Identity-based security

Identity-based security is an approach to control access to a digital product or location based on the authenticated identity of an individual.

NIST defines identity-based security policies as policies "based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access."[1]

Networking

See Identity driven networking.

Cyberoam’s approach

The identity-based security network security approach put forward by Cyberoam includes security components that provides visibility and control over user activity in a particular network. It offers a network security system which includes a user's human identity as a part of the firewall rule matching criteria.[2]

The concept includes treating a user's identity as the 8th Layer (also known as the human layer) in the network protocol stack, thus attaching user identity to security while authenticating, authorizing and auditing the network. This takes a different step from conventional security appliances, which bind security to IP-addresses. Such an approach allows organisations to create security policies that align to users and groups rather than to IP addresses which ultimately gives them more precise control over who can access the network—and what they can access.[3]

Identity-based security prevents systems against address spoofing attacks by combining the point of encryption, authentication, and access control into a single unit.[4]

See also

References

  1. SP 800-33 - Underlying Technical Models for Information Technology Security, Gary Stoneburner, p. 21, December 2001, NIST Computer Security Publications - NIST Special Publications (SPs), doi:10.6028/NIST.SP.800-33. Retrieved 4 April 2017.
  2. Identity based security, cyberoam.com.
  3. Identity-Based Firewall Security, cisco.com.
  4. Identity-Based Security, arubanetworks.com
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.