Denial of Service
Threats 3–10 are constructed from three properties, shown in parentheses after the text description:
- Is the threat to a client or a server? Threats to servers likely affect more people.
- Is the attacker authenticated or anonymous? Threats in which an attacker needs credentials have a smaller pool of attackers (or require a preliminary step of acquiring credentials), and it may be possible to retaliate in some way, acting as a deterrent.
- Does the impact go away when the attacker does (temporary versus persistent)? Persistent issues that require manual intervention or destroy data are worse than threats that will clear up when the attacker leaves.
There is no discussion of these threats per card, but the cards are listed for reference or use in checking aces.
2 of Denial of Service. An attacker can make your authentication system unusable or unavailable. This refers to authentication systems that use either backoff or account lockout to prevent brute-force attacks...