Even though brute force attacks may seem somewhat antiquated and inefficient, they are still actively used and can be an effective way to gain unauthorized access to a system. Brute force attacks can be successful under a number circumstances: |
Password Lockout & Auditing
Brute force attacks can only succeed if the authentication system where the logons occur (whether a web site, network device, server) does not lock out users after a number of unsuccessful logon attempts, or if account lockout is not enabled. It's also important that the system supports auditing and that auditing is enabled, so that invalid login attempts can be detected.
Credential Stuffing & Dictionary Attacks
Since attempting every possible combination of a password can be impractical even on modern systems, the attacker can use a (extensive) list of common passwords instead. These passwords can be taken from dictionary lists as well as from lists of previously stolen passwords ("credential stuffing").
Weak Passwords
System which allow weak passwords (e.g. short length, low complexity) are also susceptible to brute force attacks, especially if the systems also lack auditing and account lockout functionality.
EventSentry Benefits |
||
Validation Scripts EventSentry Validation Scripts ensure that all Windows domains and hosts have strong password policies and account lockout policies are enabled. |
||
|
||
Syslog & SNMP Logs Failed authentication attempts from remote Non-Windows devices can be alerted on. |
||