An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?
The significant increase in storage use each month suggests that the current password reset system is being abused, potentially by automated scripts flooding the system with password reset requests. Implementing a new password reset system with enhanced security measures such as CAPTCHA to prevent automated attacks, rate limiting to control the number of requests from a single IP address, and minimal data retention to reduce the amount of data stored would effectively address this issue and prevent the storage from being overwhelmed.
Of all the questions on this site, I hate this one the most. Why is the storage filling up? Is it because of many failed reset attempts (lets get a new p/w reset system). is it because attackers can get in through it somehow (lets add MFA). ugh...C...
D. Adding MFA to all accounts Adding Multi-Factor Authentication (MFA) to all accounts enhances security by requiring users to provide multiple forms of identification before gaining access. This can significantly reduce the risk of unauthorized access, even if passwords are compromised or the password reset system is abused.
NiceGPT
C. Implementing a new password reset system. The current password reset system appears to be a potential vector for an attack, as it may be exploited to consume additional storage resources. By implementing a new, more secure password reset system, you can potentially address the storage abuse issue.
The significant increase in storage use could be due to an attack where an attacker is trying to exploit the password reset system, possibly by flooding it with requests, which could be causing a lot of data to be stored. To remediate this attack, the organization should consider implementing a new password reset system © that includes protections against such attacks. For example, the new system could include measures like CAPTCHA to prevent automated attacks, rate limiting to prevent too many requests from the same IP address in a short period of time, and minimal data retention to reduce the amount of data stored.
A. Including input sanitization to the logon page. Explain: by sanitizing inputs, you can prevent malicious data from being inserted or uploaded to the system, which could be causing the unexpected increase in storage use.
The significant increase in storage use suggests that the existing password reset system may be vulnerable to abuse, possibly due to being overly simple or lacking sufficient security measures. Implementing a more secure password reset system can help address this vulnerability.
D. Going with MFA, the most sense to me is the users could be sharing their storage....but too many assumptions to have a possible answer.
I am going to make couple assumptions here. 1. the storage increase is due to the excessive logs when a bot keeps spamming the reset webpage with requests 2. then having or not having MFA wont matter much as the MFA token could also be spammed, just like the password. 3. Captcha would help as no transaction to the db system will happen until the captcha is correct. 4. To implement captcha the need to do C.
I'm not a big fan of this question either, but I could actually make a case for "B". If users can reset their password an unlimited amount of times without their account being locked, then the storage will constantly fill up. If after 5 attempts, a user's account locks, then the user will have to contact an admin who will provide a temporary password, which when used will (if configured) force the user to create a new password. This example would only have 6 (or 7 if including temp pw) password resets that will be included in storage. If not B, then I'd go C as well.
If the observed increase in storage use is linked to potential abuse of the password reset system, implementing a new and more secure password reset system with improved controls and monitoring can be an effective remediation step.
implementing a new password reset system is more of a vault answer not specific because it can still lead to same problem, but adding MFA is more of a solution than any other.
going with C. Having a password reset will prevent large amounts of attempts and stop the requests being sent in due to the configurations done on the password reset.
This doesn’t completely avoid the attacks. Implementing MFA provides a barrier between the attacker and access control
I feel like this question is poorly worded. Are they talking about the storage on the SaaS provided to users or are they talking about the storage on the password reset system? Given that the SaaS storage would be completely out of context unless they were talking about that storage being what is seeing the increase, I'm going to assume that is what they are referencing. Therefore I think MFA would be the best answer. If they are somehow taking advantage of the password reset system to obtain user passwords and then gaining access to the user's SaaS storage, MFA would stop them. They should also replace the password reset system because it is letting user's passwords be compromised but user passwords can become compromised in many ways. MFA should be a higher priority.