password cracking attacks - flowtraq has you covered
TRANSCRIPT
Password Cracking Attacks - FlowTraq has you covered
Brute Force Attacks Prey on Common Password Combinations
Brute-force attacks have been in the news again: we’ve seen wide reports of a massive wave of these attacks
against sites run using the popular WordPress software. Brute-force attacks on password-protected software are
simple but regrettably effective: an attacker gets a list of common usernames and a large set of common
passwords, and makes hundreds or thousands of connections to find a pair that works. Once it does, they’ve got
access to your system. It’s crude, but it’s effective: nearly one hundred thousand WordPress sites have been
compromised and added to a pervasive botnet, and growing. The folks at WordPress have been quick on their
feet with a fix, but that doesn’t mean all their customers are, so this may continue for some time.
More Than an Annoyance, Password Cracking Poses Serious Risks
Now, you’ve probably given the lecture on strong passwords dozens of times over your IT career. You’ve seen
them nod their heads and roll their eyes… and chances are you’ve caught a few of them with passwords on the
common-password list anyway. Which means that while most brute-force attacks are just annoyances, there’s
always some risk.
Patient Attackers Fly “Under the Radar”
Solutions for this problem abound, but all involve a tradeoff: people don’t like it when it’s difficult to legitimately log
on, or feel punished for mistyping their password. Some software packages limit the number of attempts over a
short period of time, limiting the amount of “brute force” an attacker can bring to bear. But what if the attacker is
patient? What if they try to fly under the radar by slowing down their attempts? Many brute-force detectors will
miss these attacks, which also won’t stick out prominently in logs.
FlowTraq Pays Attention – Keeping Your Systems Safe
With its full-fidelity NetFlow store, FlowTraq keeps track of everything, even those little three-packet failed login
attempts. You can see these brute-force attempts for yourself (just about any organization with open SSH ports
will see them from time to time) or you can put FlowTraq Network Behavioral Intelligence (NBI) on the job and
save yourself some time.
Pick the ‘Volume Detector’ tool from the drop down, and profile IPPAIRS on ports like SSH or incoming HTTPS to
learn in detail what the normal traffic should look like. If the number of connections initiated from one system to
another in a short period of time (and you can define “short”!) becomes unusually large, then FlowTraq raises the
alarm and shows you exactly the who, where, and when of the attack.
From there there’s multiple things to tackle, you can block them in your firewall, or link them to a traffic-shaping
system to slow down any would-be brute-force attacker, attacking any system, giving you the time you need to
see them in your FlowTraq alerts and block them for good. It’s not a substitute for good password practices, but it
can mean the difference between crisis and annoyance.
Contact ProQSys 16 Cavendish Court
Lebanon, NH 03766
(603) 727-4477
FlowTraq Trial
Free 14-Day Trial of FlowTraq at www.flowtraq.com/trial