Secure authentication and access control best practices: CISSP Study Guide

Test your knowledge of access control in this part of our CISSP Study Guide and learn secure authentication and access control best practices.

  Secure Authentication and Access Control  
The CISSP exam covers 10 domains, one of which is access control. Access control essentially protects critical enterprise systems and data by monitoring and restricting access that users, applications and services have to those assets. You'll need to know about secure authentication tools and models, types of access control, access control best practices, biometrics and more.

Ensure your knowledge of access control by referring to our resources and testing your knowledge with our CISSP access control quiz, written by CISSP All-in-one Exam Guide author Shon Harris. Visit our CISSP Study Guide to see the other domains.

Exploring secure authentication methods: How to develop secure systems
At a time when identity theft is running rampant, it's crucial to have sound practices for user authentication, customer authentication and partner authentication so that unauthorized (and often malicious) parties don't have an easy route into your key systems.

In this authentication learning guide, discover a variety of authentication options and learn how to implement, maintain and secure several methods of authentication, such as biometrics, single sign-on (SSO) and smart cards, all with the goal of avoiding security breaches and protecting sensitive corporate and customer data.

NAC security: Network access control policy, product best practices
A network access control (NAC) policy restricts endpoint access based on the device's compliance with a defined security policy. Considering, a network access control policy can make or break the security of your customer's network.

In this cheat sheet comprised of our best NAC security content, learn about the benefits of NAC technologies and how to properly implement an effective NAC security policy.

Electronic access control system and biometrics authentication
Both electronic access control (EAC) and biometrics have the same requirement: The user must validate his or her access before entering. Although the two technologies are similar, they are different in many ways, including in their capabilities. In the expert response, Randall Gamby explains the differences between EAC systems and biometric authentication.

Biometric authentication know-how: Devices, systems and implementation
Biometrics is most often used as a form of authentication in a broader two-factor or multifactor authentication system, since most biometric implementations also require employees to enter user IDs and passwords.

In this tip, you will discover the pros and cons of multiple biometric authentication devices and techniques, such as iris pattern or fingerprint scans, voice recognition and keystroke dynamics. Also get advice on biometric implementation best practices.

Biometric security technology: The most secure types of biometric devices
When it comes to biometric security technology, almost all the commercial biometric devices have been breached at some point, government devices excluded. Digital photos were used to dupe facial recognition systems, high-quality MP3 recorders were used to con voice recognition software, and fingerprints were lifted for use on fingerprint scanners.

In this expert response, Randall Gamby explains which types of biometrics devices tend to be more secure than others, and which could work better in your enterprise.

Secure user authentication: Regulations, implementation and methods
When deploying any authentication option -- whether to comply with the FFIEC's two-factor authentication mandate or just to strengthen access controls -- businesses need to weigh many factors. In this Security School lesson, you'll learn about current regulations and which IAM and user authentication strategies are best for your users.

Role-based access control: Pros of an open source RBAC implementation
There are many advantages to an open source role-based access control (RBAC) implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how to determine if open source RBAC is right for you.

What risks are associated with biometric data, and how can they be avoided?
Contrary to popular opinion, biometrics technology isn't foolproof. Biometric data, like any other authentication data, can be used maliciously to access a system.

In this Q&A, security expert Joel Dubin examines the pros and cons of implementing biometric data and explains how to avoid risks associated with the technology.

About the author
Shon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is a former engineer in the Air Force's Information Warfare unit, an instructor and the best-selling author of the previous three editions of this book. Shon has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the Department of Energy, the National Security Agency and many more.

Dig Deeper on Identity and access management (IAM) security services