IAM Best Practices
Access Control
Best Practices
IAM Attack Techniques
Real-World Access Attacks
Access Attack Prevention
100

This best practice recommends regularly reviewing and auditing IAM permissions to ensure they are still necessary.

What is the principle of continuous monitoring?

100
Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....
What is Defense in Depth?
100

In this attack technique, an attacker impersonates a legitimate user to gain access to their privileges.

What is "Identity Spoofing" or "Impersonation"?

100

In this widely reported access attack, cybercriminals targeted a major email service provider in 2014, resulting in the compromise of millions of email accounts.

What is the "Yahoo Data Breach"?

100

This access control method involves monitoring and analyzing activities in real-time to detect and respond to security incidents.

What is Intrusion Detection and Prevention?

200

To improve security, it's recommended to enforce the use of strong and complex passwords and to regularly do this to ensure password strength.

What is password rotation or password policy enforcement?

200

This best practice involves regularly reviewing and updating access control policies and permissions.

What is Access Control Auditing?

200

This technique involves capturing and analyzing network traffic to discover vulnerabilities or sensitive information.

What is "Packet Sniffing"?

200

This "Interview" caused a significant attack on a large media company. 

What is Sony Data Breach?

200

To protect against man-in-the-middle attacks, users can use this security protocol to ensure the confidentiality and integrity of their communications.

What is "SSL/TLS" (Secure Sockets Layer/Transport Layer Security)?

300

This IAM best practice suggests using roles and groups to manage permissions instead of assigning permissions directly to individual users.

What is role-based access control (RBAC) or group-based access control?

300

This practice involves splitting a network to limit the lateral movement of attackers in case of a breach.

What is Network Segmentation?

300

This specific technique involves trying every possible combination of characters until the correct password is found.

What is a "Dictionary Attack"?

300

In this notable access attack, attackers used stolen credentials to breach a major social media platform in 2020, compromising high-profile accounts.

What is the "Twitter Bitcoin Scam"?

300

This access control model uses labels to determine access rights, often associated with government and military environments.

What is Mandatory Access Control (MAC)?

400

This AWS service provides a comprehensive view of your AWS resources and their permissions.

What is AWS Identity and Access Management (IAM) Access Analyzer?

400

These two principles ensure that users have access only to the resources and permissions they need to perform their tasks.

What is the principle of least privilege and need to know?

400

In this attack technique, an attacker sends a flood of requests to overwhelm a system and make it unavailable to users.

What is a "Denial-of-Service" (DoS) attack?

400

This supply chain attack in 2020 caused a significant impact on multiple Federal agencies and private orgs. 

What is SolarWinds hack?

400

RBAC assigns permissions to users based on their roles within an organization, reducing the risk of what kind of unauthorized access?

What is unauthorized privilege escalation?

500

In IAM, this best practice advises against using long-lived access keys and encourages the use of these instead.

What are short-lived temporary security credentials?

500

This technology involves assigning digital certificates to users and devices to authenticate them within a network.

What is Public Key Infrastructure (PKI)?

500

This technique involves sending malicious data to an application to exploit a vulnerability and gain unauthorized access.

What is "SQL Injection"?

500

This "Petya" used these two little "helpers" and gained a significant amount of money via Ransomware.

What are "Mimikatz" (password harvesting hack) and "EternalBlue" (Microsoft SMB exploit)? 

500

To protect sensitive data, what advanced access policies and controls go beyond standard access management and focus on data classification and risk assessment?

What are data-centric access policies, data classification, and risk-based access controls?