Understanding of security, Threat and the Immediate Mitigation
Threat : A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more.
What is brute force attack : In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found .
What are the differences between brute force and dictionary attacks ?
A dictionary attack means that you probe only passwords/keys from a dictionary (which does not contain the complete keyspace). A brute force attack is primarily used against the encryption algorithm itself (you can also use this against passwords but there you use dictionary attacks most time).
A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords again and again until it gets in. This repetitive action is like an army attacking a fort.
Now, you’ll think: “Wow that’s easy, I can do that too.”
You can try it out for sure!
Usually, every common ID (for e.g. “admin”) has a password. All you need to do is try to guess the password. Let’s say if it’s a 2-digit-pin, you have 10 numeric digits from 0 to 9. This means there are 100 possibilities. You can figure this out with pen and paper like Mr. Bean who tried to find correct last two digits of the phone number of the lost kid’s father in the movie, Mr. Bean’s Holiday.
What to do now?
There are many tools available for securing different applications which will deny a user after a predefined number of attempts.
For example, for SSH we can use Fail2ban or Deny hosts. These programs will deny the IP address after a few wrong attempts. These tools do a good job. However, there is a twist to all this.
you can take some precautionary measures like :
Password Length : The first step towards Brute Force Attack prevention should be longer password length. Nowadays many websites and platforms enforce their users to create a password of certain length (8 – 16 characters).
Password Complexity :- Another important thing is to create a complex password. Passwords like ‘ilovemycountry’ or ‘password123456’not recommended. password should consist of UPPERCASE and lowercase alphabets and should also have numbers and special characters. Complexity of the password delays the cracking process.
Using Captcha : Captchas are now commonly used in websites. They prevent bots from executing automated scripts mainly used in Brute Force attack. Installing captcha in your WordPress site is fairly easy.Install Google invisible reCaptcha plugin and link in to your Google account. Now go back to plugin setting page and define the places where you would like the user to get captcha first before performing the actual task.
Two Factor Authentication : Two Factor Authentication is an extra line of defence which can defend your account from Brute Force Attack. Chances of successfully executing Brute Force attack on 2FA protected sites are very thin. There are various ways to implement 2FA in your WordPress site.
Other best practices are:
Unique password for each account.
Frequent password change.
Avoid sharing credentials through insecure channels.
Use a firewall
Document your cyber security policies
Educate all employees
Enforce safe password practices
Please rotate your device
We don't support landscape mode on your device. Please rotate to portrait mode for the best view of our site