Brute Force Attacks
Brute force attacks (also known as brute force cracking) occur when a threat actor tries to gain access to a system or network by systematically trying as many combinations of usernames and guessed passwords as possible.
Hackers let the computer do the work – trying different combinations of usernames and passwords - until they find one that works i.e. using sheer 'brute force' to crack the code. Once attackers have access to the network, they’re much harder to catch - so catching and neutralizing a brute force attack in progress is imperative.
There are some simple ways to avoid brute force attacks:
- Utilize a strong password policy for each web application or public server, that will require alphanumeric passwords, and frequent password changes
- Limit failed login attempts
- Use Captcha
- Restrict logins to within a specific IP address or range
- Require two-factor authentication