SMB SSL-VPN: How to block Brute Force and Dictionary attacks with SRA
03/26/2020 1448 12602
DESCRIPTION: SMB SSL-VPN: How to block Brute Force and Dictionary attacks with SRA
Brute force attacks as well as Dictionary attacks can be blocked by using Web application firewall in the SRA appliance.
For these sort of attack a rate limiting can be configured in the custom rules (along with rule chain 15002):
Max allowed hits and reset hit counter period can be set according to admin's preferences
After the rule is enabled the rate limiting will ensure that if the rule is triggered more times than the threshold configured (within a certain amount of time) then no more connections will be allowed from that remote machine.
This effectively prevents the intruder from executing brute force attacks
Tracking can be done per IP address and per session.
When set per session a cookie send from the remote user browser is used to identify whether the user has an already open session.
When set per IP the remote user's public IP is tracked
Tracking based on IP is more secure because a user could initiate multiple user sessions for each attack