WEBVTT 1 00:00:00.120 --> 00:00:01.470 In this lesson, 2 00:00:01.470 --> 00:00:04.650 we will learn about management frameworks. 3 00:00:04.650 --> 00:00:07.170 Management frameworks in the context 4 00:00:07.170 --> 00:00:10.590 of troubleshooting identity and access management 5 00:00:10.590 --> 00:00:13.470 are how identities and access controls 6 00:00:13.470 --> 00:00:16.800 are managed, monitored, and maintained 7 00:00:16.800 --> 00:00:19.170 within an organization. 8 00:00:19.170 --> 00:00:23.760 Management framework concepts include identity proofing 9 00:00:23.760 --> 00:00:26.820 as well as privileged identity management. 10 00:00:26.820 --> 00:00:31.710 So authentication and authorization are core processes 11 00:00:31.710 --> 00:00:35.820 where authentication verifies a user identity 12 00:00:35.820 --> 00:00:38.070 and authorization determines 13 00:00:38.070 --> 00:00:41.220 what resources the user can access. 14 00:00:41.220 --> 00:00:44.190 Identity proofing is then the process 15 00:00:44.190 --> 00:00:48.990 of verifying an individual's claimed identity is accurate. 16 00:00:48.990 --> 00:00:51.570 Identity proofing is typically done 17 00:00:51.570 --> 00:00:55.230 during the initial setup of user accounts. 18 00:00:55.230 --> 00:00:58.980 Next, privileged identity management focuses 19 00:00:58.980 --> 00:01:01.470 on managing and controlling access 20 00:01:01.470 --> 00:01:04.320 to critical systems and information 21 00:01:04.320 --> 00:01:08.430 by granting elevated permissions only when necessary. 22 00:01:08.430 --> 00:01:12.930 It also involves closely monitoring privileged accounts. 23 00:01:12.930 --> 00:01:15.660 Let's learn more about identity proofing 24 00:01:15.660 --> 00:01:18.210 and privileged identity management. 25 00:01:18.210 --> 00:01:21.630 First, we have identity proofing. 26 00:01:21.630 --> 00:01:24.870 Identity proofing is all about confirming 27 00:01:24.870 --> 00:01:26.640 a person's identity 28 00:01:26.640 --> 00:01:29.520 by asking for additional proof. 29 00:01:29.520 --> 00:01:33.960 This can happen when someone first joins an organization 30 00:01:33.960 --> 00:01:36.690 or during a password reset. 31 00:01:36.690 --> 00:01:40.050 For example, if you forget your password, 32 00:01:40.050 --> 00:01:43.170 you might be asked to answer some security questions, 33 00:01:43.170 --> 00:01:45.510 like where you went to high school 34 00:01:45.510 --> 00:01:47.940 or the name of your first pet. 35 00:01:47.940 --> 00:01:51.630 The assumption is that only you know these details. 36 00:01:51.630 --> 00:01:56.010 However, this method is not always secure. 37 00:01:56.010 --> 00:01:57.930 A well-known example of this 38 00:01:57.930 --> 00:02:02.880 is Sarah Palin's Yahoo email hack in 2008 39 00:02:02.880 --> 00:02:06.630 where the hacker correctly answered her security questions 40 00:02:06.630 --> 00:02:09.540 using publicly available information. 41 00:02:09.540 --> 00:02:11.940 So to enhance security, 42 00:02:11.940 --> 00:02:15.660 experts suggest using an alternative persona 43 00:02:15.660 --> 00:02:17.670 when answering these questions, 44 00:02:17.670 --> 00:02:19.830 providing answers that are unique 45 00:02:19.830 --> 00:02:23.010 and not easily guessed or found online. 46 00:02:23.010 --> 00:02:25.980 For example, you might answer Argentina 47 00:02:25.980 --> 00:02:29.670 when asked where you were born, even if that's not true. 48 00:02:29.670 --> 00:02:31.530 In larger organizations, 49 00:02:31.530 --> 00:02:35.700 identity proofing often requires presenting documentation, 50 00:02:35.700 --> 00:02:38.610 such as a photo ID or passport, 51 00:02:38.610 --> 00:02:43.350 either during onboarding or when resetting a password. 52 00:02:43.350 --> 00:02:45.870 Some companies require employees 53 00:02:45.870 --> 00:02:49.830 to visit the IT service desk with identification 54 00:02:49.830 --> 00:02:53.820 to verify their identity before making changes. 55 00:02:53.820 --> 00:02:56.790 This approach offers higher security, 56 00:02:56.790 --> 00:02:59.310 but can slow down operations, 57 00:02:59.310 --> 00:03:03.090 so organizations must consider the trade-off. 58 00:03:03.090 --> 00:03:07.740 In any case, once a user's identity is verified, 59 00:03:07.740 --> 00:03:09.870 it is passed to the other systems 60 00:03:09.870 --> 00:03:13.710 through a process called identity propagation. 61 00:03:13.710 --> 00:03:16.860 This means the verified identity is shared 62 00:03:16.860 --> 00:03:21.860 across servers, devices, and resources within the network. 63 00:03:22.320 --> 00:03:25.860 If a system handles its own authentication, 64 00:03:25.860 --> 00:03:28.200 only the identity is passed. 65 00:03:28.200 --> 00:03:29.760 With single sign-on, 66 00:03:29.760 --> 00:03:33.660 both the identity and authentication details are transferred 67 00:03:33.660 --> 00:03:35.310 to other systems. 68 00:03:35.310 --> 00:03:38.370 Vendors use different methods for this. 69 00:03:38.370 --> 00:03:42.150 For example, Microsoft Active Directory 70 00:03:42.150 --> 00:03:44.850 uses the Kerberos ticketing system 71 00:03:44.850 --> 00:03:49.560 to manage identity and authentication across its services. 72 00:03:49.560 --> 00:03:51.810 When these proprietary systems 73 00:03:51.810 --> 00:03:55.440 need to work with other third-party applications, 74 00:03:55.440 --> 00:03:59.640 a centralized identity and authentication translation system 75 00:03:59.640 --> 00:04:01.320 may be required. 76 00:04:01.320 --> 00:04:03.330 This centralized identity 77 00:04:03.330 --> 00:04:06.450 and authentication translation system 78 00:04:06.450 --> 00:04:09.780 might handle different authentication methods, 79 00:04:09.780 --> 00:04:14.780 like Microsoft tickets, single sign-on, or XML tokens. 80 00:04:15.330 --> 00:04:19.470 Depending on the method used for identity propagation, 81 00:04:19.470 --> 00:04:23.910 it might also send user credentials across the network. 82 00:04:23.910 --> 00:04:25.050 For instance, 83 00:04:25.050 --> 00:04:29.477 the Credential Security Support Provider protocol or CredSSP 84 00:04:30.600 --> 00:04:34.470 allows the transmission of full user credentials. 85 00:04:34.470 --> 00:04:37.990 But it's important to ensure that protocols like CredSSP 86 00:04:39.210 --> 00:04:42.660 operate over secure, encrypted connections, 87 00:04:42.660 --> 00:04:44.910 such as Secure Sockets Layer 88 00:04:44.910 --> 00:04:47.220 or Transport Layer Security, 89 00:04:47.220 --> 00:04:49.650 to protect the sensitive information 90 00:04:49.650 --> 00:04:52.110 from unauthorized access. 91 00:04:52.110 --> 00:04:56.010 Second, we have privileged identity management. 92 00:04:56.010 --> 00:05:00.750 Privileged identity management or PIM is a security approach 93 00:05:00.750 --> 00:05:04.110 that focuses on managing and controlling access 94 00:05:04.110 --> 00:05:07.680 to critical systems and sensitive information. 95 00:05:07.680 --> 00:05:11.280 It does this by granting elevated permissions 96 00:05:11.280 --> 00:05:13.770 only when they are necessary. 97 00:05:13.770 --> 00:05:18.270 In other words, it allows users like IT administrators 98 00:05:18.270 --> 00:05:22.140 to have just enough access to perform their jobs 99 00:05:22.140 --> 00:05:25.470 without permanently using high-level privileges 100 00:05:25.470 --> 00:05:27.780 that could pose a security risk. 101 00:05:27.780 --> 00:05:29.610 To better understand this, 102 00:05:29.610 --> 00:05:33.780 imagine an IT administrator in an organization 103 00:05:33.780 --> 00:05:37.770 needs to perform a task that requires special access, 104 00:05:37.770 --> 00:05:42.240 such as updating a server or changing security settings. 105 00:05:42.240 --> 00:05:46.230 Instead of always having these powerful permissions enabled, 106 00:05:46.230 --> 00:05:50.520 the administrator requests temporary elevated access 107 00:05:50.520 --> 00:05:53.010 through privileged identity management. 108 00:05:53.010 --> 00:05:55.830 Then their elevated access is granted 109 00:05:55.830 --> 00:06:00.300 only for the duration that they need to complete their task. 110 00:06:00.300 --> 00:06:02.190 Once the task is finished, 111 00:06:02.190 --> 00:06:05.160 their elevated permissions are removed, 112 00:06:05.160 --> 00:06:09.630 reducing the risk of misuse or accidental errors. 113 00:06:09.630 --> 00:06:12.630 Privileged identity management also involves 114 00:06:12.630 --> 00:06:15.360 closely monitoring privileged accounts 115 00:06:15.360 --> 00:06:17.910 to ensure they are used correctly. 116 00:06:17.910 --> 00:06:22.620 Each time a user with elevated access performs an action, 117 00:06:22.620 --> 00:06:24.990 it is logged and tracked. 118 00:06:24.990 --> 00:06:28.920 For example, if an administrator makes changes 119 00:06:28.920 --> 00:06:30.630 to a critical system, 120 00:06:30.630 --> 00:06:32.640 those actions are recorded, 121 00:06:32.640 --> 00:06:35.010 creating an audit trail. 122 00:06:35.010 --> 00:06:39.270 This helps the organization detect unusual behavior, 123 00:06:39.270 --> 00:06:42.090 such as unauthorized changes, 124 00:06:42.090 --> 00:06:46.410 and then to respond quickly if something goes wrong. 125 00:06:46.410 --> 00:06:51.330 So by only granting elevated access and permissions 126 00:06:51.330 --> 00:06:53.940 when it is absolutely necessary 127 00:06:53.940 --> 00:06:57.390 and then monitoring the use of those permissions, 128 00:06:57.390 --> 00:07:00.510 privileged identity management reduces the risk 129 00:07:00.510 --> 00:07:02.310 of internal threats 130 00:07:02.310 --> 00:07:07.050 and protects the organization's most important resources. 131 00:07:07.050 --> 00:07:10.110 Privileged identity management also ensures 132 00:07:10.110 --> 00:07:13.650 that high-level permissions are not misused 133 00:07:13.650 --> 00:07:16.530 and that those with access are accountable 134 00:07:16.530 --> 00:07:18.420 for their actions. 135 00:07:18.420 --> 00:07:21.990 So, remember, management frameworks 136 00:07:21.990 --> 00:07:25.410 in identity and access management are essential 137 00:07:25.410 --> 00:07:28.830 for managing, monitoring, and maintaining 138 00:07:28.830 --> 00:07:32.280 how identities and access controls function 139 00:07:32.280 --> 00:07:34.830 within an organization. 140 00:07:34.830 --> 00:07:38.580 Core components include authentication, 141 00:07:38.580 --> 00:07:41.400 which verifies a user's identity, 142 00:07:41.400 --> 00:07:44.160 and authorization, which determines 143 00:07:44.160 --> 00:07:47.310 what resources a user can access. 144 00:07:47.310 --> 00:07:50.970 Next, identity proofing then ensures 145 00:07:50.970 --> 00:07:54.660 that a person's claimed identity is accurate, 146 00:07:54.660 --> 00:07:58.110 often done when setting up new user accounts 147 00:07:58.110 --> 00:08:00.570 or resetting passwords. 148 00:08:00.570 --> 00:08:05.130 Finally, privileged identity management or PIM 149 00:08:05.130 --> 00:08:09.060 manages and controls access to critical systems 150 00:08:09.060 --> 00:08:13.320 by granting elevated permissions only when necessary 151 00:08:13.320 --> 00:08:16.380 and closely monitoring privileged accounts. 152 00:08:16.380 --> 00:08:20.760 These management frameworks help protect sensitive data 153 00:08:20.760 --> 00:08:24.870 and ensure that high-level access is used appropriately 154 00:08:24.870 --> 00:08:28.203 and securely throughout the enterprise.