How to block brute force attacks on Windows Server
Most network administrators or any other basic server security expert know that leaving the RDP or Remote Desktop Protocol port open for the Internet or using a weak password leaves the network vulnerable to cyber attacks. In this article, we will discuss these tips and see how block brute force attacks to Windows server.
What is a brute force attack?
Brute Force Attacks basically works on the hit and try method and is one of the less sophisticated hacking techniques. In this case, the hacker will make a number of attempts to guess your password and eventually find the correct one. But these are no less dangerous than the hacking techniques you see in the movies. Think about it, a lot of hackers try to guess your password. So, if your password is weak or if you do nothing to block these attacks, you are vulnerable to data theft, loss of access to your network, etc.
Block brute force attacks on Windows Server
If you want to prevent or block brute force attacks on Windows Server, the following tips are for you.
- Use a strong password
- Limit unsuccessful login attempts
- Protect the root account
- Change port
- Activate CAPTCHA
- Use two-factor authentication
- Install EvlWatcher
Let’s talk about it in detail.
1]Use a strong password
First of all, while setting up your account, you need to make sure that you are using a strong password. It’s pretty self-explanatory, if attackers try to guess your password, don’t give them any idea of ââyour username or password. You must make sure that your username does not contain any clues about your password. Your password should not be linked to you or to public information about your business.
Read: How to customize the password policy in Windows.
2]Limit unsuccessful login attempts
As you may already know, how brute force attacks work. Thus, there will be a lot of unsuccessful attempts. If you limit unsuccessful login attempts, you can rest assured that the attack will not be successful.
You can also deploy the ‘Account lockouts with progressive delays‘ characteristic. In this way, your account will be locked after a few failed attempts for a while, which will make the life of the network administrator much easier.
Read: How to restrict the number of connection attempts in Windows.
3]Protect the root account
The root account, in a physical or virtual network, is of the utmost importance. It’s like the king in a game of chess. You have to make sure that it is inaccessible. To do this, you can configure the sshd_config file and set it ‘Deny user root’ and ‘PermitRootLogin no’ option.
Read: Strengthen Windows login password policy and account lockout policy.
4]Change your port
Most often, the attacker will try to attack port number 22, because it is the standard port. So you need to change the port on which the SSHD is supposed to run. To do this, go to the sshd_config and use a non-standard port.
Read: Definition and Defense of Password Spray Attacks
Brute force attack can be avoided by using CAPTCHA. This is a great way to delay the process or stop it altogether if the attack is led by a robot or an AI. In some cases, the attacker will violate the CAPTCHA by using certain tools. However, not all attackers are equipped with this tool and therefore you need to configure this feature. But keep in mind that CAPTCHAs are not really user-friendly and can degrade the user experience.
Read: What is a credential stuffing attack.
6]Use two-factor authentication
Many large companies such as Google and Microsoft use 2-factor authentication to keep their servers from many types of attacks and brute force attacks are one of them. You can also use this security measure and secure your server.
Read: How attackers can bypass two-factor authentication.
EvlWatcher is a great tool for stopping brute force attacks. It keeps an eye on your server logs and checks if there is a number of failed attempts with one or more IP addresses. It then blocks that same IP address for 2 hours, thus reducing the rate of these attacks. You can even configure the app if you want to make exceptions or increase or decrease the blocking time. You can download EvlWatcher from github.com.
Read: ransomware attacks, definition, examples, protection, deletion.
How do I know if my server is under brute force attacks?
If you want to know whether your computer is under brute force attack or not, you need to check your server logs. If you see a number of unsuccessful attempts, you are the victim of a brute force attack. If there are a lot of failed attempts by a single IP address or even multiple IPs within a certain period of time, you should immediately check the IPs of your clients and if you conclude that these IPs are attackers, block them.
Hope you find the article useful.
Read more : Microsoft Planning and Assessment Toolkit: Identify security vulnerabilities.