SMA100: How to block Brute Force & Dictionary attacks with SMA

Description

SMA100: How to block Brute Force & Dictionary attacks with SMA

Resolution

Brute force attacks as well as Dictionary attacks can be blocked by using Web application firewall in the SMA appliance.

For these sort of attack a rate limiting can be configured in the custom rules (along with rule chain 15002): 


Image


Max allowed hits and reset hit counter period can be set according to admin's preferences

After the rule is enabled the rate limiting will ensure that if the rule is triggered more times than the threshold configured (within a certain amount of time) then no more connections will be allowed from that remote machine.

This effectively prevents the intruder from executing brute force attacks

Tracking can be done per IP address and per session.

When set per session a cookie send from the remote user browser is used to identify whether the user has an already open session.

When set per IP the remote user's public IP is tracked

Tracking based on IP is more secure because a user could initiate multiple user sessions for each attack


Related Articles

  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More
  • End of sale "SMA, SonicWall Switch, and Sonicwave" product for India.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community
Chat