New Video from @JonGoodCyber Explores Identity and Access Management (IAM)

In this video, JonGoodCyber delves into the concept of Identity and Access Management (IAM), a crucial element for the security of systems and resources. He begins by explaining the IAAA model, which includes identification, authentication, authorization, and auditing. Identification involves providing a username, authentication involves providing a password, authorization involves granting permissions based on the user's account, and auditing involves recording all user actions. JonGoodCyber then reviews various authentication options, emphasizing that passwords are not the only method available. He introduces the concept of Multi-Factor Authentication (MFA), which combines several authentication methods to enhance security. Although common, passwords are the least secure. To secure them, it is recommended to use complex and long passwords, enforce their expiration, limit their reuse, and use password managers. The video then discusses physical devices for authentication, such as smart cards, USB tokens, and hardware keys. These devices add a layer of security by requiring physical possession. Software tokens, like Google Authenticator and Duo, work similarly but through software applications. SMS authentication is also mentioned as a simple and practical method. Biometrics is another key topic discussed in the video. Biometric methods include fingerprint, vein, retina, iris, face, and voice recognition. JonGoodCyber explains key terms for evaluating the effectiveness of biometric systems, such as the false acceptance rate, false rejection rate, true acceptance rate, and true rejection rate. The crossover error rate (CER) is an important indicator of the accuracy of a biometric system. The video also explores other authentication factors, such as geolocation and touchscreen gestures. JonGoodCyber discusses account management throughout their lifecycle, from creation to deactivation, and the different types of accounts, such as normal user accounts, administrator accounts, service accounts, and device accounts. Finally, the video covers best practices for managing credentials, including using separate accounts for administrative tasks, avoiding shared accounts, disabling default accounts, and conducting regular audits to prevent privilege creep. JonGoodCyber emphasizes the importance of centralizing account management and ensuring that credentials are encrypted. In conclusion, the video presents several secure authentication services, such as Single Sign-On (SSO), identity federation, Kerberos, SAML, OAuth, and OpenID Connect. These services enable secure and efficient authentication in various environments. To learn more, watch the full video here: https://www.youtube.com/watch?v=oFn_rEQiu_M