Protecting your company’s network is a full time job, and there are plenty of dangers out there that you must be aware of. Luckily, there are some relatively simple ways to protect your environment.
What is a Brute Force Attack on your system?
One of the most basic attempts to break in to a server involves using a program to automate log in attempts by guessing log in and passwords. This is known as a brute force attack or dictionary attack. Usually these programs target specific services such as FTP, SSH, and RDP because they are the most common services seen on servers, and also the services with the most access to a system.
Along with the threat of unauthorized access, these brute force attacks can cause log files to fill up with failed log in attempts and depending on the scale of the attack possibly breaking vital services of a server and running up the internet costs. There are a few basic to advance steps in securing a server from these attacks such as changing at-risk services default ports, creating strong passwords, and using IP restrictions.
Three Ways to Prevent a Brute Force Attack:
One of the most basic and fundamental security measures is creating a strong password. One of the main problems we encounter with passwords for any service is picking something you can remember. A strong password would be a password over eight digits and contains special characters and numbers. However, special characters and number may help add to the complexity of the password, but there are dictionaries downloadable to hackers that can alter words with common substitutions such as O’s to 0 or A’s to 4’s. So even complex passwords are at risk. This comic explains it best:
Hackers also like to go after sites with weak security versus a site with heavy security and when sites change the default ports on services such as RDP or FTP it makes them a lot harder for a hacker to find the port and attack it. Changing the default port a service uses may be as easy as going into the configuration of the service and setting the port to a different number or it could require some registry edits or research because it may not be so straight forward.
The problems that arise with this include: the port number is already in use, forgetting that the default port is different, or not setting the firewall to allow traffic through the changed port. Before changing the port do a quick search for “port ####” on the internet. Once you have found a port that is not used, be sure to document the change. Then check your firewall and ensure that traffic can flow through it. You may have to add a rule to the firewall that allows access to the port. There is no ‘one answer’ for how to change a port of a service or program – each one has their own unique settings so I recommend doing some research before you go changing all your services ports.
Restricting IP addresses is one the more advanced methods of foiling brute force attacks or any type of hacking attempt. If you know the IP address of the computers that commonly access these services you can deny access to everyone else. You’ll need a firewall with these capabilities and the knowledge of how to configure it properly, but once in place, this can eliminate access for everyone except those who need it. This type of blocking does require that the IP addresses of the computers accessing the services remain static or else it will require constant upkeep.
These are just a few security measures that can be taken to defend your network against a brute force attack. By adding an extra layer or two of security, a hacker won’t waste their time going after your server and will target the next guy who didn’t take the time to prevent these types of attacks.