when a biometric is scanned and allows access to someone who is not authorized that is called a
This is a topic that many people are looking for. https://granthamandira.org/ is a channel providing useful information about learning, life, digital marketing and online courses …. it will help you have an overview and solid multi-faceted knowledge . Today, https://granthamandira.org/ would like to introduce to you Identification, Authentication, and Authorization – CompTIA Security+ SY0-401: 5.2. Following along are instructions in the video below:
1 00:00:00,000 –> 00:00:02,140 Identification is the process of associating a user with something that has occurred on a server, on a network, or with some other resource. You need to know who accessed a particular file. You need to understand who just logged into a server. That is the process we call identification. This information is almost always logged. And theres usually a username or some type of very unique identifier assigned to that particular function. This identifier could be something like a name of a person– maybe their first name or their last name. In Windows, theres something called a Security Identifier, or a SID. And that is something that is assigned to every user on a device. And its something unique for every user on that device. We could use something like a smart card, or a certificate that we might carry with us, and that would certainly identify us uniquely. There could be also biometrics in use. Maybe we use something like a fingerprint, or a retina scan, to be able to identify us uniquely. Or certainly something like a verification card that has our picture and our personal information on
it. That may be something that we provide to an end user, or to a third party, that does indeed say that we are identified as this particular person. Its not enough to say that youre a particular user or have a label associated with yourself. You also have to prove that you are that person. And that is the process of authentication. The authentication process means that youre going through some extra steps to prove you are who you say you are. We cant just take at face value that you happen to be that user. We need some other type of proof to be made available. This proof would commonly be something like the combination of a username and a secret password or passphrase. That combination of things together would help prove that you are who you say you are because no one else has that combination of information. But you might also want to add additional authentication types to that. Maybe we do provide biometric information, or provide a pseudo random key generation that is something that you have to have with you when youre authenticating to these resources. Once you have
to these resources, and we believe we have identified you successfully, now we have to provide you with authorization. This is the step that defines what rights and permissions you have to these particular resources. We need to define this as, perhaps, your name of the user. Perhaps you belong to a certain group of users and therefore you have certain rights and permissions available. Ultimately, its access to the resources that is the important part. And these resources may be files, or directories on a file server, or it may be what you can access on the intranet of your network. This is all defined by these rights and permissions that were assigning based on your authorization to the network. There also needs to be a way to ensure that these policies are enforced. Now that we know who you are, and youve authenticated to the network, we need to make sure the authorization will provide the limits and the access that you need, based on who you are. This is usually something that might be defined in policies in a firewall, or an access control list on a file server. 79 00:03:20,390 –> 00:03:21,269
tags:
security+, certification, comptia, free, james messer, professor messer, security, identification, authentication, authorization
Thank you for watching all the articles on the topic Identification, Authentication, and Authorization – CompTIA Security+ SY0-401: 5.2. All shares of https://granthamandira.org/ are very good. We hope you are satisfied with the article. For any questions, please leave a comment below. Hopefully you guys support our website even more.
