1.1 Explain the importance of system and network architecture concepts in
security operations.
📘CompTIA CySA+ (CS0-003)
Identity and Access Management (IAM) is the process and technology used to control who can access your systems, applications, and data. In security operations, IAM is critical because unauthorized access is a major security risk. If a hacker gets access to accounts with high privileges, they can do a lot of damage.
IAM involves verifying identities (authentication) and controlling what they can do (authorization).
Let’s go through the main IAM components listed:
1. Multifactor Authentication (MFA)
Definition: MFA requires users to provide two or more proofs of identity before accessing a system.
Proofs can be:
- Something you know: password, PIN
- Something you have: security token, smartphone app (e.g., Google Authenticator)
- Something you are: biometrics like fingerprint or facial recognition
Importance:
- Adds a strong layer of security.
- Even if a password is stolen, the hacker can’t access the account without the second factor.
Example in IT:
- Logging into a corporate VPN might require a password and a one-time code sent to a smartphone app.
2. Single Sign-On (SSO)
Definition: SSO allows users to log in once and access multiple systems or applications without re-entering credentials each time.
Importance:
- Improves user convenience and productivity.
- Reduces password fatigue (fewer passwords to remember → less chance of weak passwords).
- Centralizes authentication, making it easier for IT to manage and monitor access.
Example in IT:
- An employee logs into their Windows domain account and can then access email, SharePoint, and internal apps automatically.
3. Federation
Definition: Federation connects multiple organizations or systems so that users from one organization can access another organization’s resources without creating new accounts.
Importance:
- Reduces the need to manage separate credentials for multiple systems.
- Relies on trust relationships between organizations (e.g., using SAML or OAuth standards).
Example in IT:
- A contractor from Company A needs access to Company B’s internal dashboard. Federation allows them to use their Company A login to access Company B systems safely.
4. Privileged Access Management (PAM)
Definition: PAM controls access to accounts with elevated privileges (admin accounts, root accounts, service accounts).
Importance:
- Privileged accounts have the power to change system settings, install software, and access sensitive data.
- PAM reduces risk by:
- Limiting time that admin accounts are active
- Requiring approval for critical actions
- Monitoring all actions performed by privileged accounts
Example in IT:
- An IT admin wants to update a database server. PAM requires them to check out temporary access credentials, which are logged and expire automatically after use.
5. Passwordless Authentication
Definition: Passwordless authentication lets users log in without entering a password. Instead, it relies on biometrics, hardware tokens, or certificates.
Importance:
- Eliminates the risk of password theft or brute-force attacks.
- Improves convenience for users.
Example in IT:
- An employee logs into a cloud application using a fingerprint scan on their laptop instead of typing a password.
6. Cloud Access Security Broker (CASB)
Definition: A CASB is a security solution that sits between users and cloud services to enforce security policies.
Importance:
- Helps monitor and control cloud application usage.
- Ensures compliance and prevents data leaks.
- Can enforce MFA, encryption, or block risky actions in real-time.
Example in IT:
- Employees use a cloud file-sharing service like OneDrive. CASB monitors file downloads, blocks sensitive data from being shared externally, and ensures MFA is applied for login.
Summary Table
| Concept | Key Purpose | How It Helps Security | IT Example |
|---|---|---|---|
| MFA | Multiple identity factors | Prevents unauthorized access | VPN login with password + OTP |
| SSO | One login for multiple systems | Simplifies access, centralizes control | Windows login → email + apps |
| Federation | Cross-organization login | Reduces extra accounts, allows trusted access | Contractor accesses partner dashboard |
| PAM | Manage privileged accounts | Limits high-risk access, logs actions | Temporary admin access to server |
| Passwordless | Login without passwords | Eliminates password attacks | Fingerprint scan to access cloud app |
| CASB | Control cloud app usage | Monitors, enforces security, prevents leaks | Block sharing of sensitive files externally |
✅ Key Exam Takeaways:
- IAM is about who can access what and how they prove their identity.
- MFA and Passwordless focus on authentication.
- SSO and Federation focus on convenience and cross-system access.
- PAM focuses on protecting high-risk accounts.
- CASB focuses on securing cloud access.
