exam Essentials Review Questions

This chapter introduced you to a number of tools that you can use to gather data about your network.
For the Security+ exam, you should be able to define the tool types, such as vulnerability scanners and
password crackers. For your job duties as a security administrator, you should be able to utilize several
of these tools. The command-line tools also comprise common test questions on the Security+ exam.

Next the chapter examined troubleshooting configuration issues. This is a very broad topic, and no single
chapter could fully address it. The main point to understand is that if your security devices and services
are not properly configured, that misconfiguration is itself a security vulnerability.

This chapter introduced a number of security technologies and explained how to view their output. That
includes IDS, firewall, antivirus, and other related technologies. You should be familiar with how to view
outputs from these systems.

The chapter also addressed access control and identity management. The key difference between
authentication and identification is that authentication means that someone has accurate information,
whereas identification means that accurate information is proven to be in possession of the correct
individual.

The most basic form of authentication is known as single-factor authentication (SFA), because only one
set of values is checked. To increase security, it is necessary to use multifactor authentication, which
involves two or more values that are checked.

The most basic form of authentication is known as single-factor authentication (SFA), because only one
set of values is checked. To increase security, it is necessary to use multifactor authentication, which
involves two or more values that are checked.
ACLs are being implemented in network devices and systems to enable the control of access to systems
and users. ACLs allow individual systems, users, or IP addresses to be ignored.