Security Best Practice: Protect Yourself against FTP Brute Force Attacks
| Check Point Reference: | SBP-2007-05 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? FTP Servers | ||
| Vulnerability Description The File Transfer Protocol (FTP) is used to connect computers over the Internet enabling file transferring between their users. FTP Brute Force Attacks are a common threat on vulnerable systems. Brute Force Attacks are a significant threat on usersÂ’ privacy. Using Brute Force, remote attackers attempt to gain access to unauthorized areas of a target system, such as FTP accounts, e-mail accounts and databases. By trying to repeatedly log in to an FTP server using different passwords, it is possible to crack user accounts on the remote target and compromise it. |
||
|
Vulnerability Details The Brute Force Attack is a method of obtaining a user's authentication credentials by trying every possible character combination. Using brute force, attackers attempt combinations of accepted character set in order to find a specific combination that gains access to an authorized area. A remote attacker who successfully used a Brute Force Attack may gain access to unauthorized areas on a target system and compromising its privacy. |
Protection Overview
By enabling this protection, SmartDefense will detect and block repeated login attempts from the same client during a configurable period of time.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the SmartDefense tab, click Application Intelligence > FTP > FTP Patterns.
2. In the configuration pane, under Settings > Mode, check Active.
3. Select the following protection:
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts
VPN-1 NGX R61 & R60
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the SmartDefense tree, click Application Intelligence > FTP > and select FTP Patterns.
2. In the configuration pane, select the following protection:
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts
InterSpect NGX
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > FTP > FTP Patterns.
3. In the configuration pane, select the following pattern:
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts
Connectra NGX R61/R62
How Can I Protect My Network?
1. In the left-hand menu, click Security > SmartDefense > Application Intelligence.
2. In the Dynamic Attacks pane, select the following:
Block FTP Brute Force Attacks
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts