Support
Authorization

Newsletter

  Settings

Ban/timeout suggestion

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 3471Topic:: «Ban/timeout suggestion, Must have it in RA 3.0» on forum: Famatech Software Good Wishes
#1
The biggest problem with RA 2.0 now is that allows infinite number of tries to enter the password .

In last few months I have noticed a lot of 4899 port scans trying to find RA and break in using simple brute force (on good network connection and with reasonable powerful computer it takes 2-3h to gues RA 2.0 password).

Same problem exists when using NT security - all that you need is user name (for example from e-mail address) and this way you can not only access computer by remote but have user password too.


So I believe 3.0 absolutely need ban timeout , something like if user entered 3 times in the row wrong password then ban his IP for let's say 15 minutes.
Also add let's say 10sec delay before passwords asking retry, this will be hardly noticable by real user that made a mistake but will slow down brute force cracking to become completely useless.

Until this implemented RA is a high level security threat.
#2
Look at:
http://www.famatech.com/radmin/new/features.php

Which says under the new server features:

5 bad password sequence anti hacker delay.

But don't expect 3.0 to be released until sometime in 2015.
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.