A high traffic website is experiencing numerous brute force attacks against its user base. The attackers are using a very large botnet to carry out the attack. As a
result, many users passwords are being compromised Which of the following actions is appropriate for the website administrator to take in order to reduce the
threat from this type of attack in the future. .
A.
Temporarily ban each IP address after five failed login attempts
B.
Prevent users from using dictionary words that they have used before.
C.
Prevent users from using passwords they have used before.
D.
Require user passwords to be at least ten characters in length
Why not A?
0
0
A or D could be correct. However, the attacker is using a very large Botnet (automated attacks), so increasing the password length may not work. It will only take more time to crack. A more secure option is to suspend an account after a predefined number of failed attempts…..I go with A.
0
0
Answer A cannot be right because For example, after three failed login attempts, the account is locked out until an administrator unlocks it. The disadvantage of this method is that multiple accounts can be locked out by one malicious user, causing a denial of service for the victims and lots of work for the administrator.
Any Web application should enforce the use of strong passwords. At a minimum, requiring users to choose passwords of eight letters or more with some complexity (letters and numbers, or requiring one special character) is an excellent defence against brute force attacks when combined with one of the techniques outlined above.
1
0
Ashu Verma you have mistake. A answer says “Temporarily ban each IP address” after 5 failed login attempts, that will not lock account and admins have a lot of work. Only BAN IP, not lock account. I will go with A.
Nobody say in answer D that you have and special characters, lower/uppercase –
only 10 LENGTH.
0
0
If the attacker has a large botnet, he can easily get around the IP restrictions. Which leaves us with D.
1
0