Sometimes referred to as password cracking, brute force attacks are typically carried out to discover log-in credentials and gain access to websites for the purposes of data theft, vandalism, or the distribution of malware, which in turn can be used to launch brute force, DDoS and various types of cyber attacks on other targets. Even without successfully penetrating an online property, brute force attacks can flood servers with traffic, resulting in significant performance issues for the site under attack.
Why Brute Force Attacks Are Difficult to Detect and Block
Resembling legitimate network traffic, brute force attacks and other types of stealth cyber attacks that target HTTP can be difficult to detect and block with standard network security tools like firewalls and intrusion detection systems. This makes defending against this type of threat a challenge for organizations that rely solely on perimeter-based security solutions.
Some basic measures that can be implemented to inhibit brute force attacks include: using a CAPTCHA program to prevent automated attacks, instating rules requiring the use of strong passwords, introducing a delay between log-in attempts, or using VPNs to establish an encrypted tunnel. An IPSec VPN in particular can help prevent brute force attacks as well as Man-in-the-Middle attacks, the BREACH attack, and other threats that exploit website vulnerabilities. Finally, vulnerability management tools and scanners can assist in identifying and fixing potential vulnerabilities in your web applications.
The Best Defense Against Brute Force Attacks Is a Cloud-based Defense
Encouraged by the recent publicity around hacker groups such as the Syrian Electronic Army and Anonymous, hacktivism is on the rise. And, as the hacker toolkit evolves and expands, brute force attacks become just one of many threats with which enterprises now have to be concerned. Today's cyber attackers carry out sophisticated, highly distributed attacks that are well organized and multi-vectored—making information security more complex and costly than ever. This is why companies are turning to cost-efficient, on-demand cloud-based security solutions for the flexibility and scalability required in an unpredictable threat landscape.
Leveraging the power of the Akamai Intelligent Platform, Akamai's Cloud Security Solutions, including our Site Defender DDoS prevention service, provide a highly scalable, agile infrastructure to handle even the largest of attacks. Our cloud-based Web Application Firewall (WAF) can help your company detect malicious patterns in HTTP traffic upstream, blocking out brute force attacks before they reach your servers. Implementing network- and application-layer controls and rate policies, our WAF employs a multi-layered approach to Web security, ensuring that our clients' sites stay protected—no matter where or when attackers choose to strike.
Learn more about how Akamai can help you protect your web sites and applications from cyber attacks.