Securing Cloud services from dictionary attacks – hack yourself and check your Cloud providers / outsourcing providers security and response

The more we move our data to various Cloud services and to outsourcing companies, we also need to take the consequences into account what that means from a security perspective.

Prior to a move to Cloud services, a company could keep track of how communications are secured, they could set their own account lockout policies and monitor all logfiles in order to keep security at the desired level.

With the popularity of Cloud services becoming more widespread, a lot of the possibilities for this kind of control and tightened security has disappeared. As a Cloud user you rarely get any indication that someone is for instance trying to use your username and password to gain access to your, for instance , your Microsoft Exchange Webmail , also called OWA.

A hacker can probably try to guess your password with a brute force attack or dictionary attack for quite some time and nothing really happens. The protective measures at the Cloud service provider are most likely unknown to you and you will not get a notification of that something might be going on.

An easy way for you to verify this is actually to try hack yourself. By this I mean, try to login to you account but with an invalid password. See what happens. Is your account locked out? Does the OWA disappear for you, indicating your IP address has been locked down by some security countermeasure?
Are you as a customer and user notified and alerted in any way of the attempt? This is of course also a simple test you can do against you own companys webmail if you want to, although the server team won’t like it when you point out the problem.

Keep in mind that it would take quite some time to do each logon manually but hackers don’t do this manually. They use special software for this that is freely available for download and they can render thousands and thousands logon attempts in  few minutes.

From the Cloud Service provider point of view, this has been a big problem for years. Brute force prevention and dictionary attack prevention on especially the Windows server platform has always come with lots of manual labor and high costs so it’s usually not even dealt with.

From the user point of view, there’s not that much you can do about it reslly more than verify what happens if you try and then ask your service provider for a solution if you’re not happy with the result after hacking yourself.

If you’re running Virtual Private Servers (VPS) with Windows you should consider this also but as a Cloud Service provider should.

As an important piece of the puzzle of the security systems that need to be in place, and as a natural part of the server baseline security configuration, have a look at Syspeace , an easy to use, easy to deploy and configure brute force prevention software that automatically blocks the intruders IP address,tracks it and reports it to the system administrator. Without causing the legitimate users account to be locked out and with no manual intervention at all.

Syspeace works by monitoring the servers eventlogs and is triggered by unsuccesful login attempts as alerted by a process called Windows Authentication.

With this method, there is out of the box protection for Citrix, Microsoft Terminal Server, Sharepoint, Exchange Server and more. There is also a Global Blacklist, offering preemptive protection from well known hackers around the world.

If you’re a Cloud Service provider or if you running or hosting any Windows servers you want protected, download a free trial from Syspeace trial download and see for yourself how easily you can get rid of a big problem and, at a low cost.


Posted with WordPress for Android.
Juha Jurvanen
Senior IT consultant in backup, server operations, security and cloud. Syspeace reseller in Sweden.

JufCorp