Brute Force isn’t, as the name implies, a sledgehammer to your security system. Rather it is a steamroller, driving back and forth into your firewall until it finds a crack through which to enter.
Sounds aggressive. It is. Sounds persistent. It is that too.
Brute Force is all about trial and error; exhaustive trial and error. Automated software is used to try all possible combinations of characters in sequence until a code – password, Data Encryption Standard – is found.
It is a time consuming but infallible approach. The only downside for criminals is that it could take years to match a password.
What’s the risk to business?
If your company website or operating systems require user authentication, then your company could be a target for Brute Force attacks.
The risks are many and varied. On the one hand, the security breach puts user accounts at risk. If those accounts contain sensitive data that is subsequently stolen or leaked, the ramifications for your business and for your customers are potentially catastrophic.
Often, the ulterior motive of Brute Force attacks is to launch another kind of attack. Vandalism, distribution of malware and disruption of service are all common motives.
What to look out for?
Brute Force attacks direct large volumes of traffic to your site and is therefore relatively easy to detect. The main and obvious symptom is a slow network, characterised by poorly performing or inaccessible websites.
You may also see a dramatic increase in the number of spam emails received, or frequently disconnecting wireless or wired internet connection.
The simplest way to prevent Brute Force attacks is to lock accounts after a defined number of incorrect password attempts. The flipside to this is that numerous accounts could be locked simultaneously, resulting in a major disruption of service.
The simplest and most effective methods are to only allow logins from specific IP addresses or to use CAPTCHAs. Assigning unique URLs to blocks of users, so that not all users access the site from the same URL, has also proven effective. A combination of these three would represent a relatively robust system.
For help and support with a range of IT services, contact Nutbourne on 0203 137 7273.