Brute Force Attacks Prey on Common Password Combinations
Brute-force attacks on password-protected software are simple but regrettably effective: an attacker gets a list of common usernames and a large set of common passwords, and makes hundreds or thousands of connections to find a pair that works. Once it does, they’ve got access to your system. It’s crude, effective.
Password Cracking Poses Serious Risks
Now, you’ve probably given the lecture on strong passwords dozens of times over your IT career. You’ve seen them nod their heads and roll their eyes… and chances are you’ve caught a few of them with passwords on the common-password list anyway. Which means that while most brute-force attacks are just annoyances, there’s always some risk.
Attackers Fly “Under the Radar”
Solutions for this problem abound, but all involve a tradeoff: people don’t like it when it’s difficult to legitimately log on, or feel punished for mistyping their password. Some software packages limit the number of attempts over a short period of time, limiting the amount of “brute force” an attacker can bring to bear. But what if the attacker is patient? What if they try to fly under the radar by slowing down their attempts? Many brute-force detectors will miss these attacks, which also won’t stick out prominently in logs.
FlowTraq Keeps Your Systems Safe
With its full-fidelity NetFlow store, FlowTraq keeps track of everything, even those little three-packet failed login attempts. You can see these brute-force attempts for yourself or you can put FlowTraq Network Behavioral Intelligence (NBI) on the job and save yourself some time.
Pick the ‘Volume Detector’ tool from the drop down, and profile IPPAIRS on ports like SSH or incoming HTTPS to learn in detail what the normal traffic should look like. If the number of connections initiated from one system to another in a short period of time (and you can define “short”!) becomes unusually large, then FlowTraq raises the alarm and shows you exactly the who, where, and when of the attack.
From there there’s multiple things to tackle, you can block them in your firewall, or link them to a traffic-shaping system to slow down any would-be brute-force attacker, attacking any system, giving you the time you need to see them in your FlowTraq alerts and block them for good. It’s not a substitute for good password practices, but it can mean the difference between crisis and annoyance.