After reading this week\'s materials, please respond to TWO of the following que
ID: 3816427 • Letter: A
Question
After reading this week's materials, please respond to TWO of the following questions. AND PROVIDE CITATION IN APA.
1. Describe the controls contained within the three Access Control categories that can be integrated within a defense-in-depth model and give an example of one that you have read about or have knowledge of from your own experience.
2. Describe three threats to Access Control from what were covered within the reading and give an example of each.
3. Describe three of the intrusion detection system types used in access control monitoring covered within the reading. What is a honeypot and what are the legal concerns with using them?
4. What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide?
5. Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition?
6. Discuss the single sign-on technologies Kerberos, security domains, directory services and thin clients. What does federation provide?
Explanation / Answer
4. What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide?
A) The some of the challanges are
Single Sign on:-
Generally an enterprice will have multiple logins inorder to enter into the application. From user perspective it is the bas application experience. For the managment also it is increases the burden by the employees often clicking forget passwords or entering wrong passwords. To overcome this the Single sign on is introdued whether the user need to enter his credentials once and he automatically gets logged in to all the subsequent applications.
Entitlement Managment:-
It is the set of technologies used to grant and revoke access rights to the identities also which is associated with authorization. And now a days system access assignment is assigned by giving the rolebased assignments and business based policies to access the system
5. Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition?
A) Identification:- It is process to ensure the user/person is belonging to the entities by using the username and account number etc.
Authentication:- Is the process of allowing to access something. It identifies the people by a passcode, or key something like that then it matches with the information stored in it and authenticates.
Autharization:- In this the system will look into the access control matrix to varify that requested resource is eligible to access the content or not and then authorizes the person based on that.
Accountability:- For every actions happen in the system the subject and the actions must be recorded.
Race condition:- When a processes carry out their tasks inorderly. Then there is chance for the hacker could use race condition to force authorization to be completed