A security breach made me to be more thinking what OR how is a practical security. I think it’s important not only to protect aginst attack but also to prevent it. However we can easily lean to the former because it’s take more time and money also than the latter. The other hands, the prevent action is effective and efficent in terms of security.
There is a brute force attack in order to find a password of a target user. We use just six number as a verification code like OTP. It means that an attacker can know a password in maximum 1,000,000 times in theory. It just takes 14 minute unless there is threshold of PPS.
Anyway we can protect the attack by block the IP addresses used in it. But attacker keep to trying to attack with change the IP address. After all, the prevention is not property prevention.
We need to know why/how did the attacker attack in order to cut off the root cause. That is what we call the user profiling. But it’s not easy as you know. We are lack basically about an attacker who is hidden like a rootkit.
We already know that is. So we must make persistent effort to follow up the attacker as if we are waiting rainbow.
Practical Security 