10/14/2021 239 People found this article helpful 458,982 Views
This article describes how to protect the firewall and the network behind it from bruteforce or dictionary attacks.
A brute force attack is a method used to obtain information such as a user password or personal identification number (PIN) by trying thousands of combinations. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
A dictionary attack is a method of using a dictionary in order to get access to a computer or server by systematically entering every word in a dictionary as a password. It can also be used to decrypt encrypted messages by guessing the key.
The Intrusion Prevention System (IPS) available in the SonicWall, if enabled on the WAN zone, should prevent most of the exploits, web attacks, SQL injections and database attacks. In order to prevent them, the SonicWall will match the traffic pattern against the IPS signatures and if it matches the traffic will be blocked.
NOTE: IPS must be licensed and the signatures must be up-to-date.
Some bruteforce attacks are not easy to detect as they look like normal attempts to login.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
CAUTION: Accomplishing the best protection for your network against bruteforce and dictionary attacks would require the upstream ISP or services like CloudFlare, Incapsula, etc. to drop the traffic once a bruteforce attack against your network is detected.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
NOTE: DPI-SSL should also be licensed and configured so attacks via HTTPS/SSH can be easily detected:
CAUTION: Be very careful about enabling the administrator/user lockout! Some bruteforce attacks are actually DoS, attackers are just trying to lockout a huge number of your most important users so that your network will be down.
CAUTION: Accomplishing the best protection for your network against bruteforce and dictionary attacks would require the upstream ISP or services like CloudFlare, Incapsula, etc. to drop the traffic once a bruteforce attack against your network is detected.
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
NOTE: DPI-SSL should also be licensed and configured so attacks via HTTPS/SSH can be easily detected:
CAUTION: Be very careful about enabling the "administrator/user lockout"! Some bruteforce attacks are actually DoS, attackers are just trying to lockout a huge number of your most important users so that your network will be down.
CAUTION: Accomplishing the best protection for your network against bruteforce and dictionary attacks would require the upstream ISP or services like CloudFlare, Incapsula, etc. to drop the traffic once a bruteforce attack against your network is detected.