A brute force attack consists of trying every possible code, combination, or password until you find the right one.
As an example, imagine a system which only allows 4 digit PIN codes. This means that there are a maximum of 10,000 possible PIN combinations.
From the example above, PIN security could be increased by:
* Increasing the length of the PIN
* Allowing the PIN to contain characters other than numbers, such as * or #
* Imposing a 30 second delay between failed authentication attempts
* Locking the account after 'x' failed authentication attempts
Will try to implement the option #3 & #4 in OpnSuSe using SuSEfirewall
open your favorite editor and edit file: /etc/sysconfig/SuSEfirewall2:
# Add the following rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
# Now Restart firewall:
rcSuSEfirewall2 restart
Now attacker will just have 3 attempts to break in.
No comments:
Post a Comment