Sirius Portal Security: Defending Against Man-in-the-Middle Attacks
Data Security is big news…
Hardly a day goes by without reference in the press to a security breach or, data being compromised by hackers. Some of the most well known being Sony Pictures, Linked In and TalkTalk.
Sirius is built to be highly resistant to these hacking attacks, and is regularly penetration tested to ensure it stays one step ahead of the “hackers”. We take your data safety very seriously, and with over 20 years or working with the Banking and Finance Sector, you can ensure your Data is Safe with Sirius.
What are these attacks and how does Sirius defend against them?
Brute Force Password Attack
This is where a hacker simply tries millions of usernames and passwords. Sirius defends against this by locking out any account that has a small number of failed login attempts in a row.
Stolen Database
Sirius stores a cryptographic hash of the password and salting. By adding a random string of characters (the salt) to the beginning of the password, this renders the potential search for pre-computed hashes too enormous to be of practical value.
Man in the Middle
This is where a hacker identifies repeatedly used data, such as passwords. Sirius uses the concept of a Memorable Word in which two or three characters are used, never the whole word making it much more difficult.
SQL Injection
This consists of a hacker manipulating the user interface to add their own database queries. Sirius defends against this by using carefully scripted database queries, which deny attackers the ability to steal data online.
URL Manipulation
This is where a hacker who has legitimate log on credentials, accesses data not meant for them. Sirius defends against this through user session validation in which a unique log on instance is created, ensuring only data a user has access rights to is displayed.
If your business could benefit from a Secure Web Portal take a look at Sirius
Related posts
