This week we got a call from a business owner that has had a persistent reoccurring IT issue. It’s annoying and stops their work. They’ve had 3 different IT providers try to solve it over the last year plus without success. I hopped on a call with them and my engineer. Within about 20 minutes he found the root of the issue and resolved it.
While troubleshooting we looked around in the logs of the server, we noticed something else that the client didn’t know about. His network was being brute force attacked. There were over 320,000 attempts to log into his server in the last 60 days.
What is a Brute Force Attack?
Brute force is just what it sounds like. A hacker uses trial and error to crack passwords, login credentials and encryption keys. Done manually it would take forever, so they use a program that can attempt multiple logins every second. They simply set it and walk away letting the program run until it comes back with the correct password.
This is a common attack method to gain access to a network. Brute force kits are sold on the dark web and are an easy place for an attacker to start.
How to Defeat a Brute Force Attack
The good news for this business owner is that while brute force attacks pose a serious threat, there is a lot that can be done to prevent them. Strong Passwords, Active Directory Best Practices, Multi-Factor Authentication, Geo-Blocking, and Intrusion Prevention Services can all help.
Strong Passwords
This one has been preached by IT guys from the beginning of time. It really does make a difference. An 8-character password will take anywhere from a few minutes to a couple of hours to crack. A 16-character password will take centuries or longer to crack.
The folks at Bitwarden made this fancy infographic to help illustrate the point. They also reminded us that our passwords should be unique, random, and long. Don’t reuse passwords. Get a password manager if you have trouble remembering all the passwords in your life.
Active Directory Best Practices
Another simple thing you can do is to audit your Active Directory regularly. This means when an individual leaves employment at your organization you remove all access and shut down their account. Unused accounts are a gold mine for attackers. In addition, other best practices such as removing any built-in admin accounts can make a big difference as well.
Ensuring that all users have only the access they need to be able to do their job is a good strategy. IT guys call this the principle of least privilege.
Following a few AD best practices helps to secure your network.
Multi-Factor Authentication
MFA is another way to secure remote access to your network. This can help to defeat many brute force attacks. Even if they manage to get working credentials to the network, they still can’t gain access without MFA. This presents a new challenge to attackers that many are simply too lazy to try and defeat.
It’s recommended that you enable MFA everywhere. It’s a simple inexpensive way to protect your work and personal accounts and can even help defeat brute force attacks.
Geo-Blocking
Another method to stop attackers from brute forcing your network is to block the source of those attacks. In our example we could see that most of the attacks were coming from Russia and the Middle East. This business does not do any business in those parts of the world. Any traffic coming from those locations is likely malicious for them.
Most firewalls have a feature called geo-blocking that allows you to block traffic from certain parts of the world. In this case the client asked us to block anything outside of the US, because they don’t do any business internationally. They could still be attacked from someone in the US of course, but in their case a very high percentage of the attacks were coming from overseas, so this was an effective strategy.
Intrusion Prevention Services
Another great security feature that every business should put in place is IPS. This is typically a feature on your firewall and allows you to detect and prevent threats. It can spot when a certain IP is attempting to login repeatedly and takes automated action to block that attacker. In addition, it can help protect your network against various exploits, worms, and viruses.
Next Steps
There is always a lot to think about with network security. Taking a few simple steps like these can help you to stop brute force attacks in their tracks. If that sounds complicated and daunting, we can help. i.t.NOW’s team of security experts can make sure you have the right solutions in place to protect your network and data. Give us a call today.
