I have a user who travelled to another country and got blocked by Identity Protection. I confirmed the sign-in safe and dismissed the risk, which unblocked him.
Is there any way to prevent the user from being blocked (in advance) the next time he travels there, or my only bet is to confirm sign-in safe again after the block and hope for the system to eventually learn that the location is safe?
I don't want to set any named locations in that country and cannot predict the IP address that will be assigned to the user at the destination. I am also not allowed to change the policy - users are blocked for high, medium, and low risk.
Related
I'm a programmer who is about to release an intranet site where apprentices can rate their educators and vice versa. Currently the system is working as planned, however HR wants some way to verify that the users are OK with their ratings. If not, they should be able to unlock their ratings so that the other person has to re-do the rating.
Unfortunately, HR also wants to reduce the amount of logins that these users have to endure. In the worst case scenario, users have to:
Log in to rate the educator/apprentice
Log in to unlock the rating
Log in to rate the educator/apprentice again
And so on...
The user who fills the rating has to be user A, while the user who unlocks or confirms the rating has to be user B. User A can also unlock the rating if they have a correction.
This process has to be done twice - once for the educator, once for the apprentice.
There is usually only one workstation present (factory environment).
Possible solution:
My suggestion is a kind of meeting workflow. One user logs in, clicks a button in the appraisal and the workflow starts. The other user is prompted to log in. This starts a kind of "double session" with both users logged in at the same time. This is a way to verify that both of them are present in a meeting.
This process could be used for multiple ratings at the same time, guiding the users through the process one by one.
HR wants both of them to meet and discuss their ratings.
Are there any security and/or best practice concerns that I should be aware of? The system has to be ready on the first of August, so I'm really hoping to solve this issue as easily as possible. Are there better ways to do this?
It turns out that my idea of logging in two users at the same time wasn't so bad. At first, a regular user logs in and launches the meeting mode. In order to verify that the other user is present, this second user logs in. Both user's data is now stored in the session and the meeting workflow launches, guiding both of them through their appraisals. When the last appraisal is finished, the second user is logged out.
This question is solved.
A keylogger program intercepts user password and is used to modify the user account , Is it a violation of confidentiality ,integrity ,or availability or some of combination of them ?
A Keylogger program intercepts user password
Scenario 1 :
Your friend invites you to use his laptop for a project you are working on. It requires you to log-into your mail accounts and other critical resources. After you are done, Your friend opens the keylogger program that has been running at the background and reads the logs generated.
This is a clear breach to Confidentiality and Integrity aspects of the CIA triad.
Your Friend also decides to login with your credentials with a purpose of changing the passwords and block you from accessing your account.
This reduces (or) completely denies the availability of the resource.
Scenario 2 :
You join an IT-Corporate as a technical trainee. You become the Employee of the company after reading all the policies laid by them and signing/Agreeing to them. You are provided with login credentials on the first week of joining. The Corporate requires you not to use your personal mail accounts so they can maintain confidentiality to their internal assets. The company runs keyloggers on all the systems and frequently monitors logs. The IT policy supports this case of keylogging and you have signed it previously.
Such a case doesn't breach the CIA triad (Confidentiality , Integrity & Availability)
Practically the second scenario is very casually(my experience) practiced for any prudent IT-Corporate facility who has a greater risk of their internal assets getting compromised. But make sure that the Keylogging ,Information fair Usage and other documents are kept in place by the organization well ahead and the employees understand these policies.
Interception of the password is a loss of Confidentiality.
Modification of the user account is a loss of Integrity and could, depending on the nature of the change, also result in a loss of Availability. For example if the password was changed so that the legitimate user couldn't access their account.
What you can't tell from your description is whether or not it would also result in a loss of Auditability.
I want to use Firebase to build an app for ticket purchases. I envision storing the inventory of tickets on the servers and requirements to be:
Allow user to reserve ticket while processing the payment (ie lock
the ticket)
Release the ticket after a certain amount of time if not purchased
Prevent dual purchase of same inventory item
I'm concerned about how this would be possible without server-side code where the individual clients are controlling the locks and releases. I suppose the client can keep track of how long its been since the ticket was reserved and then release it. But what if the client disconnects? Would I successfully be able to release locks on tickets using .onDisconnect() for example when user loses connectivity?
Yes, you can. Add an .onDisconnect() which deletes the lock when the user loses connectivity.
That is exactly what .onDisconnect() does, the action is triggered on the server-side when the client connection stops.
But you might want to consider what happens if the client loses the connection temporarily, e.g. if their train goes through a tunnel
I am writing an application wherein its a requirements to restrict the number of logins a user can have from a single IP address (as a way to stop spam).
We can't use captcha for some reason!
The only 2 ways I could think of to make this work was to either store in the database, the number of requests coming in from each IP.
OR
To store a tracking cookie which has the information regarding the same.
Now, the downside of the first mode is that there would be too much of db traffic - the application is going to be used by a ton of people.
The downside of storing this info as a cookie is that users can clear them up ad start fresh again.
I need suggestions, if there could be a way wherein the high db traffic and the loose bond with cookie based tracking can be handled.
You're talking about "logins" and a web-application therefore you have some sort of a session persisted somwhere. When creating those sessions you need to keep track of the number of active sessions per IP and not allocate new sessions when that threshold is reached.
Without more specific information about your framework / environment, that's about the best answer anyone can provide.
Also be aware that this approach fails in numerous ways because of NAT (network address translation). For example, our office has exactly one public IP address for X hundred people. The internal network is on private IP space.
if you want to get the IP and store somewhere, you could use $_SERVER['REMOTE_ADDR'] to get the IP of the user, make a field like "ip" in your database and you make a query in your SQL to check if the IP was used.
There are also other ways of tracking, like Flash Cookie, people usually don't know the existance of it, so most people wouldn't know how to clear it.
In my web project, I am storing mail addresses. These addresses may be used by the system to throw mails to the recipients. It is also important to say that these mail addresses have expiration time.
But the critical point is trustness: for this very service, people must be sure that the mail addresses wil not be given to somebody else (especially to authorities, for example).
To resume:
the system has to "know" the mail address.
the webmaster (or somebody else) has to be unable to find the true mail addresses.
By doing this, the webmaster will not be able to give information (even by force :)).
Intermediate solution: I already know how to do this as soon as the information has expired. E.g. The mail address is encrypted with gnupg (GPG / PGP algorithms). The system (or anybody) can decrypt if he/it has the password. But as soon as the mail address has expired, let's revoke the secret key :arrow: one cannot decrypt the mail address anymore.
But this raises a performance problem (to create the private key)...
Any help would be most appreciated !
What you're asking for is impossible. Even supposing you could devise a system whereby the system can send emails without being able to reveal them to an administrator (and you can't), an attacker could simply start a mail run and capture the outgoing emails and extract the addresses before they're sent.
If you want to 'expire' email addresses, you should simply delete the records, then (if you're paranoid), compact the database and erase the free space on the disk.