How to Defend Your Servers Against a Brute Force Attack

Protecting your company’s network is a full time job, and there are plenty of dangers out there that you must be aware of. Luckily, there are some relatively simple ways to protect your environment.

What is a Brute Force Attack on your system?

Brute Force AttackOne of the most basic attempts to break in to a server involves using a program to automate log in attempts by guessing log in and passwords. This is known as a brute force attack or dictionary attack. Usually these programs target specific services such as FTP, SSH, and RDP because they are the most common services seen on servers, and also the services with the most access to a system. 

Along with the threat of unauthorized access, these brute force attacks can cause log files to fill up with failed log in attempts and depending on the scale of the attack possibly breaking vital services of a server and running up the internet costs. There are a few basic to advance steps in securing a server from these attacks such as changing at-risk services default ports, creating strong passwords, and using IP restrictions.

Three Ways to Prevent a Brute Force Attack:

One of the most basic and fundamental security measures is creating a strong password.  One of the main problems we encounter with passwords for any service is picking something you can remember.  A strong password would be a password over eight digits and contains special characters and numbers.  However, special characters and number may help add to the complexity of the password, but there are dictionaries downloadable to hackers that can alter words with common substitutions such as O’s to 0 or A’s to 4’s.  So even complex passwords are at risk. This comic explains it best:

Password Security Strength Comic

A great comic on the issue of password security from xkcd.com

 

Hackers also like to go after sites with weak security versus a site with heavy security and when sites change the default ports on services such as RDP or FTP it makes them a lot harder for a hacker to find the port and attack it.  Changing the default port a service uses may be as easy as going into the configuration of the service and setting the port to a different number or it could require some registry edits or research because it may not be so straight forward. 

The problems that arise with this include: the port number is already in use, forgetting that the default port is different, or not setting the firewall to allow traffic through the changed port.  Before changing the port do a quick search for “port ####” on the internet.  Once you have found a port that is not used, be sure to document the change.  Then check your firewall and ensure that traffic can flow through it.  You may have to add a rule to the firewall that allows access to the port.  There is no ‘one answer’ for how to change a port of a service or program – each one has their own unique settings so I recommend doing some research before you go changing all your services ports.

Restricting IP addresses is one the more advanced methods of foiling brute force attacks or any type of hacking attempt.  If you know the IP address of the computers that commonly access these services you can deny access to everyone else.  You’ll need a firewall with these capabilities and the knowledge of how to configure it properly, but once in place, this can eliminate access for everyone except those who need it.  This type of blocking does require that the IP addresses of the computers accessing the services remain static or else it will require constant upkeep.

These are just a few security measures that can be taken to defend your network against a brute force attack.  By adding an extra layer or two of security, a hacker won’t waste their time going after your server and will target the next guy who didn’t take the time to prevent these types of attacks.









VN:F [1.9.22_1171]
Rating: 6.5/10 (2 votes cast)

About Fpweb.net Crew

Our business is centered on bringing enterprise-class strategy, support, and security to your hosted or managed platforms no matter where you choose to deploy your environment. We specialize in providing managed services, cyber security, and expert, USA-based, 24/7 Absolute Support® on-premises, or in any cloud.
This entry was posted in Network Administration and tagged , , , , , , , , , . Bookmark the permalink.

One Response to How to Defend Your Servers Against a Brute Force Attack

  1. Fahad Rafiq says:

    Password crackers are using automated scripts to target websites to hack the passwords and Brute Force Attacks have become a common thing, but many don’t know the concept behind it and how these attacks are so successful at cracking the passwords of the websites.

    The easiest method to block such attacks is by blacklisting the IPs that carry out such abuses, many hosting providers have added Brute Force Attacks protection in their added security features.

    For more information about these attacks read: http://www.cloudways.com/blog/what-is-brute-force-attack/

Leave a Reply

Your email address will not be published. Required fields are marked *

Let's make sure you're human first: *