So, what do we do now?

--Originally published at #CParravirgen

The countermeasure…

“In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.” (Wikipedia)

At some point, as a system admin or a software developer, you will have to deal with this, since there is no such thing as a “completely secure” system, any system can be cracked, is just a matter of time and intention.

So when the moment comes, actions will be required, what kind of actions?, that depends on the type of problem, but if the problem is too big, you will want to have Mr. Winston Wolf right by your side at that moment.

200_s

Here is a table of what is a good idea against different types of attacks:

Threat Countermeasures
Spoofing user identity Use strong authentication.Do not store secrets (for example, passwords) in plaintext.

Do not pass credentials in plaintext over the wire.

Protect authentication cookies with Secure Sockets Layer (SSL).

Tampering with data Use data hashing and signing.Use digital signatures.

Use strong authorization.

Use tamper-resistant protocols across communication links.

Secure communication links with protocols that provide message integrity.

Repudiation Create secure audit trails.Use digital signatures.
Information disclosure Use strong authorization.Use strong encryption.

Secure communication links with protocols that provide message confidentiality.

Do not store secrets (for example, passwords) in plaintext.

Denial of service Use resource and bandwidth throttling techniques.Validate and filter input.
Elevation of privilege Follow the principle of least privilege and use least privileged service accounts to run processes and access resources.

Many more resources and information can be found here. At that Microsoft’s page, they have a lot of information

different attacks on different types of systems, how they define them, and how to prevent and countermeasure it. Great information to go deeper on that.

This was a quick post then, but as always, good day, good luck, be safe, eat well, move your ass at the gym or somewhere else, take your vitamins, talk to interesting people, don’t text and drive, have enough sex (even if it has to be with yourself), learn things, share things and try to make the world a better place, move on on achieving your definition of “success” and drink more coffee!