IT BEST PRACTICES

Subscribe to
IT Best Practices.

STAY CONNECTED


    Brute Force Hacking: Are Your Servers Safe?

    Hollywood often portrays the hacker as an individual who is highly adept at guessing usernames and passwords. In the real world, servers actually do get hacked in this way. However, the guessing isn’t done by a person but rather by software. The software sometimes does this systematically by using all possible combinations of characters to guess usernames and passwords.

    Sometimes they may use to great effect, a list of default usernames and passwords commonly used by lazy people. Because of the software’s speed and the prevalence of weak usernames and passwords, the hacker has a good chance of success.

    Even when an individual changes the default username and uses a somewhat stronger password, their server accounts can still be hacked in a reasonable length of time. This is because most people use passwords that are easily remembered and therefore use words with possibly a few numbers appended. These words can be accessed in dictionaries and name lists. Brute force hackers don’t always work alone. They often have access to online resources and communities that share and sell software, word lists, and algorithms that intelligently guess passwords.

    Sometimes the login page provides clues that facilitate username and password guessing. For example, the login page can respond to failed attempts with phrases such as “username does not exist” and “incorrect password.” It’s a simple matter to program hacking software to respond to these phrases.

    Counter-Measures

    An often used counter-measure against brute force attack is blocking the attacking IP address after a prescribed number of failed login attempts. However, the hacker can circumvent this somewhat by using massive lists of proxy servers with different IP addresses. Therefore an attacker with a list of 5,000 proxies can make 25,000 login attempts when each IP address is blocked after five unsuccessful tries. Another problem with IP blocking is that it may block legitimate users of these proxies.

    Another counter-measure is locking out user accounts after a set number of login failures. However, this becomes an inconvenience for the owner of an account that is frequently attacked. The hacker may continue these attempts to effectively deny users access to their accounts.

    Many other counter-measures are used for blocking brute force attacks, but each has its weakness that makes counter-counter-measures possible. One can also layer several of these counter measures to present a more difficult target to the hacker. In the end, the most effective security is the use of strong passwords with long strings of randomized characters.

    If you require secure and reliable server hosting for your business, please contact us.

    Brute Force Hacking: Are Your Servers Safe?

    Hollywood often portrays the hacker as an individual who is highly adept at guessing usernames and passwords. In the real world, servers actually do get hacked in this way. However, the guessing isn’t done by a person but rather by software. The software sometimes does this systematically by using all possible combinations of characters to guess usernames and passwords.

    Sometimes they may use to great effect, a list of default usernames and passwords commonly used by lazy people. Because of the software’s speed and the prevalence of weak usernames and passwords, the hacker has a good chance of success.

    Even when an individual changes the default username and uses a somewhat stronger password, their server accounts can still be hacked in a reasonable length of time. This is because most people use passwords that are easily remembered and therefore use words with possibly a few numbers appended. These words can be accessed in dictionaries and name lists. Brute force hackers don’t always work alone. They often have access to online resources and communities that share and sell software, word lists, and algorithms that intelligently guess passwords.

    Sometimes the login page provides clues that facilitate username and password guessing. For example, the login page can respond to failed attempts with phrases such as “username does not exist” and “incorrect password.” It’s a simple matter to program hacking software to respond to these phrases.

    Counter-Measures

    An often used counter-measure against brute force attack is blocking the attacking IP address after a prescribed number of failed login attempts. However, the hacker can circumvent this somewhat by using massive lists of proxy servers with different IP addresses. Therefore an attacker with a list of 5,000 proxies can make 25,000 login attempts when each IP address is blocked after five unsuccessful tries. Another problem with IP blocking is that it may block legitimate users of these proxies.

    Another counter-measure is locking out user accounts after a set number of login failures. However, this becomes an inconvenience for the owner of an account that is frequently attacked. The hacker may continue these attempts to effectively deny users access to their accounts.

    Many other counter-measures are used for blocking brute force attacks, but each has its weakness that makes counter-counter-measures possible. One can also layer several of these counter measures to present a more difficult target to the hacker. In the end, the most effective security is the use of strong passwords with long strings of randomized characters.

    If you require secure and reliable server hosting for your business, please contact us.

    Subscribe to
    IT Best Practices.

    STAY CONNECTED


      ALL ARTICLES

      Blog

      Shining Light on Our Clients’ Biggest Areas of Vulnerability

      READ MORE
      Cloud Services

      How Cloud Services Can Improve Your Bottom Line

      READ MORE
      Cloud Services

      Does Moving to Cloud Services Mean Losing Control of My Data?

      READ MORE
      Cloud Services

      How Inefficient Data Center Management May be Crippling Your Business

      READ MORE
      Uncategorized

      Ariat Western Wear, Indonesia, and the Cloud: a Global IP Networks Update

      READ MORE
      Blog

      Employees are Going Back to the Office: Should Your Business Keep Cloud Services?

      READ MORE
      Blog

      3 Ways the Cloud Can Boost the Efficiency of Your Supply Chain

      READ MORE
      Uncategorized

      “Tenacious Technology”: Global IP Networks’ Approach to Five-Star Service Delivery

      READ MORE
      Blog

      3 Unexpected Ways NaaS Creates Business Value

      READ MORE
      Blog

      Why IT Assessments For Healthcare Organizations Are Vital

      READ MORE

      You Have The Momentum. We Help Keep It Going.

      At Global IP Networks, our mission is to keep your net working. Our team of dedicated, certified IT experts is 100% committed to your success. For over 20 years, we’ve relentlessly helped companies like yours tackle their IT challenges to maximize the security, uptime and performance of their networks.

      That’s tenacity. That’s Global IP Networks.

      wLearn More