IAM Best Practices
This best practice recommends regularly reviewing and auditing IAM permissions to ensure they are still necessary.
What is the principle of continuous monitoring?
To mitigate the risk of unauthorized access, organizations should regularly educate employees about this aspect of access control.
What is Access Control Awareness Training?
In this attack technique, an attacker impersonates a legitimate user to gain access to their privileges.
What is "Identity Spoofing" or "Impersonation"?
This infamous access attack targeted a large credit reporting agency in 2017, exposing sensitive financial information of millions of individuals.
What is the "Equifax Data Breach"?
To prevent brute force attacks, systems often implement this mechanism, which temporarily locks out an account after multiple failed login attempts.
What is "Account Lockout"?
To improve security, it's recommended to enforce the use of strong and complex passwords and to regularly do this to ensure password strength.
What is password rotation or password policy enforcement?
This best practice involves regularly reviewing and updating access control policies and permissions.
What is Access Control Auditing?
This technique involves capturing and analyzing network traffic to discover vulnerabilities or sensitive information.
What is "Packet Sniffing"?
In this widely reported access attack, cybercriminals targeted a major email service provider in 2014, resulting in the compromise of millions of email accounts.
What is the "Yahoo Data Breach"?
This security measure verifies the integrity of software to prevent remote code execution attacks.
What is "Code Signing"?
This IAM best practice suggests using roles and groups to manage permissions instead of assigning permissions directly to individual users.
What is role-based access control (RBAC) or group-based access control?
This practice involves distributing network resources to limit lateral movement of attackers in case of a breach.
What is Network Segmentation?
In this attack technique, an attacker sends a flood of requests to overwhelm a system and make it unavailable to users.
What is a "Denial-of-Service" (DoS) attack?
This access attack involved hackers exploiting a vulnerability in a widely used web server software, affecting many websites in 2014.
What is the "Heartbleed" vulnerability?
To combat phishing attacks, users are often advised to check for this in the website's address bar to ensure it's legitimate.
What is "HTTPS" or a secure connection?
This AWS service provides a comprehensive view of your AWS resources and their permissions.
What is AWS Identity and Access Management (IAM) Access Analyzer?
This technology involves assigning digital certificates to users and devices to authenticate them within a network.
What is Public Key Infrastructure (PKI)?
This technique involves trying every possible combination of characters until the correct password is found.
What is a "Dictionary Attack"?
In this notable access attack, attackers used stolen credentials to breach a major social media platform in 2020, compromising high-profile accounts.
What is the "Twitter Bitcoin Scam"?
This access attack prevention technique involves regularly updating software and systems to patch known vulnerabilities.
What is "Vulnerability Patching"?
In IAM, this best practice advises against using long-lived access keys and encourages the use of these instead.
What are short-lived temporary security credentials?
To enhance security, it's recommended to implement these two access control principles, ensuring users only have the permissions they absolutely need.
What is the Principle of Least Privilege (PoLP) and Need to Know?
This technique involves sending malicious data to an application to exploit a vulnerability and gain unauthorized access.
What is "SQL Injection"?
This access attack, which took place in 2018, involved attackers gaining unauthorized access to a hotel reservation system, compromising guests' personal data.
What is the "Marriott International Data Breach"?
To protect against man-in-the-middle attacks, users can use this security protocol to ensure the confidentiality and integrity of their communications.
What is "SSL/TLS" (Secure Sockets Layer/Transport Layer Security)?