3 Important steps to improve network security against brute-force attacks

A brute-force attack is a type of cybercrime which involves automated hacking activity using bots. The primary aim of a brute-force attack is to crack a password in order to gain access to a user account in an unauthorized manner. Using the automation tool, an attacker repetitively attempts different alpha-numeric combinations at considerable speed – thousands per second – until the user’s password is determined and the account is unlocked.

With the advent of the cloud and the rapid innovations in technology, a brute-force attack has emerged as one of the most common types of outsider attack against web applications.

Here are three steps that will go a long way in improving the security of your network against brute-force attacks:

Enforce a strong password policy

A password is the first line of security when it comes to preventing unauthorized access. A strong password policy, therefore, can ensure that your users set up passwords that are strong and not easily compromised. Here are some important aspects you can regulate by setting up a password policy:

  • Password Length

A brute-force attack typically works by continuously trying every possible combination using numbers, letters and special characters. The shorter the password length, the fewer the combinations and the easier it is to crack. If the password length is known (or is fixed), again, it becomes easy for the attacker to attempt combinations of that particular length, although it will take longer depending on its length.

  • Password Complexity

A dictionary attack is a subset of the brute-force attack, which attempts to crack a password by trying all English words and then trying them with multiple combinations of other words and numbers. If users are setting simple passwords because they are easy to remember, they will also be easier to crack.

  • Password Expiry

Periodically, the system must prompt the user to change their password so that any possible ongoing attack can be effectively guarded against. Moreover, this practice will also mitigate undetected breaches of privileged accounts.

Use multi-factor authentication

Multi-factor authentication puts an additional layer of security between the brute-force attacker and your data. With MFA, even if the password has been correctly identified by the bot, the attacker will be unable to proceed because the system will require either an OTP or a confirmation from a different device (such as a smartphone app).

Another way to set up an additional layer of security at the login point would be to use a captcha – a box showing warped text or images and require manual entry of a response. This will effectively keep out a bot that is executing automated scripts.

Set up an account lockout policy

Set up a policy wherein you can detect and block suspicious login attempts. Locking an account after three failed login attempts, or attempts to login from a different country or an unlikely hour can prevent intruders from entering into the system. To resume work, the authorized user will need to seek administrator intervention to unlock the account.

You can also set up a progressive delay lockout wherein an account is locked for a fixed period of time after a certain number of failed login attempts. The lockout period can progressively increase with the increasing number of failed attempts and helps keep out brute-force attack bots long enough to make them ineffective.

Akku is an Identity and Access Management (IAM) solution that comes equipped security features to accomplish all the steps described above. Whether you are working with cloud-based or on-premise apps or a combination of both, Akku can help you protect your data from brute-force attacks. Contact us today.

What is Zero Trust Security?

As organizations increasingly place their data and applications across multiple locations on the cloud, zero trust security is rapidly gaining ground as the network security model of choice among enterprises.

Zero Trust Security is a security model in which a user, irrespective of whether he/she is within or outside the network perimeter, requires an additional verification to get access into a network. There is no particular technology or software product associated with this security model. It simply requires an additional security layer to verify users. This could be anything from biometric verification like thumb-print scanning, or a digital signature verification. Of the two, biometric verification is preferable as it can neither be recreated nor hacked.

Traditionally, organizations have been using what is referred to as the castle-and-moat approach to network security. In this model, the network is the ‘castle’ which is protected by security solutions as a ‘moat’. With this approach, part-of-the-network users were blindly trusted and allowed to enter the castle. However, as companies grew, their data and applications grew with them and the need to split them and store them in multiples silos rose. It also became easier for hackers to gain entry into a “protected” network by accessing a single user’s credentials.

Instead of the castle-and-moat model, adopting the zero trust security model and adding an additional layer of security to a network has been shown to prevent instances of data breaches.

Principles behind zero trust security

1. Trust no one: The model assumes that all the users of the network are potential attackers and hence, no users or systems are to be automatically trusted.

2. Least-privilege access: The users are given access based on a need-to-use basis and nothing more. This can eliminate each user’s exposure to vulnerable parts of a network.

3. Microsegmentation: The entire network is split into segments, each with its own authentication process.

4. Multi-factor authentication: Access to the network requires additional evidence that the user is legitimate.

The network of an organization is its gold mine and most organizations are increasing their spend on network security. Implementing a zero trust security model can go a long way in protecting your network from breaches.

Akku from CloudNow is an intelligent security solution which helps you enforce a zero trust security policy. To know more about its features and how it can benefit your organization’s network security, get in touch with us now.

Protect your Business from Privilege Abuse with IAM

Privilege abuse – that is the security threat that your business’s IT team is most worried about. According to a survey conducted in March 2014 among more than 4000 IT security executives, over 88% of them fear that users who have access to the organization’s applications and data are the ones who are most likely to compromise it and lead to a security breach.

Privilege abuse, or privileged user abuse, refers to the inappropriate or fraudulent use of permitted access to applications and data. This could be done, either maliciously, accidentally or through ignorance of policies. In addition to causing financial losses, such insider breaches also damage the organization’s reputation, sometimes irreparably.

Continue reading Protect your Business from Privilege Abuse with IAM

Why is multi-factor authentication indispensable?

Ever heard of the butterfly theory? A single flap of a butterfly’s wings in Australia has the potential to cause a tsunami in Indonesia. Similarly, a minor tweak in your IT infrastructure has the potential to make every node of your network vulnerable to serious attacks, irrespective of their relationship. To ensure that network security remains as streamlined as possible through any number of changes to your IT systems, it is crucial to add a virtually unhackable component to your network security.

Continue reading Why is multi-factor authentication indispensable?

Why data breaches happen & what you can do to stop them

War seems to have taken a new form in the Information age. Large corporations have reported increased data breaches in the last couple of years and the number is all set to increase in 2019.

Continue reading Why data breaches happen & what you can do to stop them

The IAM Imperative: Through An SMB’s Eyes

Today’s MNCs were once small or medium businesses (SMBs). Small and medium businesses are the proving ground for emerging technology, as they have tight budgets and require specific, targeted functionality that suits their style and processes. Once products and solutions pass this litmus test, they start becoming more mainstream, being absorbed more widely by companies and consumers.

Continue reading The IAM Imperative: Through An SMB’s Eyes

Password Managers can be Hacked. Now What?

On average, every person has 7.6 accounts – that’s a lot of user IDs and passwords for an individual! Remembering the user ID and password for all these accounts is obviously very cumbersome, and third party service providers have capitalized on this to provide password management services. A password manager is essentially a single repository for all your credentials. Two very popular password managers are LastPass and Dashlane. These are applications which will store your credentials in a “secure” database. However, they haven’t been spared by hackers, who breached their security to get access to thousands of user credentials.

Continue reading Password Managers can be Hacked. Now What?

Why Blocking Personal Emails in the Workplace is Essential

Your employees accessing their personal email at work for a few minutes in a day sounds harmless enough. But access to personal email in the workplace is in fact a potential hazard to company data, security, and productivity for a number of reasons.

Continue reading Why Blocking Personal Emails in the Workplace is Essential

Can you Trust the Agent on your Active Directory?

If a company works with very few applications, user repositories would have to be mapped individually for each application. Every new user needs to be validated with each individual user directories to be able to access the respective protected application. This means that the same user has to log in separately every time he/she wants to use each application on the network. The inefficiency of this model was reduced greatly with the advent of Active Directory and LDAP.

A significant number of identity and access management solutions have the need to work with Active Directory as the repository of user information against which access is verified. Active Directory generally controls user identity and access permissions to everything from files, networks, and servers, to on-premise and cloud applications. However, integrating an Active Directory or LDAP with on-premise and cloud applications require third-party agents to be installed on your network.

Continue reading Can you Trust the Agent on your Active Directory?

Cloud Multi-factor Authentication is the Future of Network Security

Is the only thing standing between your business’ critical data and a cyber attack a set of usernames and passwords? If yes, then it’s definitely time for a security upgrade for your cloud and on-premise applications.

We are increasingly using applications on our smartphones for business and personal purposes. Everyday activities have become much easier and more efficient to perform; what used to take us days to process can take us seconds today.

Continue reading Cloud Multi-factor Authentication is the Future of Network Security