SMA100: How to block Brute Force & Dictionary attacks with SMA

Description

SMA100: How to block Brute Force & Dictionary attacks with SMA

Resolution

Brute force attacks as well as Dictionary attacks can be blocked by using Web application firewall in the SMA appliance.

For these sort of attack a rate limiting can be configured in the custom rules (along with rule chain 15002): 


Image


Max allowed hits and reset hit counter period can be set according to admin's preferences

After the rule is enabled the rate limiting will ensure that if the rule is triggered more times than the threshold configured (within a certain amount of time) then no more connections will be allowed from that remote machine.

This effectively prevents the intruder from executing brute force attacks

Tracking can be done per IP address and per session.

When set per session a cookie send from the remote user browser is used to identify whether the user has an already open session.

When set per IP the remote user's public IP is tracked

Tracking based on IP is more secure because a user could initiate multiple user sessions for each attack


Related Articles

  • How to download Client Installation package and the access agents from the appliance using WinSCP
    Read More
  • SMA 1000: How to update Advanced EPC Signatures to the Latest Version
    Read More
  • If OTP is enabled, NX disconnects after SMA100 Connect Agent installation
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo