Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

10. Access Control Threats

10.12. Bruteforce Attacks

Overview

Brute force is defined as “trying every possible combination until the correct one is identified.”
The most effective way to uncover passwords is through a hybrid attack, which combines a dictionary attack and a brute force attack
A brute force attack is also known as an exhaustive attack.
These are usually used for wardialing in hopes of finding a modem that can be exploited to gain unauthorized access.

Countermeasures

For phone brute force attacks, auditing and monitoring of this type of activity should be in place to uncover patterns that could indicate a wardialing attack:

Perform brute force attacks to find weaknesses and hanging modems.
Make sure only necessary phone numbers are made public.
Provide stringent access control methods that would make brute force attacks less successful.
Monitor and audit for such activity.
Employ an IDS to watch for suspicious activity.
Set lockout thresholds.