A brute-force attack involves systematically attempting every possible combination of letters, numbers, and symbols to discover a password. Websites requiring user authentication are susceptible to such attacks. Attackers may begin with dictionary words or slightly modified versions to expedite the process, exploiting common user password practices. These variations are known as dictionary attacks or hybrid brute-force attacks.
These attacks not only jeopardize user accounts but also flood websites with unnecessary traffic. Hackers employ readily available tools equipped with wordlists and smart rulesets to intelligently and automatically guess passwords. Although brute-force attacks are detectable, preventing them proves challenging.
NSFOCUS NIPS supports enabling brute-force protection configuration. Choose Objects > Network Intrusion > Settings > Brute-Force Protection Configuration and configure brute-force protection parameters. Then, click Commit to make the configuration take effect.
Brute-force protection configuration parameters:
| Parameter | Description |
| Enable Brute Force Protection | Controls whether to enable brute force protection. It is enabled by default. You can disable it by clearing the check box. |
| Threshold Settings | You can click Edit in the Operation column to specify the maximum number of consecutive failed login attempts via various protocols during the statistical period. For the DHCP Limit, the detection level and detection block will also be considered. When the actual number of failed login attempts reaches this threshold, NIPS deems it a brute force event. The detection state can be set separately for each detection item by modifying Status. |
