• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 396
  • Last Modified:

brute force / DoS / Acct Lockout

How do you strike a balance in your web apps between protecting yourselves from brute force type attacks by deploying account lockout mechanisms, and your account lockout mechanisms being abused by malicious sources to create a DoS on the user acct logging in? Theres an argument to have account lockout to prevent brute force, but also an argument not to have for critiical apps due to the potential for DoS
0
pma111
Asked:
pma111
  • 2
1 Solution
 
Chris GralikeSpecialistCommented:
What exactly do you mean with balance?

From the business point of view (CTO)
From the maintenence point of view (FTEs / ROI)
From the technical point of view (Code standardization, Complexity)
Other... .

Rgrds,

0
 
Chris GralikeSpecialistCommented:
Also, have you ever considered locking out an actual connecting IP instead of an account. Then you might find that IP spoofing can create DoS for potential customers / collegues and the circle is round again.

Other solutions might be the use of VPN before being able to connect to the application and work from there. Again there might be counters on that. In any account, how 'visible' will your portal be, how interesting will it look for potential hackers, even this question might raise interest on the web...

many aproaches to different problems will also cause new problems... But what will make the potential attacker pick your neighbour to rob instead of you?
0
 
pma111Author Commented:
Thanks Chris some good advice there
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now