Security strategies for preventing credential abuse and stuffing attacks (MS-SS-11)

• Set up a run-time credential abuse prevention mechanism. For example, allow set number of login attempts to be made from an IP address. Once this threshold is exceeded, take a preventative measure such as throttling the login requests from that IP or temporarily blocking it.
• Deploy a credential-stuffing prevention mechanism where it checks user logins against a database of compromised credentials (like a list of revoked tokens) and alerts legitimate users if their credentials are stolen.
• Deploy and configure IDS/IPS systems to safeguard against the following attacks:

  - Detecting DoS/DDoS attacks and raising a flag as soon as a service becomes unavailable.
  - Detecting a distributed network probe (i.e. IP and port scans).
  

• Configure malware and antivirus systems to scan file uploads as well as each container's memory and file system contents.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/architecture-design/106-T2126/