CiscoSecure’s Response to Brute Force and Denial-of-Service Attacks
The CiscoSecure product, like other such products, has the capability to disable accounts automatically
in response to brute force attacks. This is accomplished by
intruder detection
, in which
the software assumes that the party is an intruder after a certain number of failed logins. A
brute
force attack
is one in which the attacker bombards the system with login attempts. Ultimately,
such an attack can lead to access—especially when passwords and account information are relatively
simple. By detecting such an attack, products can disable the account before it is compromised.
Frequently, such logic is limited to the number of attempts per unit of time, however. For
example, a brute force rule might allow five bad login attempts per hour before locking the
account for a day, or it might detect three bad passwords and then lock the account until the
administrator releases it.
Unfortunately, most solutions to a brute force attack lead to another type of attack: denialof-
service. A
denial-of-service attack
usually does not lead to the access of private information;
rather, as the name suggests, it prevents legitimate users from obtaining that data or
using the resource. Administrators must balance the impact of brute force compromises
against the potential of blocking access to legitimate users as a result of this protection. As
with most products, including CiscoSecure and others, the responsibility to balance access
control with access is placed on the administrator.