Question

• Describe context-based authentication and how that is handled in either your company or another that you can use as an example. Does it work for them? Where are the downfalls?
• How is GPS spoofing accomplished? What is the goal for those that try to do this? Are they a potentially big threat?
• What are the easiest ways to use personnel when attacking a company? Where are the easy entries to this type of attack?
• What are the best ways for someone to use a brute-force attack? What would they do, and how would they do it? What do they potentially gain?
• Where in using the Cloud for services is there potential authentication issues or attack access points? How do you guard against them?

Answer 1

Hi,

1.Context based authentication is one of the most existing advances in identity protection.It is also called as adaptive authentication.They uses analytic data that an identity platform compiles as part of authentication process to improve authentication methods.It is more effective at enhancing consumer safety and reducing online fraud.The primary concern many companies have to use it to reduce the risk.It embeds dynamic risk assessment into access decision,calculating risks through the use of behaviour and context analytics.It allows administrators to set permissions based on role,device,IP address ,location and other factors.This hepls companies minnimize risks when allowing access to their systems.It can be done by each user register a specified device or device with the system.By associating approved device with stored user information,tou essentially get an additional information check.

2.GPS spoofing is an attack in which a radio transmitter located near the target is usd to interfere with a laegitimate GPS signals.The attacker can transmit no data at all or could transmit inaccurate coordinates.In most common an attacker would position a broadcast antenna an point it target's GPS reciever antenna to interfere with GPS signal of nearby buildings .More powerfull and expensive transmitters can be used for wide scale attacks.  

3.Companies must be prepared and responsible when it comes to protecting themselves from hackers.Some of them are:

• Know the risk: Properly protecting your company from a cyber attack starts with a well rounded understanding of the internal and external vulnerabilities for your business face when it come to a hzcker.
• Encrypt data : For companies holding important data be sure to take measures to always have this information encrypted.
• Be sure that the hardware is secured : Most cyber attacks occurs when physical electronic equipment is stolen is one that is often overlooked.Make sure the systems in the companies are physically locked down.

4.A brute force attack is a cyber attack equivalent of trying every key on your key ring and eventually finding the right one.They are simple and reliable.Attackers let a computer to do the work,trying diferent combinations of usernames and passwords.Catching and neutralizing a brute force attack in progress is best counter;Once attackers have access the network they are much harder to catch.Brute force attack occurs in the early stages of cyber kill chain ,typically during the reconnaissance and infiltration stage.Attackers need access or points of entry into their targets and brute force techniques are a set it and forget it method of gainning that access.Once they have entry into the network,attackers can use brute force techniques to escalate their privilages.

5.The latest risks involved in cloud computing point to problems related to configuration and authentication rather than the traditional focus on malware and vulnerabilities .Using the cloud to host your businesse's data ,applications and other assets offer several benefits in terms of management ,access and scalability.But the cloud also presents certain security risks.Traditionally those risks have centered on areas such as deniel of service,data loss,malware,and system vulnerabilities. Inorder to prevet it :

• Data breaches: It is any cyber security incident or attack in which sensitive or confedential information is viewed,stolen or used by unauthorized individual.
• Misconfiguration and inadequate change control: It occurs when computing assets are setup incorrectly.leaving them vulnerable to malicious attack.
• Lack of cloud security architecture.
• Insuffucuent identity ,credential access,and key management.
• Account hijacking.

Hope you help this...

Thank you...