The sys admin’s daily grind: WebCalendar

BANNING BRUTES

Article from Issue 84/2007
Author(s):

Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

When users are allowed to choose passwords of their own volition, they often choose something fairly weak, like the name of a friend or pet. This predictable human behavior is something that the bad guys relish.
All an attacker needs to do is set up a loop of login attempts that references a dictionary list of passwords. After all, chances are very slight that the user has set up a password like 4G&dP9a! for the account under attack.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Sshutout and Fail2ban

    Services that require a username and password for login are potential targets for dictionary attacks. Sshutout and Fail2ban introduce time penalties for invalid attempts.

    more »
  • Charly's Column

    Easy to remember but still safe – this is the classic conflict when it comes to choosing a password. The PWGen tool offers a sensible compromise.

    more »
  • Fail2ban

    Fail2ban is a quick to deploy, easy to set up, and free to use intrusion prevention service that protects your systems from brute force and dictionary attacks.

    more »
  • System Hardening

    A good reputation does not protect your Linux systems from attack. We'll show you some tips for detecting and warding off intruders.

    more »
  • Charly’s Column: w3af

    After toiling away to create a small but exclusive website, Charly wanted to run a security scanner against it to check for vulnerabilities. The choice of tools is enormous, but Charly chose w3af.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Charlys_Column.pdf  (94.55 kB)

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source