SMA100: How to block Brute Force & Dictionary attacks with SMA

Description

SMA100: How to block Brute Force & Dictionary attacks with SMA

Resolution

Brute force attacks as well as Dictionary attacks can be blocked by using Web application firewall in the SMA appliance.

For these sort of attack a rate limiting can be configured in the custom rules (along with rule chain 15002): 


Image


Max allowed hits and reset hit counter period can be set according to admin's preferences

After the rule is enabled the rate limiting will ensure that if the rule is triggered more times than the threshold configured (within a certain amount of time) then no more connections will be allowed from that remote machine.

This effectively prevents the intruder from executing brute force attacks

Tracking can be done per IP address and per session.

When set per session a cookie send from the remote user browser is used to identify whether the user has an already open session.

When set per IP the remote user's public IP is tracked

Tracking based on IP is more secure because a user could initiate multiple user sessions for each attack


Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community