Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 3 Delivering Consistent Security Using Zero Trust 37 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. User identification User identification technology links Internet Protocol (IP) addresses to specific user identities, enabling visibility and control of network activity on a per-user basis. Tight integration with Lightweight Directory Access Protocol (LDAP) directories, such as Microsoft Active Directory (AD), supports this objective in two ways: » It regularly verifies and maintains the user-to-IP address relationship using a combination of login monitoring, end-station polling, and captive portal techniques. » It communicates with AD to harvest relevant user informa- tion, such as role and group assignments. These details are then available to: » Gain visibility into who specifically is responsible for all application, content, and threat traffic on the network, including users on mobile devices, working remotely, or located in branch offices » Enable the use of identity as a variable within access control policies » Facilitate troubleshooting/incident response and reporting User identification is also an important capability to help pre- vent credential theft and abuse. The majority of network breaches today involve stolen credentials that attackers use to simply log on to the network (rather than hacking in) and elevate privileges leveraging other stolen credentials once inside the network. With user identification, IT departments get another powerful mechanism to help control the use of applications in an intelli- gent manner. For example, a remote access application that would otherwise be blocked because of its risky nature can be enabled for individuals or groups that have a legitimate need to use it, such as IT administrators.