Defending Against Threats PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document discusses various security threats and strategies, including threat modeling, malicious software, and security measures like data masking and strong password policies. It also explores authentication techniques like one-time passwords and two-factor authentication to help prevent brute-force and other types of attacks.
Full Transcript
Defending Against Threats on Authentication & Authorization Course So Far We discussed CIA. We discussed Threat modeling. We discussed multiple attacks/threats Malicious Software (Malware) Denial of service. Ransomware Spyware/keyloggers....
Defending Against Threats on Authentication & Authorization Course So Far We discussed CIA. We discussed Threat modeling. We discussed multiple attacks/threats Malicious Software (Malware) Denial of service. Ransomware Spyware/keyloggers. Man-in-the-middle. Brute-force. SQL injection. XSS. Course So Far Defending Against Threats Securing data at rest Encryption Symmetric and Asymmetric Hashing Securing Data in Transition TLS/SSL (HTTPs) IPsec Recap At the highest levels, when we threat model, we ask four key questions: Q1: What are we working on? User Registration/login Q2: What can go wrong? Q3: What are we going to do about it? Q4: Did we do a good enough job? This lecture We will start focusing on defensive security measure. Answering “What are we going to do about it?” Data masking for sensitive information Shoulder surfing attack relay mostly on looking over the victim's shoulder into their screen. s Masking sensitive data can make such an attack hard to 1perform. Data masking for sensitive information Masking Input Fields: In web forms or software applications, use input masking for sensitive fields like passwords or personal identification numbers (PINs). This can be done by setting the input type to "password" in HTML forms. A Data masking for sensitive information User interface On-Demand Display: Design your8UI so that sensitive information is hidden by default and only shown when the user takes a deliberate action to view it (e.g., clicking a "show" button). 0 Data masking for sensitive information Reduce feedback: Designing your user interface (UI) to reduce feedback, particularly during sensitive I operations like password entry. so Do not zoom-in while typing letters. Or delay it. While typing input, do not show accurate counts of characters entered by users. IStrong password policy1make brute force attack harder Encourage users to use long and complex passwords. This could be achieved by: 1. Requiring a mix of uppercase, lowercase, numbers, and special characters. 2. Setting a minimum password length, e.g., 12 characters or more. a 3. Encouraging the use of passphrases, which are longer and often easier for users to remember. 0 0 0 0 0 I Strong password policy make brute force attack harder Making strong password policy in HTML
