1
00:00:00,000 --> 00:00:00,990
In this lesson,

2
00:00:00,990 --> 00:00:02,461
we're going to start to examine the idea

3
00:00:02,461 --> 00:00:04,980
of Identity and Access Management.

4
00:00:04,980 --> 00:00:07,140
When I talk about Identity and Access Management,

5
00:00:07,140 --> 00:00:08,673
this is also called IAM.

6
00:00:09,810 --> 00:00:12,810
This is a security process that provides the identification,

7
00:00:12,810 --> 00:00:15,210
authentication, and authorization mechanisms

8
00:00:15,210 --> 00:00:18,480
for users, computers, and other entities to work with

9
00:00:18,480 --> 00:00:20,610
organizational assets like networks,

10
00:00:20,610 --> 00:00:22,830
operating systems, and applications.

11
00:00:22,830 --> 00:00:25,200
Essentially, when you log onto your computer,

12
00:00:25,200 --> 00:00:28,590
you're taking place inside of the IAM process

13
00:00:28,590 --> 00:00:31,110
because you're presenting a username and a password,

14
00:00:31,110 --> 00:00:32,729
and that's going to authenticate you

15
00:00:32,729 --> 00:00:34,080
and that gives you authorization

16
00:00:34,080 --> 00:00:36,480
to certain things within your network.

17
00:00:36,480 --> 00:00:40,080
Now, every unique subject in the organization is identified

18
00:00:40,080 --> 00:00:42,120
and associated with an account.

19
00:00:42,120 --> 00:00:43,447
Now, when I talk about the term

20
00:00:43,447 --> 00:00:44,790
"a unique subject,"

21
00:00:44,790 --> 00:00:46,290
what does that really mean?

22
00:00:46,290 --> 00:00:48,540
Well, a unique subject could be personnel,

23
00:00:48,540 --> 00:00:50,790
it could be endpoints, it could be servers,

24
00:00:50,790 --> 00:00:53,310
it could be softwares, or it could be roles.

25
00:00:53,310 --> 00:00:54,570
When I'm talking about personnel,

26
00:00:54,570 --> 00:00:57,720
this is the most common type of IAM that's defined.

27
00:00:57,720 --> 00:00:59,610
This is people and employees,

28
00:00:59,610 --> 00:01:00,780
those who have user accounts

29
00:01:00,780 --> 00:01:03,510
and log onto the system to do stuff with them.

30
00:01:03,510 --> 00:01:04,620
Now, this is really important

31
00:01:04,620 --> 00:01:07,950
because most computers aren't there just to be a computer.

32
00:01:07,950 --> 00:01:10,080
They're there to get some kind of value from it.

33
00:01:10,080 --> 00:01:12,120
And to get that value from the computer,

34
00:01:12,120 --> 00:01:13,710
you need people to use it.

35
00:01:13,710 --> 00:01:15,300
When my computer is just sitting here,

36
00:01:15,300 --> 00:01:16,230
it's a paperweight.

37
00:01:16,230 --> 00:01:17,670
But when I log onto my computer

38
00:01:17,670 --> 00:01:20,010
and I access the Internet to answer your questions,

39
00:01:20,010 --> 00:01:21,570
I'm providing value.

40
00:01:21,570 --> 00:01:24,753
And that's why personnel are so important in terms of IAM.

41
00:01:25,590 --> 00:01:26,880
Now, another thing you have to think about when you're

42
00:01:26,880 --> 00:01:28,290
talking about personnel with IAM is

43
00:01:28,290 --> 00:01:30,480
that personnel is also a huge risk area

44
00:01:30,480 --> 00:01:32,070
because people write down their usernames

45
00:01:32,070 --> 00:01:33,930
and passwords, and that's a risk.

46
00:01:33,930 --> 00:01:35,670
People log into places carelessly

47
00:01:35,670 --> 00:01:37,110
and let their credentials get out,

48
00:01:37,110 --> 00:01:38,130
and that's a risk.

49
00:01:38,130 --> 00:01:40,140
So these are things you have to think about.

50
00:01:40,140 --> 00:01:43,020
The next area we want to talk about for IAM is endpoints.

51
00:01:43,020 --> 00:01:44,010
Now when we talk about endpoints,

52
00:01:44,010 --> 00:01:45,188
these are desktops and laptops

53
00:01:45,188 --> 00:01:47,160
and tablets and cell phones,

54
00:01:47,160 --> 00:01:48,960
and all of these things are endpoints.

55
00:01:48,960 --> 00:01:52,470
They're devices that people use to gain access to a network

56
00:01:52,470 --> 00:01:54,390
and be able to do their job.

57
00:01:54,390 --> 00:01:56,160
So the personnel is going to have credentials

58
00:01:56,160 --> 00:01:57,630
to log onto the computer,

59
00:01:57,630 --> 00:01:59,340
and that computer is going to have credentials

60
00:01:59,340 --> 00:02:00,870
to log onto the network.

61
00:02:00,870 --> 00:02:02,220
And sometimes those are the same credentials,

62
00:02:02,220 --> 00:02:04,680
but it's still different from an IAM perspective

63
00:02:04,680 --> 00:02:06,600
because the computer has its own set

64
00:02:06,600 --> 00:02:08,250
because it is a unique subject

65
00:02:08,250 --> 00:02:09,900
in the case of IAM.

66
00:02:09,900 --> 00:02:12,060
Now, the next area we're going to talk about is servers.

67
00:02:12,060 --> 00:02:14,460
Now, servers are a little bit different than endpoints.

68
00:02:14,460 --> 00:02:17,040
Endpoints are devices that users are going to log onto,

69
00:02:17,040 --> 00:02:18,810
but servers are sitting in the back,

70
00:02:18,810 --> 00:02:21,000
and a lot of times servers are there from

71
00:02:21,000 --> 00:02:22,710
machine to machine communication.

72
00:02:22,710 --> 00:02:24,630
So each server also is going

73
00:02:24,630 --> 00:02:26,790
to have its own IAM credentials.

74
00:02:26,790 --> 00:02:28,920
These servers might have mission critical systems

75
00:02:28,920 --> 00:02:30,120
and encryption schemes

76
00:02:30,120 --> 00:02:31,950
and other things that are all going on,

77
00:02:31,950 --> 00:02:32,970
and all of that trust

78
00:02:32,970 --> 00:02:34,200
and identity that happens

79
00:02:34,200 --> 00:02:36,570
behind the scenes happens on these servers.

80
00:02:36,570 --> 00:02:39,150
So servers are another big part of IAM.

81
00:02:39,150 --> 00:02:42,030
Another area we have to think about with IAM is software.

82
00:02:42,030 --> 00:02:44,430
Just like servers, there are different applications

83
00:02:44,430 --> 00:02:47,400
that can take and feed requests to and from users,

84
00:02:47,400 --> 00:02:49,320
and that's going to require IAM.

85
00:02:49,320 --> 00:02:51,750
And so software can also be a subject

86
00:02:51,750 --> 00:02:53,130
that has its own unique way.

87
00:02:53,130 --> 00:02:55,680
And usually this is going to be done using certificates like

88
00:02:55,680 --> 00:02:57,990
digital certificates to be able to allow

89
00:02:57,990 --> 00:03:00,330
or disallow a client from doing certain things

90
00:03:00,330 --> 00:03:02,070
with a certain piece of software.

91
00:03:02,070 --> 00:03:03,660
And finally, we have roles.

92
00:03:03,660 --> 00:03:06,150
This is the fifth type of unique subject.

93
00:03:06,150 --> 00:03:08,850
Roles are going to support the identities of various assets

94
00:03:08,850 --> 00:03:10,230
by defining the resources

95
00:03:10,230 --> 00:03:11,310
an asset has permission

96
00:03:11,310 --> 00:03:13,290
to access based on the function

97
00:03:13,290 --> 00:03:15,390
that the asset is going to fulfill.

98
00:03:15,390 --> 00:03:17,100
So when we talk about roles,

99
00:03:17,100 --> 00:03:20,820
these roles can actually be assigned to servers or to people

100
00:03:20,820 --> 00:03:22,170
or to endpoints.

101
00:03:22,170 --> 00:03:23,490
And based on those roles,

102
00:03:23,490 --> 00:03:25,680
they're going to have different permission sets.

103
00:03:25,680 --> 00:03:27,420
Now, the great thing here with roles is

104
00:03:27,420 --> 00:03:29,940
that they're not limited to just people or just servers

105
00:03:29,940 --> 00:03:32,070
or just endpoints or just software.

106
00:03:32,070 --> 00:03:33,570
All of those can be roles.

107
00:03:33,570 --> 00:03:35,700
So while we have those other four categories,

108
00:03:35,700 --> 00:03:37,590
they can all be rolled down into roles

109
00:03:37,590 --> 00:03:40,410
as well if we configure ourself that way.

110
00:03:40,410 --> 00:03:41,730
Now, when you're dealing with roles,

111
00:03:41,730 --> 00:03:43,890
a lot of times we're going to do this inside of Windows

112
00:03:43,890 --> 00:03:45,690
by assigning people to different groups

113
00:03:45,690 --> 00:03:47,340
and then give those groups permissions.

114
00:03:47,340 --> 00:03:49,020
So just keep that in mind when we talk about roles,

115
00:03:49,020 --> 00:03:51,330
that's usually the way things are going to be done.

116
00:03:51,330 --> 00:03:52,891
Now, when we talk about IAM tasks,

117
00:03:52,891 --> 00:03:55,590
there's lots of different tasks that the system is going to do.

118
00:03:55,590 --> 00:03:58,680
Your IAM system is going to contain technical components like

119
00:03:58,680 --> 00:04:00,367
directory services and repositories,

120
00:04:00,367 --> 00:04:02,130
access management tools,

121
00:04:02,130 --> 00:04:03,630
and systems that are going to do auditing

122
00:04:03,630 --> 00:04:06,330
and reporting on ID management capabilities.

123
00:04:06,330 --> 00:04:08,790
All of these things contain tasks that need to be done

124
00:04:08,790 --> 00:04:11,580
for an IAM system to function properly.

125
00:04:11,580 --> 00:04:12,413
Now, in addition to that,

126
00:04:12,413 --> 00:04:13,246
a lot of different things

127
00:04:13,246 --> 00:04:14,820
that might happen as part

128
00:04:14,820 --> 00:04:17,220
of the IAM system is things like creating

129
00:04:17,220 --> 00:04:18,690
and deprovisioning accounts.

130
00:04:18,690 --> 00:04:21,420
So if I'm going to create a new user, that's a creation

131
00:04:21,420 --> 00:04:22,920
or provisioning of an account.

132
00:04:22,920 --> 00:04:24,690
If I'm going to disable or delete a user,

133
00:04:24,690 --> 00:04:26,190
that's deprovisioning.

134
00:04:26,190 --> 00:04:27,600
When we talk about managing accounts,

135
00:04:27,600 --> 00:04:29,880
this includes things like resetting somebody's passwords,

136
00:04:29,880 --> 00:04:31,350
updating their digital certificates,

137
00:04:31,350 --> 00:04:33,450
managing their permissions and their authorizations,

138
00:04:33,450 --> 00:04:35,040
and other things of that nature.

139
00:04:35,040 --> 00:04:36,390
When I talk about auditing accounts,

140
00:04:36,390 --> 00:04:38,250
this is when I start looking at the activity that

141
00:04:38,250 --> 00:04:40,440
that account has done through the different logs

142
00:04:40,440 --> 00:04:42,690
and figure out was that legitimate or not?

143
00:04:42,690 --> 00:04:43,770
This is a big function

144
00:04:43,770 --> 00:04:45,780
inside the cybersecurity analyst role.

145
00:04:45,780 --> 00:04:48,150
You're going to do a lot of account auditing as you go

146
00:04:48,150 --> 00:04:49,080
through those systems,

147
00:04:49,080 --> 00:04:50,160
and this is going to be a big part

148
00:04:50,160 --> 00:04:51,900
of your IAM management.

149
00:04:51,900 --> 00:04:53,730
Another thing we're going to do is evaluate

150
00:04:53,730 --> 00:04:55,230
identity based threats.

151
00:04:55,230 --> 00:04:56,700
Now, what this means is we're going to do a lot

152
00:04:56,700 --> 00:04:58,500
of different things to identify any threats

153
00:04:58,500 --> 00:05:01,050
as a cybersecurity analyst to our IAM systems.

154
00:05:01,050 --> 00:05:03,780
For instance, you might run password checks across your

155
00:05:03,780 --> 00:05:05,820
network to see if there's any weak passwords.

156
00:05:05,820 --> 00:05:07,110
That is evaluating the security

157
00:05:07,110 --> 00:05:08,760
of your identity based threats.

158
00:05:08,760 --> 00:05:10,530
You want to make sure those passwords are strong,

159
00:05:10,530 --> 00:05:12,750
and so an attacker can't break into them.

160
00:05:12,750 --> 00:05:15,210
And the last thing we do is we want to maintain compliance,

161
00:05:15,210 --> 00:05:16,170
and to maintain compliance,

162
00:05:16,170 --> 00:05:18,120
we're going to go through checks and balances,

163
00:05:18,120 --> 00:05:19,260
we're going to go through audits,

164
00:05:19,260 --> 00:05:20,760
and we're going to make sure that we're meeting

165
00:05:20,760 --> 00:05:21,930
the requirements that we have set up

166
00:05:21,930 --> 00:05:23,910
for our system to run securely.

167
00:05:23,910 --> 00:05:25,440
And in the final part of this lesson,

168
00:05:25,440 --> 00:05:26,940
I want to talk about risk.

169
00:05:26,940 --> 00:05:29,490
What risks exist within IAM?

170
00:05:29,490 --> 00:05:31,740
Well, the biggest risk is really the risk caused

171
00:05:31,740 --> 00:05:32,910
by our accounts,

172
00:05:32,910 --> 00:05:34,050
and there are three main types

173
00:05:34,050 --> 00:05:35,670
of accounts that we're going to cover.

174
00:05:35,670 --> 00:05:36,750
There are user accounts,

175
00:05:36,750 --> 00:05:38,010
and these are your standard accounts

176
00:05:38,010 --> 00:05:39,870
that all your users are going to have.

177
00:05:39,870 --> 00:05:41,520
Now, these are the least risky for us

178
00:05:41,520 --> 00:05:43,770
because they just have basic user permissions,

179
00:05:43,770 --> 00:05:45,540
but they are still a risk.

180
00:05:45,540 --> 00:05:46,560
The second type of account

181
00:05:46,560 --> 00:05:47,940
we have are privileged accounts,

182
00:05:47,940 --> 00:05:49,740
and this is even more risky.

183
00:05:49,740 --> 00:05:50,880
The reason it's more risky is

184
00:05:50,880 --> 00:05:52,440
because this type of account has more

185
00:05:52,440 --> 00:05:54,480
permissions. As a privileged account,

186
00:05:54,480 --> 00:05:55,620
this is an administrator,

187
00:05:55,620 --> 00:05:57,510
a root user, or a superuser.

188
00:05:57,510 --> 00:05:59,460
And so they have permission to install software

189
00:05:59,460 --> 00:06:00,990
and uninstall software,

190
00:06:00,990 --> 00:06:02,599
and they can change passwords on other users,

191
00:06:02,599 --> 00:06:04,440
and they can create new accounts

192
00:06:04,440 --> 00:06:05,910
and do all sorts of things,

193
00:06:05,910 --> 00:06:07,860
making it a much more risky area.

194
00:06:07,860 --> 00:06:09,990
So it's an area you want to have additional auditing

195
00:06:09,990 --> 00:06:11,460
and additional compliance checks

196
00:06:11,460 --> 00:06:13,380
to make sure those accounts are safe.

197
00:06:13,380 --> 00:06:15,540
And finally, we have shared accounts.

198
00:06:15,540 --> 00:06:18,300
Now, shared accounts are typically used in small office

199
00:06:18,300 --> 00:06:19,830
home office environments.

200
00:06:19,830 --> 00:06:22,560
You may have one count that everybody uses to log in

201
00:06:22,560 --> 00:06:24,570
to do some certain function.

202
00:06:24,570 --> 00:06:26,190
Now, this is a really dangerous practice

203
00:06:26,190 --> 00:06:28,500
because everybody has that shared password,

204
00:06:28,500 --> 00:06:30,000
and so you lose the ability to audit

205
00:06:30,000 --> 00:06:31,560
who actually did something

206
00:06:31,560 --> 00:06:33,480
because everybody's logging in as that user.

207
00:06:33,480 --> 00:06:34,530
I can't just go to the logs

208
00:06:34,530 --> 00:06:36,487
and say, "Ah, the shared account was on

209
00:06:36,487 --> 00:06:37,627
this system at this time.

210
00:06:37,627 --> 00:06:38,580
They must have done it."

211
00:06:38,580 --> 00:06:39,839
Well, who was the shared account?

212
00:06:39,839 --> 00:06:41,850
It could have been any of 10 different employees.

213
00:06:41,850 --> 00:06:42,780
We don't know.

214
00:06:42,780 --> 00:06:43,620
And so this is another area

215
00:06:43,620 --> 00:06:44,670
that's very risky,

216
00:06:44,670 --> 00:06:46,560
so it's not recommended to use shared accounts.

217
00:06:46,560 --> 00:06:49,350
Instead, you should have people using user accounts

218
00:06:49,350 --> 00:06:51,660
and put them into a role-based permissions group

219
00:06:51,660 --> 00:06:53,860
to allow them to do the functions they need.