Re: [fw-wiz] Handling Invalid Login Requests in Firewall

From: Paul Robertson (proberts_at_patriot.net)
Date: 01/21/04

  • Next message: Don Parker: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
    To: DLN Krishna <dlnk@intotoinc.com>
    Date: Wed, 21 Jan 2004 15:32:41 -0500 (EST)
    
    

    On Fri, 16 Jan 2004, DLN Krishna wrote:

    > Hi,
    >
    > In one of ASIAN countries, firewall criteria indicates that, if user
    > tries to log into
    > the firewall appliance for more than X number of times, appliance MUST
    > not
    > allow that user to log-in until the password of the user is changed.

    That's really a bad idea[tm], especially if the administrator needs to
    access the firewall remotely to fix things.

    In the wrong work environment, I could see a lot of Friday afternoon
    forgotten passwords by the workforce as well.

    >
    > There is another school of thought that this type of behavior might become
    > DoS for genuine users. It is possible that, the attacker might try to
    > log-in
    > multiple times with victim's user name and give wrong password. When
    > this happens,
    > victim will not be able to access, until his password is changed by
    > Administrator.
    > Administrator might take many hours to change the password and also
    > this can
    > become a big head-ache for administrator.

    Yes, this is a classic DoS attack setting, in fact, an attacker could just
    run a dictionary attack for usernames and DoS all remote access.

    >
    > I feel that, logging a message (or sending alert to the administrator)
    > when
    > log-in is not successful for X number of times with information such as
    > source IP and source Port and user name, which is being used to log-in,
    > would be good, over denying any further log-in attempts.

    I would prefer that things be administrator selectable, but with the
    default being to log, rather than deny.

    > I would appreciate, if somebody could shed some light on any better
    > approaches to handle this.

    I'm not sure I'd allow anyone access to the credential port- maybe IPSec
    with pre-shared keys to stop the abuse anyway?

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Don Parker: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"

    Relevant Pages

    • Re: [fw-wiz] Host based vs network firewall in datacenter
      ... > network administrator in a small datacenter. ... > I'd like to solicit some advice on a firewall implementation. ... Keeping the hosts locked down tight, and open services to a minimum is a ...
      (Firewall-Wizards)
    • Re: Is Windows XP firewall any good?
      ... I believe that the original writer of that article is refering to network ... The function of a software firewall is simple. ... permitted is stored in the registry. ... administrator is a really bad idea for any operating system ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Hidden User Account Created By Disgruntled Room mate.
      ... Be sure you firewall is enabled, if unsure how, go to Help and Support ... i just did that, and tweakui at logon gives me three> options: parse autoexec.bat at logon > show administrator ... >>>>From there you can go to User Accounts in Control ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Is Windows XP firewall any good?
      ... The function of a software firewall is simple. ... registry and give itself permission to send or receive data over the ... Routinely logging on as an account that is also an administrator is ... settings for the Windows Firewall. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Password Protect Folders?
      ... permissions are granted by user and group. ... Sounds like you neglected to tell us that you are using Windows XP Home ... under an administrator account to change permissions. ... By the way, I don't know what you did, but a firewall enabled or not has ...
      (microsoft.public.windowsxp.basics)