This exercise (50 points) uses the AWS Cloud9 environment develop and fully test a set of tools and Web Forms to perform the following functionality:
a. Password Login form – This Python form allows a user to login to a simple web application with a username and password. A file can be used to store the username and password for validated users for this activity. No additional Web application functionality is needed after successful login other than a Greeting of your choice and the ability to update the password in a form.
b. Password update Form – This Python form allows a user to update a user’s password after they have successfully logged in.
c. Authentication functions – These Python functions that will check the following NIST SP 800-63B criteria are met upon login or upon password update: SHALL be at least 8 characters in length
• SHOULD be no more than 64 characters in length
• SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised (Provided as CommonPasswords.txt)
• If the chosen secret is found in the list, the application SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value
• SHALL implement a time-based rate-limiting mechanism that effectively limits the number of failed authentication attempts that can be made on the subscriber’s account. For this exercise throttling should start after 15 attempts.
• When the subscriber successfully authenticates, the verifier SHOULD disregard any previous failed attempts for that user from the same IP address
d. Logger – Create a log to log all failed login attempts. The Log should include date, time and IP address.
e. Log Analyzer – Create a Python log analyzer application that reads the log file created in part d to identify and geo-locate all IP addresses where more than 10 failed attempts in a period of less than 5 minutes. The geolocation should include the Lat/Long value provide from the IP Address location.
A sample report might look like this:
100.16.4.23 had 12 failed login attempts in a 5 minute period on Jul 7, 2019.
100.16.4.23 has a Lat/Long of 41.2908816/-73.610759.
Hints:
1. Leverage the File I/O, Flask and Data structures work previously performed in the class.
2. Use functions to enhance code reuse and modularity.
3. Use the AWS Cloud9 IDE.
4. Use Python Lists or other data structures to store the Common Passwords and then appropriate search functions to expedite comparisons.
5. You can use “request.environ[‘REMOTE_ADDR’]” to obtain the client IP address. You will need to import the request package: “from flask import request”.
6. You will need to load the ip2geotools Python module to perform the GeoLocation (sudo python3 -m pip install ip2geotools). You will need to import the IpCity Package (from
ip2geotools.databases.noncommercial import DbIpCity). See the ip2geotools for additional method and objects available.
They have a magnificent team. These people are always kind and willing to listen to your concerns or issues. Better yet, your assignment is always ready before the time, they usually send you a draft to double-check before they finalize your paper.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more