4.1 Explain the importance of basic network security concepts
Logical Security
📘CompTIA Network+ (N10-009)
IAM is all about making sure the right people have the right access to the right resources in a network or IT system. It’s crucial for network security because it prevents unauthorized users from accessing sensitive information.
IAM has two main parts:
- Authentication – verifying who a user is.
- Authorization – determining what a user is allowed to do.
1. Authentication
Authentication is the process of verifying identity. It asks: “Are you really who you say you are?”
There are several types and methods of authentication in IT:
A. Multi-Factor Authentication (MFA)
- Definition: MFA requires a user to provide two or more types of verification to access a system.
- Factors:
- Something you know (password, PIN)
- Something you have (security token, smartphone app)
- Something you are (fingerprint, facial recognition)
- Use in IT: When logging into a corporate VPN, a user might enter a password (something you know) and then a code from an authenticator app (something you have).
B. Single Sign-On (SSO)
- Definition: SSO lets users log in once and access multiple systems without logging in again for each one.
- Benefit: Reduces password fatigue and increases security.
- Example in IT: A user logs into their corporate Microsoft 365 account and automatically gains access to SharePoint, Teams, and Outlook without entering the password again.
C. RADIUS (Remote Authentication Dial-In User Service)
- Definition: RADIUS is a protocol that authenticates and authorizes remote users and tracks their network usage.
- How it works: When a user tries to connect to a VPN, the VPN server sends credentials to a RADIUS server, which checks if the user is allowed to connect.
- Example: Corporate Wi-Fi requiring username and password authentication uses RADIUS to verify access.
D. LDAP (Lightweight Directory Access Protocol)
- Definition: LDAP is used to look up users and permissions in a directory database.
- Use in IT: Companies store all user accounts in a directory (like Active Directory). Applications can check LDAP to see if a user exists and what they can access.
- Example: Logging into an internal portal checks LDAP to validate username and password.
E. SAML (Security Assertion Markup Language)
- Definition: SAML is a standard for exchanging authentication and authorization data between systems.
- Use in IT: SAML is used in SSO scenarios, allowing one system (Identity Provider) to tell another system (Service Provider) that a user is authenticated.
- Example: Logging into a third-party SaaS app like Salesforce via corporate credentials uses SAML to verify identity.
F. TACACS+ (Terminal Access Controller Access Control System Plus)
- Definition: TACACS+ is a protocol used for network device authentication, authorization, and accounting (AAA).
- Use in IT: Often used by network admins to control who can configure routers or switches.
- Example: Admins must authenticate via TACACS+ before making configuration changes on a Cisco router.
G. Time-Based Authentication
- Definition: Access is granted or codes are valid only for a limited time.
- Use in IT: Often used in MFA tokens or one-time password (OTP) systems.
- Example: A code generated by Google Authenticator expires in 30 seconds, so it cannot be reused by an attacker.
2. Authorization
Once a user is authenticated, authorization determines what resources they can access and what actions they can perform.
A. Principle of Least Privilege
- Definition: Users are given only the minimum access needed to perform their tasks.
- Use in IT:
- A junior IT staff member may only read network logs but cannot modify configurations.
- Reduces risk of accidental or malicious changes.
B. Role-Based Access Control (RBAC)
- Definition: Access rights are assigned based on roles, not individuals.
- Use in IT:
- A “Finance” role might have access to financial applications.
- An “HR” role can access personnel data.
- Benefit: Easier to manage access as employees change roles.
Key Exam Tips
- Authentication vs Authorization:
- Authentication = who you are
- Authorization = what you can do
- MFA is stronger than a single password because it combines multiple factors.
- SSO simplifies user experience but still requires secure authentication methods like MFA.
- RADIUS vs TACACS+: Both handle authentication, but TACACS+ can also handle authorization and logging separately, making it preferred for network device management.
- LDAP and SAML are about sharing identity information between systems.
- Least privilege and RBAC are essential for minimizing risk and managing large organizations.
✅ Summary Table for Quick Exam Reference
| Concept | Purpose | Example in IT |
|---|---|---|
| MFA | Stronger authentication | Password + Authenticator code for VPN |
| SSO | Single login for multiple apps | Microsoft 365 access to Teams & SharePoint |
| RADIUS | Remote user authentication | Wi-Fi login verification |
| LDAP | Directory lookup | Active Directory user check |
| SAML | SSO token exchange | Logging into Salesforce via corporate login |
| TACACS+ | Network device AAA | Cisco router admin login |
| Time-based auth | Limited-time access | OTP that expires in 30 sec |
| Least Privilege | Minimal required access | Junior staff can read but not modify logs |
| RBAC | Access based on role | Finance role accesses accounting software |
