Identity concepts

https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/

Common identity attacks

  • Most common type of attack
  • Designed to steal user credentials resulting in identity theft

Password based attacks

  • Brute force is a common attack type where by the attacker simply tries multiple username and password combinations. Tools are often used to automate this attack. A dictionary of common passwords is also used.
  • Credential stuffing is where the attacker has a known working username and password from one system and they try the same credentials on other systems as it is common for users to use the same username and password for multiple systems.
  • Spray attacks is where the attacker will use the same password but lots of different user accounts. Helps to avoid being locked out due to too many incorrect passwords.

Phishing

  • Attacker sends an email to multiple people appearing to come from a reputable source
  • Normally asking them to reset their password or to logon to a system to verify their accounts details
  • The system they are asked to logon to is not real but once the user enters the data it is known to the attacker
  • Attacker only needs one of the multiple people to be fooled to gain access

Spear phishing

  • Similar to phishing but the email can be highly targeted and specific based on investigative work done beforehand by the attacker to help fool the recipient into believing it
  • The attack could also target higher value targets instead of the general user group, so leadership, financial and IT staff who typically have higher access to systems

Two types of risk

User risk; probability that a given account is compromised

Sign-in risk; probability that a given sign-in attempt is not from the authorized user

Identity as the primary security perimeter

  • Users need to collaborate with 3rd parties across organizational resources from multiple devices

  • Increase in users working from home rather than the workplace

  • Because of this the traditional security perimeter is no longer an effective defense

  • The modern security perimeter now needs to secure for example

    • SaaS applications hosted by 3rd parties
    • A personal device (BYOD) used by the user to access enterprise systems
    • Another companies device used by a partner to access the enterprise systems
    • IoT devices

Identity is now becoming the security measure by which the enterprise can secure their systems.

Four pillars of identity

  • Administration

    • Creation/governance of identities
    • Manage change
  • Authentication

    • How trusted does the identity need?
    • What is an acceptable level of proof
  • Authorization

    • Determine the level of access
  • Auditing

    • Tracking who does what, when, where and how

Modern authentication and IdP

Modern authentication covers authentication and authorization between a device and the application. The IdP plays a central role. The IDP creates, maintains and manages identities whilst also offering authentication, authorization and auditing.

  1. A client communicates with an IdP and authenticates to it
  2. In return the IdP passes a security token to the client that contains various claims
  3. The client then offers up the security token to the service it wants to authenticate to.
  4. The service reads the token and checks it is valid for use as an access token. It either implicitly trusts the issuing IdP or it sends the token to the IdP to get it checked.

Single sign-on (SSO) this means the user signs on once and can then access multiple systems.

Federated services

  • Enables access to systems beyond an enterprise boundary
  • Established trust relationships between partners IdP systems
  • User only needs their enterprise credentials to access a 3rd parties system
  • Trust does not need to be bi-directional

Directory services and active directory

  • A directory is a hierarchical structure that stores data about objects on the network

  • A directory service stores directory data and provides access to the data

  • Active Directory is a set of directory services

  • First introduced by Microsoft in Windows 2000

  • This is traditionally an on-premises service that runs from a Windows server known as a domain controller

  • It does not support SaaS or modern authentication

  • Azure Active Directory is the evolutionary change that does support SaaS and modern authentication

Last modified July 21, 2024: update (e2ae86c)