The Strongbox security systemtm
Older systems that simply count IPs are also easily defeated by proxy based
attacks. What are these "open proxies" that people tell me the hackers use?
Besides replacing usernames and passwords with secure tokens, how is the Strongbox Security Systemtm so much more effective than PennyWize or Password Sentry?
An http proxy is a server that let's you surf the web through it. Your computer connects to the proxy and tells the proxy what page you want to see. The proxy gets the page for you and forwards it on to you. From the server's perspective, you are invisible - it only sees the address of the proxy. When people do a brute force, or "hurling", attack, they might use 20 different proxies, so the server sees the requests coming from 20 different IP addresses. They do this to fool software like Password Sentry, which merely counts how many times a certain IP has tried a different username and password. These older, simpler "patch up" systems will let each of the attackers IP addresses guess many usernames each hour, never recognizing that the guesses from the 20 different IPs are all coming from the same person and their brute force, or "hurling" software.
The Strongbox Security Systemtm isn't so easily fooled. The
Strongbox Security Systemtm blocks these open proxies right away.
There are some legitimate proxies. For example, AOL uses proxies so they
don't have to have different IPs for each user. Legitimate proxies that you
want to let through, though, are closed proxies - AOL proxies, for example,
can only be used by AOL customers. Companies set up legitimate proxies so
that only their employees or customers can access them. Script kiddies,
hackers, and other undesirables don't pay for access to 20 different proxies
from 20 different companies, of course. Instead use servers that have been
misconfigured or hacked so that anyone can use them as a proxy, or one of a
couple proxies put up by nefarious characters specifically for the purpose
of allowing various kinds of wrong doing to be accomplished without showing
the perpetrators IP address. These proxies which anyone can access are
called open proxies. As they are often used by people attacking sites and
rarely or never used by legitimate users, the Strongbox Security System
tm blocks access from these open proxies.
Note - This proxy defense module was originally designed as an extra cost option to enhance the Strongbox Security Systemtm's already high resistance to these types of attacks. We have decided to include this module as a free bonus with every the Strongbox Security Systemtm installation right now.