Table of Contents
This tip is about the how to Stop Brute-Force Attacks. So read this free guide, How to Stop Brute-Force Attacks step by step. If you have query related to same article you may contact us.
How to Stop Brute-Force Attacks – Guide
It’s no secret that criminals like passwords that are hard to remember. I’m not talking about passwords that contain words; I’m talking about passwords that are so simple to guess that my young niece could figure them out with little effort. It is also a problem to reuse old passwords or “tweak” old passwords (which 70% of users admit to doing). Brute force attacks are easy targets for these types of insecure passwords. That’s why preventing brute force attacks should be a priority for your cybersecurity efforts.
Companies suffer direct and indirect losses as a result of these incidents. According to the UK Information Commissioner’s Office (ICO), Cathay Pacific (an international airline) was the victim of a brute force attack in 2018 which resulted in a £500,000 penalty for non-compliance due to security measures. inappropriate. Understanding how to protecting your server from a brute force attack will help you make similar headlines.
Is there a unique approach to preventing brute force attacks? Not really. The best way to prevent a brute force attack is to use a layered security approach combined with some tried and true strategies. It’s about eliminating as many weaknesses as possible in your cyber defenses, as well as other forms of cyber attack prevention methods.
How to Prevent brute force attacks
Below are some proven ways to prevent brute force attacks:
Use strong passwords.
Having a strong password policy is the simplest and most effective way to prevent a brute force attack. You would want to create a complex password for your web application or a public server that is impossible to guess but relatively easy to remember. Follow these guidelines when creating a password:
Do not use your personal information for your passwords. Avoid using your birthday, name or email address for your passwords. Never recycle passwords for your accounts. Use unique password combinations for each of your online accounts.
30% of recycled or modified passwords can be cracked in 10 attempts. Use long passwords that contain spaces and unique characters. Include uppercase and lowercase numbers, symbols, and characters in your passwords. Create a password longer than six characters. Ideally, passwords should be at least 15 characters long. don’t use dictionary words of any language. It’s better to use random strings instead of words.
Limit login attempts.
By default, most websites, especially if they run on WordPress, allow unlimited login attempts. If you are a site administrator, you can use a plugin to limit possible login attempts on your site to block brute force attacks. These plugins allow you to enter the number of logins you want your visitors to have. When they exceed the number of attempts, their IP addresses will be banned from your site for a considerable period of time.
Monitor IP addresses.
Regarding the second tactic, you should limit login attempts to users coming from a specified IP address or range. This is especially important if you have a hybrid work environment or most of your employees work remotely. To define up alerts whenever you encounter anomalous IP address login attempts and make sure to block them.
Use two-factor authentication (2FA).
Two-factor or multi-factor authentication adds an extra layer of security to your accounts. 2FA requires a user to validate their identity by logging into an account before being granted access. For example, you will be asked to confirm that you are actually the one trying to log into your email when 2FA is enabled. Before gaining access to your account, you would have to enter a unique code sent to your mobile number as a way of verifying your identity.
Use CAPTCHA.
CAPTCHA stands for “completely automated public Turing test to differentiate between computers and humans”. Essentially, CAPTCHAs are difficult challenges for automated computer programs but easy ones for humans, such as identifying patterns or clicking on a specific area on a web page. Websites use them to restrict the use of bots and spam.
Use unique login URLs
Creating unique login URLs for multiple groups of users would be another challenging and time-consuming step for an attacker. It may not necessarily stop a brute force attack; however, it can deter undisturbed intruders.
Disable root SSH logins
Brute force attempts made in the Secure Shell (SSH) protocol are possible through the root user. Edit the sshd_config file and set it to the options “DenyUsers root” and “PermitRootLogin no” to ensure that the root user cannot be accessed via SSH.
Use Web Application Firewalls (WAFs)
A web application firewall (WAF) provides adequate protection against brute force attacks that attempt unauthorized access to your system. Generally, it enforces a maximum number of requests to a URL space from an origin during a specific time interval. In addition to brute force attacks that aim to gain access to steal session tokens, WAFs can prevent denial of service (DOS) attacks that drain server resources and block vulnerability scanning tools that investigate weaknesses in the computer network.
Final note
I hope you like the guide How to Stop Brute-Force Attacks. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.