Question

In: Computer Science

What are the stages of preliminary risk assessment? What information should be included in a misuse...

What are the stages of preliminary risk assessment? What information should be included in a misuse case? Suggest two possible vulnerabilities when login/password authentication is used?

Solutions

Expert Solution

five steps to risk assessment.

1.Identify the hazards.

2.Decide who might be harmed and how.

3. Evaluate the risks and decide on precautions.

4.Record your findings and implement them.

5.Review your risk assessment and then update if it is necessary.

possible vulnerabilities when login/password authentication is used:

User-Generated Credentials:

Since users have to create their own passwords, there’s always a chance that they won’t create secure credentials. most of the user-generated passwords are considered weak and easily vulnerable to hacking.

Whether it’s because users we want to have a password that’s easy to remember, they aren’t up to date on password security best practices, or subconsciously use patterns to generate their passwords, this type of authentication has its flaws.

Even if your website is equipped with a password strength-checking tool, the results can be inconsistent and inaccurate, often leading users into a false sense of security. the password should contain atleast 8 characters and that characters should contain uppercase letters and lowercase letters numbers from 0 to 9 and also the special characters so that the password will be strong and anyone cannot be known.

Brute-Force Attacks:

a brute-force attack occurs when a computer program runs through every password combination until they find a match. The system will run through all one-digit combinations, two-digit combinations, and so forth until it cracks your password. Some programs specifically focus on combing through the most commonly used dictionary words, while others target popular passwords against a list of possible usernames.

As technology evolves, hackers use to crack people’s credentials. Aside from merely guessing your password, a brute-force attack is the most common technique hackers use.

these systems are able to run through thousands of combinations in less than a second, which means that shorter passwords can be cracked in a very short time frame.

How can I secure against brute-force attacks:

The limit for IP addresses should be more than the limit for users. This is because multiple accounts could be using the same IP address

Once a user has reached the allowed number of requests, the account should be blocked for a short period of time.

if there has been a lot of unusual behavior from a specific IP address, it might be in your website’s best interest to permanently block it from making login attempts. However, blocking IP addresses also runs the risk of excluding real users, so you will want to be careful.


Related Solutions

What should be included in the nursing assessment of a patient with an actual or potential...
What should be included in the nursing assessment of a patient with an actual or potential fluid and electrolyte imbalance?
What type of information should NEVER be included in a medical record?
What type of information should NEVER be included in a medical record?
REGARDING RISK ASSESSMENT What are the different types of disclosure or brokerage of information? What is...
REGARDING RISK ASSESSMENT What are the different types of disclosure or brokerage of information? What is the probability of disclosure/brokerage of information (in terms of high, medium, low)? What is the potential impact of disclosure/brokerage (in terms of high, medium, low)? Explain. Determine the risk scale of disclosure/brokerage of information. PLEASE MAKE COPY PASTE AVAILABLE MUST BE 250 WORDS
How is risk assessment used in the accreditation process? What should be done with the results...
How is risk assessment used in the accreditation process? What should be done with the results of the assessment?
What information should be included in a request for a private letter ruling? In what circumstances...
What information should be included in a request for a private letter ruling? In what circumstances will the IRS rue on estate tax issues? On which of the following issues will the IRS likely issue a private letter ruling and why? In your answer, assume that no other IRS pronouncement addresses the issue and that pertinent Treasury Regulations are not forthcoming: [a] Whether the taxpayer correctly calculated a capital gain reported on last year’s tax return; [b] The tax consequences...
What information should be included in a request for a private letter ruling? In what circumstances...
What information should be included in a request for a private letter ruling? In what circumstances will the IRS rue on estate tax issues? On which of the following issues will the IRS likely issue a private letter ruling and why? In your answer, assume that no other IRS pronouncement addresses the issue and that pertinent Treasury Regulations are not forthcoming: [a] Whether the taxpayer correctly calculated a capital gain reported on last year’s tax return; [b] The tax consequences...
(TCO F) What type of information should be included on your resume?
(TCO F) What type of information should be included on your resume?
Software security: Assume you are performing preliminary security risk assessment. 1. The first step in performing...
Software security: Assume you are performing preliminary security risk assessment. 1. The first step in performing a preliminary risk assessment is asset identification. List down three assets you identify in an in-store automated supermarket shopping system when conducting the preliminary risk assessment. 2. Identify two possible security risks associated with an in-store supermarket shopping system and propose a system requirement that might reduce each of those risks.
How does the creation of a portfolio reduce risk? What type of assets should be included...
How does the creation of a portfolio reduce risk? What type of assets should be included in a diverse portfolio? Why should they be included?
What information on the competitive landscape should be included in a business plan? What frameworks would...
What information on the competitive landscape should be included in a business plan? What frameworks would you use? What information on the key venture risks should be included in a business plan? Is it important for the business plan to be pessimistic or optimistic in regard to these risks? A number of software development methodologies exist to encourage rapid design and implementation (e.g., agile software development, extreme programming, etc.). Select two of these methodologies and compare and contrast the specific...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT