IT BEST PRACTICES

Subscribe to
IT Best Practices.

STAY CONNECTED

    Brute Force Hacking: Are Your Servers Safe?

    Hollywood often portrays the hacker as an individual who is highly adept at guessing usernames and passwords. In the real world, servers actually do get hacked in this way. However, the guessing isn’t done by a person but rather by software. The software sometimes does this systematically by using all possible combinations of characters to guess usernames and passwords.

    Sometimes they may use to great effect, a list of default usernames and passwords commonly used by lazy people. Because of the software’s speed and the prevalence of weak usernames and passwords, the hacker has a good chance of success.

    Even when an individual changes the default username and uses a somewhat stronger password, their server accounts can still be hacked in a reasonable length of time. This is because most people use passwords that are easily remembered and therefore use words with possibly a few numbers appended. These words can be accessed in dictionaries and name lists. Brute force hackers don’t always work alone. They often have access to online resources and communities that share and sell software, word lists, and algorithms that intelligently guess passwords.

    Sometimes the login page provides clues that facilitate username and password guessing. For example, the login page can respond to failed attempts with phrases such as “username does not exist” and “incorrect password.” It’s a simple matter to program hacking software to respond to these phrases.

    Counter-Measures

    An often used counter-measure against brute force attack is blocking the attacking IP address after a prescribed number of failed login attempts. However, the hacker can circumvent this somewhat by using massive lists of proxy servers with different IP addresses. Therefore an attacker with a list of 5,000 proxies can make 25,000 login attempts when each IP address is blocked after five unsuccessful tries. Another problem with IP blocking is that it may block legitimate users of these proxies.

    Another counter-measure is locking out user accounts after a set number of login failures. However, this becomes an inconvenience for the owner of an account that is frequently attacked. The hacker may continue these attempts to effectively deny users access to their accounts.

    Many other counter-measures are used for blocking brute force attacks, but each has its weakness that makes counter-counter-measures possible. One can also layer several of these counter measures to present a more difficult target to the hacker. In the end, the most effective security is the use of strong passwords with long strings of randomized characters.

    If you require secure and reliable server hosting for your business, please contact us.

    Brute Force Hacking: Are Your Servers Safe?

    Hollywood often portrays the hacker as an individual who is highly adept at guessing usernames and passwords. In the real world, servers actually do get hacked in this way. However, the guessing isn’t done by a person but rather by software. The software sometimes does this systematically by using all possible combinations of characters to guess usernames and passwords.

    Sometimes they may use to great effect, a list of default usernames and passwords commonly used by lazy people. Because of the software’s speed and the prevalence of weak usernames and passwords, the hacker has a good chance of success.

    Even when an individual changes the default username and uses a somewhat stronger password, their server accounts can still be hacked in a reasonable length of time. This is because most people use passwords that are easily remembered and therefore use words with possibly a few numbers appended. These words can be accessed in dictionaries and name lists. Brute force hackers don’t always work alone. They often have access to online resources and communities that share and sell software, word lists, and algorithms that intelligently guess passwords.

    Sometimes the login page provides clues that facilitate username and password guessing. For example, the login page can respond to failed attempts with phrases such as “username does not exist” and “incorrect password.” It’s a simple matter to program hacking software to respond to these phrases.

    Counter-Measures

    An often used counter-measure against brute force attack is blocking the attacking IP address after a prescribed number of failed login attempts. However, the hacker can circumvent this somewhat by using massive lists of proxy servers with different IP addresses. Therefore an attacker with a list of 5,000 proxies can make 25,000 login attempts when each IP address is blocked after five unsuccessful tries. Another problem with IP blocking is that it may block legitimate users of these proxies.

    Another counter-measure is locking out user accounts after a set number of login failures. However, this becomes an inconvenience for the owner of an account that is frequently attacked. The hacker may continue these attempts to effectively deny users access to their accounts.

    Many other counter-measures are used for blocking brute force attacks, but each has its weakness that makes counter-counter-measures possible. One can also layer several of these counter measures to present a more difficult target to the hacker. In the end, the most effective security is the use of strong passwords with long strings of randomized characters.

    If you require secure and reliable server hosting for your business, please contact us.

    Subscribe to
    IT Best Practices.

    STAY CONNECTED

      ALL ARTICLES

      Cloud Services

      Component Highlight: Veeam Data Protection and Backup

      READ MORE
      Cloud Services

      Meet the team – A word (or two) from our CEO, Reyner Natahamidjaja

      READ MORE
      Cloud Services

      Why you need a full cloud platform, and the pitfalls of going piecemeal

      READ MORE
      Cloud Services

      Component Highlight: IBM Flash Storage

      READ MORE
      Cloud Services

      Can You Trust Your Old Data with Hyperscale Providers?

      READ MORE
      Cloud Services

      Increasing Data Integrity & Security through multi-site replication with CloudKey

      READ MORE
      Cloud Services

      The Dissolution of AWS and their Cloud Monopoly

      READ MORE
      Cloud Services

      Meet the team – The Insights of Chris Martin

      READ MORE
      Cloud Services

      Component Highlight: Palo Alto Firewalls and Edge Security Services

      READ MORE
      Cloud Services

      How the right cloud platform can reduce your RTO and RPO

      READ MORE

      You Have The Momentum. We Help Keep It Going.

      At Global IP Networks, our mission is to keep your net working. Our team of dedicated, certified IT experts is 100% committed to your success. For over 20 years, we’ve relentlessly helped companies like yours tackle their IT challenges to maximize the security, uptime and performance of their networks.

      That’s tenacity. That’s Global IP Networks.

      wLearn More