How to protect server from Brute Force Attacks
How to protect server from Brute Force Attacks?
What is Brute Force Attacks on server:
An Attacker is enabled to run an automated app/script thus finding
out account's password from a list of passwords (dictionary file) the Brute
force (also known as brute force cracking) is a trial and error method used by
application programs to decode encrypted data such as passwords or Data
Encryption Standard (DES) keys, through exhaustive effort (using brute force)
rather than employing intellectual strategies.
This helps in determining what
should be avoided from having weak passwords, safeguarding the systems. A weak
password has less than 8 characters (in lower-case) having few consecutive
numbers or some commonly used or identifiable words. Conversely, a strong
password is one which won't be commonly used or identified elsewhere. It has
different numbers, special characters, upper and lower case letters randomly
used.
If you're using cPanel/WHM", cPHulk Brute Force
Protection" system found in "Security Center" is useful. Based
on IPs, timing, and failed login attempts, you are provided several
easy-to-configure rules. Against most common brute force/DDoS/DoS attacks,
DirectAdmin users are supposed to check "Administration Settings" at
Admin Access level. Then only, they should go to next section i.e. Security
Section for a similar configuration.
You can prevent more than 2 connections every minute to the
SSH port(22) and can block host's IP address for 5 minutes by applying
following rules:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m
recent --set --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m recent --update
--seconds 300 --hitcount 3 --rttl --name SSH -j LOG --log-prefix
"SSH_brute_force"
iptables -A INPUT -p tcp --dport 22 -m recent --update
--seconds 300 --hitcount 3 --rttl --name SSH -j DROP
Secure Shell service is found to be most vulnerable to such
attacks. Besides this, Email, FTP, IMAP Server etc. are also vulnerable to
these attacks. Initiating many connections simultaneously causes low server
productivity, enhanced resource usage, and lesser network capabilities despite
using entirely secured passwords. This lies at the core of Distributed Denial of Service (DDoS) attacks
that cause system overloading, thereby leading to the system outage.
Comments
Post a Comment