SugarCRM 7 is Now


SugarCRM 7 is Now





NEWS: the SugarCRM7 version of CRM Defender is available now!

For On Demand environment also!

Secure your SugarCRM 7 system:

  • Find a great Protection against brute force attacks.
  • Track users’ logins and protect your data.
  • Detect and Defend your CRM system from threats coming from hostil IPs.

Contact us

Feel free to contact us for commercial or technical questions

    Brute Force Attack

    17/04/2017

    Brute Force Attack


    Brute-force Attack





    What is actually a Brute-force Attack, and how can i protect my CRM system against it?

    A Brute-force attack is the most simple way to try to access in a system without being authorized; but it’s effective. With this technique, an attacker has the mathematical certainty to find a way to go inside.

    Definition

    A Brute-force attack satisfies the following characteristics:

    • guess every possible password;
    • time to break the system depends on the length and complexity of the password choosen;
    • usually ine system could be considered safe if it forces users to adopt  long and complicated passwords.

    How it works

    A Brute-force attack consists of an enormous continued repetition of attempts to find the right combination of user names and passwords.
    It’s usually conducted by bots, automatic programs that replicates human enterings.

    Like in every battle, there are some factors that could help the attacker while others help the defender; let’s focus on the first ones in order to strengthen the protections:

    Admin user

    If the Crm Administrator uses “admin” as its username, half of the attacker’s job is already done, because it has only to try all the combinations of passwords with any length and any carachter.

    CRM URL

    If your CRM system location is predictable, like:

    • crm.yourcompanyname.com
    • www.yourcompanyname.com/crm

    then the attacker knows where to intervene and how to set its automatic bots.

    In case the attacker is an old workmate or a former employee, the CRM URL is obviously known. It’s “overkill” to change URL:  think of the disorder that would be caused to the colleagues that should save the new link in their browsers or Apps.

    But don’t worry; there are easier solutions.

    Protection in Passwords

    One classical way to protect your system is to oblige your employees to use a strong password. You can easily set the password requirements in the Password Management panel in the admin page: https://support.sugarcrm.com/Documentation/Sugar_Versions/6.5/Ent/Administration_Guide/Password_Management/index.html

    Please note that some of the settings showed in the previsious link are related to SugarCrm paid versions. You can always achieve that with custom development.

    Think different

    Instead of wasting precious energy, fighting against potential threats and trusting the procedures to ensure that employees adopt strong passwords and\or renew them often, you can introduce an automatic barrier that bans any potential intruder as soon as you exceed the maximum number of allowed attempts.

    With a solution like CRM Defender there will be no way to hijack your system, because the Web Server itself, duly instructed by CRM Defender, will block intruders.

    Contact us

    Feel free to contact us for commercial or technical questions

      Copyright All Rights Reserved 2021 CRM Defender - Lion Solution Srls