More on account security

Changing default passwords, and removing users who no longer need access are both important.  However, it is just the beginning in securing your site.

You have to take steps to prevent malicious attacks on your system, through computer policies, as well.  This means that the system has to take steps to prevent repeated attempts to gain unauthorized access.

This can take the form of blocking access at the transport level, or locking account, for example.  The most common approach is to lock the account after a set number of invalid access attempts.  Sometimes the lock will expire on it’s own, and other times it needs to be manually removed.  This is sufficient to stop the majority of attacks.  

We had a customer a few years ago who had ssh secure login enabled.  Unfortunately, they did not have a lockout set on it, and one night, after over an hour (and several thousand attempts) of an automated brute force attack, they were hacked into.  While their password could have been better, if ssh had been set to lock out the account after a few invalid attempts, it would have stopped this attack cold.

Taking this a step further, there are some add-on packages that will block all access to the site if such an attack is detected.  This takes the form of inserting a rule into the firewall, that blocks the address that the attack is detected as coming from.  Usually, the block can be configured to expire after a set amount of time, or it can be permanent.  This is very effective.  However, if the rules are reconfigured, then there is the chance of blocking legitimate traffic. 

For help with these techniques and other similar, or more advanced, techniques contact us at CCS Retail Systems.

Leave a Reply