The scope of this article is to describe some of the best practices a network administrator can apply to protect the firewall and the network behind it from bruteforce or dictionary attacks.
A brute force attack is a method used to obtain information such as a user password or personal identification number (PIN) by trying thousands of combinations. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
A dictionary attack is a method of using a dictionary in order to get access to a computer or server by systematically entering every word in a dictionary as a password. It can also be used to decrypt encrypted messages by guessing the key.
The Intrusion Prevention System (IPS) available in the SonicWall, if enabled on the WAN zone, should prevent most of the exploits, web attacks, SQL injections and database attacks. In order to prevent them, the SonicWall will match the traffic pattern against the IPS signatures and if it matches the traffic will be blocked.
NOTE: IPS must be licensed and the signatures must be up-to-date.
However, some bruteforce attacks are not easy to be detected as they look like normal attempts to login. This article contains best practices to avoid bruteforce attacks towards your network.