SMA100: How to block Brute Force & Dictionary attacks with SMA

Description

SMA100: How to block Brute Force & Dictionary attacks with SMA

Resolution

Brute force attacks as well as Dictionary attacks can be blocked by using Web application firewall in the SMA appliance.

For these sort of attack a rate limiting can be configured in the custom rules (along with rule chain 15002): 


Image


Max allowed hits and reset hit counter period can be set according to admin's preferences

After the rule is enabled the rate limiting will ensure that if the rule is triggered more times than the threshold configured (within a certain amount of time) then no more connections will be allowed from that remote machine.

This effectively prevents the intruder from executing brute force attacks

Tracking can be done per IP address and per session.

When set per session a cookie send from the remote user browser is used to identify whether the user has an already open session.

When set per IP the remote user's public IP is tracked

Tracking based on IP is more secure because a user could initiate multiple user sessions for each attack


Related Articles

  • CMS: アプライアンスをCMS管理に設定する方法
    Read More
  • MySonicWall: CMSとアプライアンス(SMA1000)の関連付けおよび解除の方法
    Read More
  • SMA1000シリーズのダウングレード手順
    Read More
not finding your answers?
was this article helpful?