Question

An organization has the following password policies:

- password must be at least 16 characters long

- three failed login attempts will lock the account for 5 minutes

- password must have one uppercase letter, one lowercase letter, and one non alphanumeric symbol

a database server was recently breached, and the incident Response Team suspect the passwords were compromised. Users with permission on the database server were forced to change their passwords for that server. Unauthorised and suspicious logins are now being detected on the same server. Which of the following is the most likely issue, that should be done?

1. users have reset their account to a previously used password, Implement a password history policy

2. service accounts are being used to log on to the server, restrict service account permissions to read/ write

3. single sign-on is allowing remote login to the database server, disable single sign-on until it can be properly configured

4. users are logged in after work hours, Implement time of day restrictions for the database servers

Answer 1

Single sign-on is allowing remote login to the database server, disable single sign-on until it can be properly configured, is the issue, that should be done.

Database Server is designed to be a secure database platform, but using the default settings leaves security gaps in the system. Moreover, database server has many security features you should configure individually to improve security.

If an attacker gets your password, he can access your account.So to keep your login safe, you need to set some “security questions” before you can reset your password and gets sent to a server (just used on your computer to encrypt the database)

1) Single sign-on (SSO) is a user authentication service that permits/allows a user to use one set of login credentials.

Lets take an example: a name and password to access multiple applications. SSO can be used by enterprises, smaller organizations and individuals so it would get easier to manage the various usernames and passwords.

2) Single sign-on is a federated identity management (FIM) arrangement, and the use of such a system is sometimes called identity federation.

3) OAuth (Open Authorization) pronounced as "oh-auth," is the framework that enables an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.

4) An attacker who gains control over a user's SSO credentials will be granted to access every application that user has rights to use. In order to avoid malicious access, it's essential that every aspect of SSO implementation be coupled with identity governance.

5) To improve security,organizations can also use two-factor authentication (2FA) or multifactor authentication (MFA) with SSO .

6) Although social single sign-on is convenience to users, but it can present security risks because it creates a single point of failure that can be exploited by attackers.

7) It has been recommend by many security professionals that end users refrain/avoid from using social SSO services altogether because, once an attacker gains control over a user's SSO credentials, they will be able to access all other applications that use the same credentials.

Advantages of SSO :

• It enables users to remember and manage fewer passwords and usernames for each application.
• No need to re-enter passwords for using applications.
• It lessens the chance of phishing.
• It leads to fewer complaints or trouble about passwords for IT help desks.

Disadvantages of SSO :

• It does not provides certain levels of security for each application sign-on may need.
• If unauthorized users gain access, then they could gain access to more than one application.