New Whitepaper: Anti Brute Force Resource Metering
Hi List,
It's been a couple of months since my last whitepaper, so time for a new
one. This new whitepaper focuses upon a method known as "resource metering"
to actively restrict (and possibly prevent) many brute force guessing attack
vectors that target custom web authentication processes.
The paper is now available from the NGS website:
http://www.ngssoftware.com/papers/NISR-AntiBruteForceResourceMetering.pdf
As always, I'm happy to discuss the topic further and would value
discussions about the techniques talked about in the paper.
Abstract:
"Web-based applications authentication processes are frequently vulnerable
to automated brute force guessing attacks. Whilst commonly proposed
solutions make use of escalating time delays and minimum lockout threshold
strategies, these tend to prove ineffectual in real attacks and may actually
promote additional attack vectors.
Resource metering through client-side computationally intensive "electronic
payments" can provide an alternative strategy in defending against brute
force guessing attacks. This whitepaper discusses how such a solution works
and the security advantages it can bring."
Cheers,
Gunter Ollmann
------------------------------------------------------
G u n t e r O l l m a n n, MSc(Hons), BSc
Professional Services Director
Next Generation Security Software Ltd.
First Floor, 52 Throwley Way Tel: +44 (0)208 401 0089
Sutton, Surrey, SM1 4BF, UK Mob: +44 (0)7710 496 714
http://www.nextgenss.com Fax: +44 (0)208 401 0076
------------------------------------------------------