How Do I Handle a Brute-force Attack?
Brute-force attacks are common intrusion behavior. Attackers guess and try login usernames and passwords remotely. When they succeed, they can attack and control systems.
SecMaster works with HSS to receive alerts for brute force attacks detected by HSS and centrally display and manage alerts.
Handling Alerts
HSS uses brute-force detection algorithms and an IP address blacklist to effectively prevent brute-force attacks and block attacking IP addresses. Alerts will be reported.
If you receive an alert from HSS, log in to the HSS console to confirm and handle the alert.
- If your host is cracked and an intruder successfully logs in to the host, all hosts under your account may have been implanted with malicious programs. Take the following measures to handle the alert immediately to prevent further risks to the hosts:
- Check whether the source IP address used to log in to the host is trusted immediately.
- Change passwords of accounts involved.
- Scan for risky accounts and handle suspicious accounts immediately.
- Scan for malicious programs and remove them, if any, immediately.
- If your host is cracked and the attack source IP address is blocked by HSS, take the following measures to harden host security:
- Check the source IP address used to log in to the host and ensure it is trusted.
- Log in to the host and scan for OS risks.
- Upgrade the HSS protection capability if it is possible.
- Harden the host security group and firewall configurations based on site requirements.
Marking Alerts
After an alert is handled, you can mark the alert.
- Log in to the management console.
- Click in the upper part of the page and choose Security > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
- In the navigation pane on the left, choose .
- On the Alert tab, select Brute-force attacks and refresh the alert list.
- Delete the non-threat alerts.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot