User Tools

Site Tools

tactics:brute-force

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tactics:brute-force [2024/10/03 08:02] – [Prevention] Humphrey Boa-Garttactics:brute-force [2024/10/07 11:10] (current) – [Prevention] Humphrey Boa-Gart
Line 10: Line 10:
 ===== Prevention ===== ===== Prevention =====
  
-[{{ :tactics:xkcd_password_strength.png?400|Popular webcomic **XKCD** lays out the 101 on password security.}}]+[{{ :tactics:xkcd_password_strength.png?300|Popular webcomic **XKCD** lays out the 101 on password security. //(Click to enlarge)//}}]
  
-The most obvious recommendation to prevent brute force attacks is with decent passwords. The longer the password, the better. Don't leave default passwords set, either. Most routers are easily brute forced because they use factory passwords like "admin" or simple words that are easy to hit with a dictionary attack. Some people insist on inserting random symbols or using 1337-speak substitution, but that is not as surefire as prevention as many people assume. Don't use the same password across multiple sites, either. A [[security:password-managers|password managers]] will simplify the management of these things, and help you generate secure passwords as need be.+The most obvious recommendation to prevent brute force attacks is with decent passwords. The longer the password, the better. Don't leave default passwords set, either. Most routers are easily brute forced because they use factory passwords like "admin" or simple words that are easy to hit with a dictionary attack. Some people insist on inserting random symbols or using 1337-speak substitution, but that is not as surefire as prevention as many people assume. Don't use the same password across multiple sites, either. A [[security:password-managers|password manager]] will simplify the management of these things, and help you generate secure passwords as need be.
  
-Further roadblocks against brute force attacks depends on the type of system that is password protected. If you have a system that is accessed remotely over the internet, you want to make sure you have brute force detection software running, which automatically sets firewall rules to lock out intruders. There are many packages that do this on the server level, and you will have to search for one that matches your particular operating system. Content management systems like Wordpress have firewall plugins that detect brute force attacks as well.+Further roadblocks depend on the type of thing that is password protected. If you have a system that is accessed remotely over the internet, you want to make sure you have brute force detection software running, which automatically sets firewall rules to lock out intruders. There are many packages that do this on the server level, and you will have to search for one that matches your particular operating system. Content management systems like Wordpress have firewall plugins that detect brute force attacks as well.
  
-If you run services like [[tools:ssh|SSH]], you can further lock things down by disabling password authentication altogether, and instead using public/private key authentication. This requires the intruder to have much longer and complicated private key to log in, which is a lot harder to brute force than a standard password. Some services and websites you can also tie in [[security:2fa|Two-Factor Authentication]] to further roadblock brute force attacks.+If you run services like [[tools:ssh|SSH]], you can further lock things down by disabling password authentication altogether, and instead using public/private key authentication. This requires the use of long and complicated private key to log in with, which is a lot harder to brute force than a standard password. Some services and websites you can also tie in [[security:2fa|two-factor authentication]] to further hinder brute force attacks.
  
-However, these methods are not universally effective in all situations. If someone manages to steal your computer or image the data off your hard drive, they can crack the password leisurely from the privacy of their home without the risk of setting off firewalls. To impede those types of attacks, it helps to have [[gear:security-key|security keys]], such as a [[gear:yubi|YubiKey]], set up as a second layer of authentication on your operating system, applications, root commands, password manager, or hard drive encryption scheme. This way, even if they crack the password, they still cannot finish unlocking the device without your security key.+However, these methods are not universally effective in all situations. If someone manages to steal your computer or image the data off your hard drive, they can crack the password leisurely from the privacy of their home without the risk of setting off firewalls. To impede those types of attacks, it helps to have [[gear:security-key|security keys]], such as a [[gear:yubi|YubiKey]], as a second layer of authentication on your operating system, applications, password manager, or hard drive encryption scheme. This way, even if they crack the password, they still cannot get in without your physical security key.
  
  
tactics/brute-force.1727942563.txt.gz · Last modified: 2024/10/03 08:02 by Humphrey Boa-Gart

Find this page online at: https://bestpoint.institute/tactics/brute-force