IT networks face increasing threats from both inside and outside your organization. Traditional perimeter defenses can miss insider threats, such as password leaks and fraud due to staff complacency, as well as external online threats such as zero-day attacks. To limit the presence of these threats, many IT departments are using identity and access management (IAM) solutions. In this course, The Issues of Identity and Access Management (IAM), you'll learn to look at IAM from the perspective of the issues that it can create for your organization. First, you'll dive into Oauth/OpenID and where the weaknesses are. Next, you'll explore SSO and federations. Finally, you'll learn how to setup a hacking environment using the AutoLab. When you're finished with this course, you'll be able to look at your IAM solution and see if you're protecting yourself, as well as your users.
Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years. Dale also has an additional 7 years of senior IT management experience and worked as a CTO for a popular ISP provider. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge of the course material.
Course Overview Hi everyone. My name is Dale Meredith, and I'd like to welcome you to my course, The Issues of Identity and Access Management. Now I've been a Microsoft trainer since 1998, and it goes back a ways, as well as a cyber security trainer since about 2004. I'm also currently a consultant for several different government agencies for cyber security. Now this course is actually part of a series that supports several different certifications, including GCIH and the new CSA+. Now let me ask you a question, how many user accounts and passwords do you have in your life. Anyone, anyone, Buehler, Buehler. The average is about 118 accounts. Can you believe that? I actually did an inventory of mine and I have almost 150. In this course, we're going to talk about the differences between some of the solutions that are being used, as well as the weaknesses that they might actually cause. Now I'm not going to leave you hanging. I never do. I'll tell you some of the cool ways that we can strengthen the use of some of these solutions, such as, you know, not writing down a password on a Post-it note. Now some of the topics that we'll cover will include things like OAuth and OpenID and where the weaknesses in their technologies lays. We'll also look at things like SSO, as well as federations, and I'll even go through and show you how to set up a hacking environment that is not only quick, but easy to deploy using our auto labs so that you can test some of these weaknesses. By the end of this course, you'll be able to look at you IAM solution and see if you're protecting yourself, as well as your users. You'll also be a couple of steps closer in taking exams with the knowledge that you get from within this course, you know those CSA+, the GCIH, and ECIH. Now before beginning this course, you should have a somewhat basic knowledge of network technologies, including things like routers, and switches, and maybe even a little bit of Active Directory. After you watch this course, from here you should be able to feel comfortable in diving into some other courses within the series or even branching out and looking at the ethical hacking series. I hope that you'll join me in this adventure in learning with the Issues of Identity and Access Management course here, at Pluralsight.