New Feature for the Block FTP Brute Force Attacks Protection: Block the Attacker for a Configurable Period of Time
| Check Point Reference: | SBP-2007-09 | |
| Date Published: | ||
| Severity: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? FTP Servers | ||
| Vulnerability Description The File Transfer Protocol (FTP) is used to connect computers over the Internet enabling file transferring between their users. FTP Brute Force Attacks are a common threat on vulnerable systems. Brute Force Attacks are a significant threat on usersÂ’ privacy. Using Brute Force, remote attackers attempt to gain access to unauthorized areas of a target system, such as FTP accounts, e-mail accounts and databases. By trying to repeatedly log in to an FTP server using different passwords, it is possible to crack user accounts on the remote target and compromise it. |
||
|
Vulnerability Details The Brute Force Attack is a method of obtaining a user's authentication credentials by trying every possible character combination. Using brute force, attackers attempt combinations of accepted character set in order to find a specific combination that gains access to an authorized area. A remote attacker who successfully used a Brute Force Attack may gain access to unauthorized areas on a target system and compromising its privacy. |
Protection Overview
By enabling this protection, SmartDefense will detect and block repeated login attempts from the same client during a configurable period of time. The new feature allows the following configuration: If the Number of repeated login attempts (1st box) has reached within the Interval (2nd box), then the attacker will be blocked for X seconds (3rd box).
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the SmartDefense tab, click Application Intelligence > FTP > FTP Patterns.
2. In the configuration pane, under Settings > Mode, check Active.
3. Select the following protection:
4. Configure the Interval (in seconds) for which login attempts are blocked field in accordance to your network policy. 
5. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts
VPN-1 NGX R61 & R60
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the SmartDefense tree, click Application Intelligence > FTP > and select FTP Patterns.
2. In the configuration pane, select the following protection:
3. Configure the Interval (in seconds) for which login attempts are blocked field in accordance to your network policy.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts
InterSpect NGX
How Can I Protect My Network? Block FTP Brute Force Attacks
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > FTP > FTP Patterns.
3. In the configuration pane, select the following pattern:
4. Configure the Interval (in seconds) for which login attempts are blocked field in accordance to your network policy.
5. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: Too many login attempts