Protecting your EFT from malicious attacksAug 8, 2017 | EFT, Top Tips
We have seen many reports in the news of malicious attacks with the NHS being the most recent. Coupled with that, the news that fines could be handled out of up to £17 million or 4% of global turnover if companies fail to protect themselves. With this fresh on everyone’s mind, it’s the perfect time to look at how EFT helps protect your network.
What does EFT do to protect you from malicious attacks?
EFT protects your data from malicious access attempts in several ways. In addition to the various authentication methods and multi-factor authentication, EFT also contains code. The code blocks multiple failed attempts to access your system. This auto ban system works by identifying potential attacks based on the number of failures which happen across a defined time period. Too many failures in too short a time will trigger the anti-hammering system. As a result, a ban of the IP address. EFT checks all incoming connections against the ban list of IPs and will refuse the connection from any address on the list.
If the connection IS allowed into the system, EFT will track the number of incorrect commands sent during a connection. If the number of these exceeds a threshold, then EFT will disconnect the session and add the IP to the ban list. EFT therefore actively protects itself from both denial-of-services and command oriented malicious attacks.
Customising your protection from malicious attacks
A slider on the denial-of-service pop up on a site’s “connections” tab will allow you to discretely configure these settings on a site per site basis. Setting the sensitivity to very low allows for more incorrect commands to be sent in a short period of time before it is banned. The very high setting will ban after only a few incorrect commands in a short period of time. IPs can be “whitelisted” by adding them to the IP access rule table with an explicit “Allow”. An IP which is “Allow”ed will will not be entered onto the ban list, irrespective of the number of failed commands or login attempts it makes.
We see many malicious attacks on our systems and many user predictable usernames. These are “root”, “Admin”, “backup”, “user” and “master”. We would always recommend NOT having user accounts with these common names.
If you would like visibility of the “Security-Failed Logins” a report in the Auditing and Reporting Module for EFT will show you a list of access attempts, along with the IP and username attempted.
If a security is a focus for your organization particularly around the data in transit or at rest, encryption, authentication or malware protection, the EFT modules below could offer you a solution.
- Advanced Authentication Module
- Content Integrity Control
- High Security Module
- DMZ Gateway