How to Enable Brute Force Detection to ESA
Learn how to configure and secure your ESA from brute force attacks.
How to Enable Brute Force Detection to ESA
Learn how to configure and secure your ESA from brute force attacks.
A brute force attack attempts to guess a user’s password by trying to login multiple times. ESA has brute force detection capabilities and can temporarily disable a user account if the number of login failures exceeds a specified threshold.
By enabling the Brute Force detection in ESA, we can temporarily block the attackers trying to break into the system by disabling the users temporarily. When a user is temporarily locked and attempts to log in, ESA displays the default Invalid username or password error message. This message is the same error message as the message displayed for an invalid username or invalid password to ensure the attacker is unaware the account is disabled.
Note!
Starting from 2023 Q2 Brute Force Detection is Enabled by default.
Step-by-Step instructions
Login with ESA Admin (main.admin) to URL domain.com/auth/admin
Open Realm Settings from the left side panel
Click the Security Defenses tab
Click the Brute Force Detection tab
Enable Brute force detection and check the settings
ESA can deploy permanent lockout and temporary lockout actions when it detects an attack. Permanent lockout disabled a user account until an administrator re-enables it. Temporary lockout disabled a user user account for a specific period of time. The time period that the account is disabled increases as the attack continues.
Common Parameters
| Name | Description | Default |
|---|---|---|
Max Login Failures |
The maximum number of login failures. |
30 failures. |
Quick Login Check Milliseconds |
The minimum time between login attempts. |
1000 milliseconds. |
Minimum Quick Login Wait |
The minimum time the user is disabled when login attempts are quicker than Quick Login Check Milliseconds. |
1 min |
Table of Contents