Brute-force attacks are the most widely used cyber-attacks in the cyber-sphere. And dependent on the target, the protection method is unique to the attack. There are two main types of brute-force attacks:
Imunify360 has an arsenal loaded and ready to defend your system from brute-force attacks. Conditioned on real-world factors, the strategy used for protection will vary. The following article highlights the most common brute-force attack scenarios. Then, based on your specific business needs, this article explains how Imunify360 offers protection for your system at each level.
Table of Contents
Imunify360 employs “out-of-the-box” protection for these services:
Protection service logic is configurable in several ways: “layered protection,” including Greylisting, OSSEC Active Response, and Imunify PAM extension. See the table below for more details.
The table shows the variety of Imunify360 protection services and how they block attackers. We deliver Imunify360 with the default configuration that is effective for the majority of hosting setups. Nevertheless, you can customize according to your traffic and hosting configuration. In the table below, we provide details about the protection layers and how they work.
PAM is the most flexible tool of the three. Also, the attacker can’t pinpoint the moment when he is already blocked by the PAM. All in all, it is the most secure solution that we provide. But it has drawbacks, and in some cases, the better option will be to rely on Active response. Let’s review the cases:
If one of these options is a deal-breaker, consider disabling PAM and enabling Active response.
On the other hand, Active Response also has its own drawbacks. Let’s review them as well:
If one of these options is also a deal-breaker, consider disabling PAM and Active Response as well and rely solely on Greylisting logic. The biggest issue regarding greylisting is a considerable false-positive rate. It might block attackers and legitimate users residing behind the same NAT.
We configured default settings that are fine for most customers. However, Imunify360 lets users make their own setup for personal business priorities, e.g., minimize False positive rate, retain resources, or maximize security. In most cases, you can balance between these three layers of brute-force protection and can adjust settings dynamically depending on the real-time situation.
The following is the list of web applications for which Imunify360 provides fully-automated anti-brute-force protection:
The situation with web applications is a bit different than with services. The way Imunify360 protects web applications is predefined and not designed, nor recommended to be altered by the customer.
Let’s review a few real-world examples and consider recommended configurations for each of them:
Disable PAM for Exim and Dovecot:
imunify360-agent config update '{"PAM": {"exim_dovecot_protection": false}}'
Enable PAM for FTP:
imunify360-agent config update '{"PAM": {"ftp_protection": true}}'
Enable Active Response:
imunify360-agent config update '{"OSSEC": {"active_response": true}}'
Please feel free to contact support via Zendesk if you need consultation on how to properly configure your server protection or in case of any additional questions.
Imunify360 is a comprehensive six-layers web server security with feature management. Antivirus firewall, WAF, PHP, Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try free to enable full brute force protection.