data transmission two factor authentication:, Lecture notes of Computer Networks

data transmission two factor authentication: this is by using multiple authentication such as use of password and code generated and sent to the backup account. firewalls and IP whitelisting: firewalls protect the data by filtering the network traffic and blocking intruders while IP whitelisting is putting authorized IP addresses in an allowed list meaning only those IP addresses can access the data

Typology: Lecture notes

2020/2021

Uploaded on 08/05/2023

sharonne-1
sharonne-1 🇺🇸

1 document

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1. How can data be transmitted via the client in a way that prevents tampering attacks?
- Using a key stored on the server to encrypt data therefore the attackers are unable to encrypt
arbitrary data. But since data can be taken from one context and manipulated to another
context, sufficient context is needed within the protected data and can be confirmed it
originality within the context. For example, name of the item and pro
2. An application developer wants to stop an attacker from performing bruteforce attacks against
the login function. Because the attacker may target multiple usernames, the developer decides
to store the number of failed attempts in an encrypted cookie, blocking any request if the
number of failed attempts exceeds five. How can this defense be bypassed?
3. An application contains an administrative page that is subject to rigorous access controls. It
contains links to diagnostic functions located on a different web server. Access to these
functions should also be restricted to administrators only. Without implementing a second
authentication mechanism, which of the following client-side mechanisms (if any) could be used
to safely control access to the diagnostic functionality? Do you need any more information to
help choose a solution?
a. The diagnostic functions could check the HTTP Referred header to confirm that the
request originated on the main administrative page.
b. The diagnostic functions could validate the supplied cookies to confirm that these
contain a valid session token for the main application.
c. The main application could set an authentication token in a hidden field that is
included within the request. The diagnostic function could validate this to confirm that
the user has a session on the main application.
4. If a form field includes the attribute disabled=true, it is not submitted with the rest of the form.
How can you change this behavior?
5. Are there any means by which an application can ensure that a piece of input validation logic
has been run on the client passed?

Partial preview of the text

Download data transmission two factor authentication: and more Lecture notes Computer Networks in PDF only on Docsity!

  1. How can data be transmitted via the client in a way that prevents tampering attacks?
  • Using a key stored on the server to encrypt data therefore the attackers are unable to encrypt arbitrary data. But since data can be taken from one context and manipulated to another context, sufficient context is needed within the protected data and can be confirmed it originality within the context. For example, name of the item and pro
  1. An application developer wants to stop an attacker from performing bruteforce attacks against the login function. Because the attacker may target multiple usernames, the developer decides to store the number of failed attempts in an encrypted cookie, blocking any request if the number of failed attempts exceeds five. How can this defense be bypassed?
  2. An application contains an administrative page that is subject to rigorous access controls. It contains links to diagnostic functions located on a different web server. Access to these functions should also be restricted to administrators only. Without implementing a second authentication mechanism, which of the following client-side mechanisms (if any) could be used to safely control access to the diagnostic functionality? Do you need any more information to help choose a solution? a. The diagnostic functions could check the HTTP Referred header to confirm that the request originated on the main administrative page. b. The diagnostic functions could validate the supplied cookies to confirm that these contain a valid session token for the main application. c. The main application could set an authentication token in a hidden field that is included within the request. The diagnostic function could validate this to confirm that the user has a session on the main application.
  3. If a form field includes the attribute disabled=true, it is not submitted with the rest of the form. How can you change this behavior?
  4. Are there any means by which an application can ensure that a piece of input validation logic has been run on the client passed?