In the vast and noisy digital universe we live in, managing online identities and all aspects related to digital privacy has become (pun not intended…) essential.
While the approach might not be immediately straightforward, and kind of scary for non-experts, we will try to explore in detail important concepts such as digital identities, authentication, authorization, and password management… also going through an understanding of tools and best practices, trying to touch on the points that generate the most interest and require more attention in such sensitive areas.
In other words, we will address those aspects of our digital life that are covered by the Linux Professional Institute (LPI) Security Essentials Exam (020) objectives.
Digital Identity
What do we mean by digital identity?
Let’s start with understanding what identity means online. Each online individual is characterized by a unique set of information. This identity includes data such as name, email address, phone numbers, and other personal information that identifies a user in the digital world. We can consider this online identity as a virtual representation of an individual’s real identity… therefore, one’s digital identity is a unique key to access all public services and the services of private companies that intend to use this widespread recognition system.
Among these concepts we can include some social networking tools that can also be used for the aforementioned purposes, to strengthen the concept of this “new identity” that has been virtualized on the web.
Now let’s list some absolutely fundamental points about how to behave correctly without risking all our important activities.
Authentication, Authorization, and Accounting
To ensure the security of digital identities, it is crucial to understand these concepts:
◉ Authentication verifies a user’s identity.
◉ Authorization controls access to resources based on assigned permissions.
◉ Accounting documents and stores user information, particularly about attempts to access resources.
A fundamental aspect of identity management is access control, namely the ability to control who has access to the network, what they can do, and what services they can use after logging in.
Often going by the abbrevation AAA, the concepts of authentication, authorization, and accounting refer to a framework through which access to the network or the resources concerned can be configured. Authentication identifies users through methods such as logging in with a password or smart card. Authorization provides access control based on the profile with which the user authenticated, and is based on a set of attributes that describe the rules associated with that particular user. Accounting, finally, tracks a user’s activities, such as the services used and network resources consumed.
Often, administrators want users who belong to a certain organization to have access to services of other structures that are part of a common federation. For instance, a business might be federated with another company that handles payroll. To enable a federation, organizations must share mechanisms for exchanging user information and for managing access to federated resources.
The term federation, therefore, means an arrangement between organizations and resource providers that specifies a mutual trust agreement, as well as the information they exchange in the processes of authentication and authorization, based on rules that manage these trust relationships.
The main task of the federation is to keep all the resources in the federated organizations available to the different users who are part of them. Access management at the federation level means managing identities and accesses among a set of organizations.
Secure Passwords
Passwords represent one of the key elements of online security. A secure password must have characteristics such as sufficient length, the use of special characters, high complexity, and regular, frequent replacement. Understanding these characteristics is essential to protect online accounts. To maintain a high level of entropy of the passwords used, it is recommended to use a length greater than 8 characters, not to use more than 2 identical consecutive characters, and to avoid names of things or known names, preferring instead a set of entirely random alphanumeric characters. It is recommended to change passwords every 3 months and never to use the same password for different services or online accounts.
Use of a Password Manager
A fundamental step towards password security is the use of a password manager. These tools generate, store, and manage complex combinations of passwords for various online accounts securely and simply, significantly simplifying the management of digital identities. A well-known example is KeePass, a password management tool under the GNU GPL license.
Multi-Factor Authentication (MFA) and Single Sign-On (SSO)
The concepts of two-factor and multi-factor authentication (2FA and MFA) add an additional layer of security by requiring more than one form of verification, typically added to the classic login with username and password. Single sign-on (SSO) allows access to multiple services with a single authentication that is considered valid and is trusted.
Online Transaction Security
Everything we have seen previously helps us understand online transaction security, which includes safe practices for online banking, credit card management, access to public services that contain private personal information, online purchases on various platforms, and so on.
Awareness of possible threats and the practice of security measures can protect against fraud, unauthorized access, and other web threats. Safely navigating the digital world requires an in-depth understanding of concepts of digital identity, authentication, password security, and all other related aspects of protecting one’s online presence. By implementing the recommended practices and tools, it’s possible to protect one’s online presence and effectively face the challenges of digital security. Awareness is the key to a safe and responsible digital experience, for us and the entire community.
Source: lpi.org
0 comments:
Post a Comment