Understanding how to prevent brute force attacks by limiting unsuccessful logon attempts, a.k.a. CMMC AC.2.009, is essential for your business.
‘Your account has been locked out. Please see an administrator for assistance.’
Most likely, you’ve seen this text or similar before when using too many incorrect passwords. While it can be a pain, it’s essential for your security.
In this blog, we’ll review the details of CMMC AC.2.009, brute force attacks, and how to keep your business & data protected.
By definition, CMMC AC.2.009 requires limiting unsuccessful logon attempts. But, what does that even mean?
In simpler terms, after a user enters a predefined amount of incorrect password attempts when signing onto their domain account, the user account becomes disabled. Once an account is locked out, the user will then have to reach out to a network administrator.
In some cases, you forget your password and enter countless tries, then get locked out. While this can be frustrating, aside from the password, your account doesn’t have a way to determine if it’s you logging in or a brute force attack.
A brute force attack is the use of a dictionary to create endless combinations of potential passwords. This attack will continue to run through combinations until it receives network access. Once access is granted, depending on your account level (admin or standard), confidential data can be accessed and your network can be compromised.
In even simpler terms, the sky's the limit.
If someone accesses your network through a brute force attack and the user has admin privileges, the hacker can now access or install anything and everything they want. Most likely, the hacker will install tracking software such as SpyWare or Ransomware.
Pro Tip! If you follow CMMC best practices, day-to-day user accounts shouldn’t have admin privileges, which can potentially prevent this entire situation. For more information on admin privileges & security, check out our recent blog on Complying with CMMC AC.2.008.
Although the most obvious way to prevent a brute force attack is to follow this guide and set up policies to limit unsuccessful login attempts, there are other alternatives.
Here are two ways to prevent a brute force attack.
Most likely, you’ve created an account that requires a password with a number or special character. This rule is in place mainly to prevent brute force attacks.
Think of numbers and special characters as a shield against brute force attacks. When you include them in your passwords it increases the difficulty of the attack and hopefully doesn’t allow the hacker to get access.
Your network administrator should set password complexity requirements in place to ensure you have a shield and defense against brute force attacks.
In a technology-savvy world, remembering every password for all of your accounts is a nightmare. Although it’s easy to choose a password and implement it across every account you have, it sets you up for brute force attacks.
To prevent this in the workplace, your network administrator should set password history requirements. For example, if you used the password, “ILoveOmnisTech1” in a previous password for this account, you can’t use it again.
When it comes to your business, IT isn’t a priority and that’s understandable. However, as a decision-maker for your business, your job shouldn’t be to make sure that everyone updates their password.
But, we get it. What’s the point of hiring an IT professional when I don’t have many IT needs?
Fortunately, outsourced IT has resolved this issue that many business owners face. With Omnis Technologies, we partner with your business to solve your tech issues even on an as-needed basis.
If you have one-off situations you need help with, are looking for a cybersecurity plan, or want a comprehensive IT solution, Omnis Technologies can do it all. Spend time on what matters the most to your business and don’t waste time changing passwords.
U.S. businesses are definitely under threat from the latest cyber attack - Petya ransomware. Here's how to protect your business and customers.
Dive deep into the significance of CMMC AC.2.010 and its impact on cybersecurity for government contractors. Learn best practices and tips for...
The endless debate: can you leave devices on forever? Today, we attempt to answer the controversial question "Should I shutdown my computer?"