Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder’s
IP address for a period of 24 hours’ time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP
addresses around the world. After some investigation he realizes that the intruders are using a
proxy somewhere else on the Internet which has been scripted to enable the random usage of
various proxies on each request so as not to get caught by the firewall rule.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that
if the password is incorrect, it would take 45 seconds to return to the user to begin another
attempt. Since an intruder may use multiple machines to brute force the password, he also
throttles the number of connections that will be prepared to accept from a particular IP address.
This action will slow the intruder’s attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?
A.
Enforce a password policy and use account lockouts after three wrong logon attempts even
though this might lock out legit users
B.
Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of
the intruder so that you can block them at the
Firewall manually
C.
Enforce complex password policy on your network so that passwords are more difficult to brute
force
D.
You cannot completely block the intruders attempt if they constantly switch proxies
D
D is good, but A and C are also possible in my opinion. Or is there something wrong with them?
Additionally you can install Captures to slow down or even stop such attacks.
Answer D is true but strange because it says you can not completely block the attack while the question was about alternative solutions. I’d agree with hack3r A & C are possible.