Protecting against Brute Force Attack

  • Article

Protecting against Brute Force Attack

Brute force attacke which is also known as Dictionary attack in which attacker uses different set of combinations for username and passwords. Think about having two text files with hundreds of usernames and possible passwords in the other one. They use a brute force attacker application against any such website which requires authentication. Now, think this way that so many requests being generated on your website which can sometimes hang your servers and bring down the website for other users.

How to protect?

Microsoft Active Directory provides a very nice feature in Group polices as Account Lockout policy. You should always use this policy to lock the account after x number of failed attempts. Now, if attacker uses the brute force to storm into your website the possibility is that the username will get blocked in initial few attempts.

You should also apply the policy which says to change the password after x number of days. This policy helps in providing protection against some attacks like someone took control of your SAM database which hold passwords in Hash format. if someone get a SAM file it will probably take him very long time to break that. In case if you have this policy setup then the chances are that by the time an attacker would be able to break the passwords from hash, you would have already changed the password to a new one. Let's say 45 days is what u selected and if attacker takes longer than this to break the hash, you are still safe because now he will have to start all over again.

Educating the users to use complex passwords everywhere is very neccessary. Its not only user company network which is exploited, it could be your personal email address, your blog password or your online banking password. Complex passwords are very difficult to break. You never know from where the attacker will fetch the information so, you should try to use different passwords everytime you require. If you use same password everywhere and it got broken at any place....then BOOM all the places where you used the same password will get hacked.

I was studying an article on internet and found a study which says that more than 50% of people working in a company can exchange their network passwords in return of a chocolate bar........Isn't that amazing !!!!