Search results for:
In a recent article published by Security Week, Michael Callahan of Juniper Networks runs through a number of "alternative_" methods for detecting and preventing "brute force attacks" on your networks and systems. As Callahan outlines, using "_strong and different passwords for every site we visit_" is the optimum choice and would be the norm in a "_perfect world_" – but we don't always do the right things. In the article, Callahan states, "_There are just so many sites out there and coming up with umpteen different passwords isn't always easy for people. Password reuse is rampant, even among people who should know better, and creates a vulnerability that can be exploited."
As we have read about in recent reports, criminals will use any means necessary to access important information. Callahan brings out that hackers will "test stolen usernames and passwords from one source to gain access to another." At that point, Facebook pages, bank accounts, Gmail accounts, and any other would become incredibly vulnerable. "When the credentials of a large website are leaked, the attackers end up with a database of several million usernames and passwords. Attempting to log in to all of those usernames and passwords from a single computer would likely not work due to distributed denial of service (DDoS) protection. So attackers are forced to scale attacks out to many different machines, generally within a botnet. This, of course, costs money, time, and other resources, which is why attackers will usually attempt to scale out to the least degree necessary."
Callahan outlines some alternatives in this article but also reviews the common decisions and logistics behind good security practices. In the article, he discusses "_forcing password hygiene and employing better authentication_" methods which he breaks down – rotating passwords, using a password strength analyzer, deploying a two-factor authentication scheme – in a logical fashion. Callahan writes in the article, "_Just as cross-training has proven to prevent injury, so, too, can multi-pronged security approaches._"
Written by Bryon Turcotte / December 30, 2013