Brute Force Attacks are simply a method of hacking by guessing the password. It is the simplest form of hacking and while one may think it not to be bothersome; it can be quite an effective attack. Hackers employ certain software which could make a number of attempts at guessing the password, through different IP addresses. It could either be a mass scale attack, or an attempt to steal some private data or to bring down a server and could also be a combination of these. Therefore, adding security layers against it could be helpful in securing your content online.
What can be done to avoid them?
A person might have to set a number of passwords and since it is tough to remember so many, they opt for choosing one and setting either the variations of the password for other accounts or using the same everywhere. Therefore, it may be ideal to configure the server into addressing the issue. Following methods can be adopted:
- Lock-out accounts with a progressive delay between each try. Instead of blocking the accounts and being a prey of DOS attack, delays between each try will effectively reduce the burden of the administrator and it will also reduce the effectiveness of the hacking system.
- SSH attacks or brute force attacks are often made on the root user of a server and it can be configured to avoid by making it inaccessible through SSH attacks.
- The information so available can be made to be accessible by only a select few IP addresses. This may involve a lot of work and may not be appreciated by the end users.
- 2-factor authentication is also a good method of providing security against an SSH attack.
- Captcha might also be used as an additional layer of security against brute force attacks. Under this, the user also needs to enter certain displayed text along with the account password to login.
These are a few of the steps that can be used in deterring away or avoiding brute force attacks and are courtesy of credit: phoenixNAP. The most common method of overcoming this method is by using a strong password which involves 8 letters or more with special characters, uppercase or lowercase alphabets and numbers. Hence, using these suggestions help in providing a safe user experience and also help in avoiding other such hacking attempts.