Standard Users – UB Authentication
UB – User Behaviour Rp -Related Page K -KQL Queries W– WebSites M – MITRE ATT&CK Reference
SCKIPT User Behaviour Matrix (Standard Users) | ||||
|---|---|---|---|---|
Source (UB) | Case Scenario | Known Interactions (K) | Protection (P) | Threats (T) |
UB6. Auth. | UB6.C1 Passwords | UB6.C1.K1 Weak/Guessable Passwords | UB6.C1.K1.P1 Configure Password policies to require strong passwords. UB6.C1.K1.P2 Create a block list of known words that can potentially be used as passwords by the users and are easy for attackers to guess | UB6.C1.K1.T1 Password discovered |
UB6.C2 Account Names (UPNs) | UB6.C2.K1 Users share it name and surname on social networks | UB6.C2.K1.P1 Configure different domains or use different username patterns to create email addresses and UPNs that cannot be identified with user identity | UB6.C2.K1.T1 Malicious actors can easily discover users’ email addresses and UPNs for phishing, spamming and other threats using engineering. | |
UB6.C3 Generate tokens | UB6.C3.P1 Use tokens with short lifespans or implement token rotation strategies. UB6.C3.P2 Implement a process to detect and revoke compromised tokens as soon as possible. UB6.C3.P3 To store tokens use secure storage solutions, such as environment variables, key management service or secure vaults | UB6.C3.T1 Long-lived tokens that are not rotated regularly increase the risk of misuse if they are compromised. UB6.C3.T2 If a token is compromised and not immediately revoked, unauthorized access can continue UB6.C3.T3 Storing tokens in plain text can expose them to unauthorized access. | ||
UB6.C4 SMS | UB6.C4.K1 Users authenticate with SMS | UB6.C4.K1.P1 Avoid using SMS as the primary form of 2FA. | UB6.C4.K1.T1 Cybercriminals can send fake verification codes or request real codes sent by legitimate services. | |
UB6.C5 Authentication apps | ||||