View Single Post

  Post #13 (permalink)   12-10-2017, 03:03 PM
Evolution Host
HD Newbie
Join Date: Dec 2017
Posts: 12

Status: Evolution Host is offline
I'm assuming that we're considering brute force attacks against a service running on the internet. Offline cracking against a dump of stolen passwords which are hashed is another topic! None the less, here's my take on online attacks:

Usernames and Passwords
In terms of prevention/protection for brute force attacks, your first point of call should of course be secure passwords. Most brute force attacks will involve the use of a "dictionary", sometimes known as a "dictionary attack", wherein the attacker will use a list of commonly used words that are then "mangled". The idea being that a password such as secur3P4sswrd1234 would quickly be guessed since it consists of the word "secure" and "password" with various mangling applied. As long as you avoid common passwords and easily guessed passwords such as those derived from personal information that you may have posted online, you're off to a good start. It also helps to avoid default usernames such as "root" as the attacker would then also have to guess or find the username. If you're running an SSH server on a common port, it's likely that "sudo lastb | head" will show lots of failed login attempts for usernames like "admin", "root" etc due to SSH worms that will randomly attack your server.

Securing the service
Since brute force attackers rely upon the ability to try many passwords within a short space of time, we can almost entirely eliminate the risks by slowing down authentication attempts. The most common approach is to place a temporary block on the IP address or account after a set number of failed authentication attempts take place.

You could build this functionality into your applications, or if you have terminal/SSH access to your server and wish to secure existing software, fail2ban is a great tool. It's essentially a log monitor that can automatically block an IP address after a defined number of failed login attempts. It supports software such as OpenSSH, various FTP servers and various web servers out of the box.

Assuming that your passwords are strong, this strategy goes a long way towards securing your server and may even reduce the load on the server by blocking lots of junk requests.

If you're still concerned about the extremely small chance that an attacker could guess the correct password, or are concerned that given a long time (many months/years) the attacker could still succeed, password rotation and IP whitelisting can mitigate this risk.

Last edited by Evolution Host : 12-10-2017 at 03:14 PM.
The Following User Says Thank You to Evolution Host For This Useful Post:
Harv45 (01-25-2018)