ADDITIONAL SECURITY FEATURES OF RUTOS: ATTACK PREVENTION
Lately, we are spending more time online than ever before. The global pandemic unquestionably made all of us stay at home a lot and drawn us closer to the cyber world. We use the internet for so many things now, including communication, entertainment, shopping, and remote working. With increasing internet usage, cybercrime is also on the rise. The risks of becoming a victim of data breaches have never been higher for individuals and organizations.
Being aware of the significant negative consequences of a cyberattack, we are constantly improving our operating system to ensure it meets the highest security standards. Today we would like to introduce you to the main attack prevention measures available on RutOS.
Port scan prevention
According to Deividas Vyšniauskas, cybersecurity specialist at Teltonika Networks, from his experience, port scanning is the most common malicious technique on the network. The port scan can reveal critical information about a network, which will determine the attack vector of the malicious actor. The port scanning mitigation works by monitoring the requests from devices across the web and blocking any continuous scanning activity. A network administrator can adjust the packet count and time limit of such requests not to block legitimate traffic. The most common port scanning techniques mitigated on RutOS include TCP Xmas, SYN FIN and FIN, and NULL Flags.
Distributed Denial of Service attack prevention
Different types of distributed denial of service (DDoS) attacks are SYN flooding, ICMP request bursts, and continuous HTTP(s) and SSH connection initializations. All these varied techniques have one common goal - device resource exhaustion. This mitigation of such attacks works by limiting the number of connections the router will allow depending on a customizable setting.
A user can limit the burst amount depending on the packet count and the time interval in which these requests get generated. After reaching the set limits, the router will not engage in the connections to conserve resources. This way, the load on the router is eased and prevents system disruption from resource exhaustion. These triggered events are also logged and available for review by the administrator for further investigation at any point.
Deividas shared that throughout his career, he had encountered several attackers aiming to disrupt the company's business operations by performing DDoS attacks. After the first attempt, they usually try to coerce money from the organization by threatening to come back with a second, more severe attack. Often, the attackers are trying to bluff their way into profit, but they are sometimes true to their word. Ideally, to block high-level DDoS attacks, a combination of measures should be used and involve proper firewall rules, load balancers, and geo-blocking.
Brute Force prevention
Brute force attacks aim to possess the personal information of an online user, such as passwords, login names, PINs, and similar. These attacks are carried out using a script or hacking application containing an extensive list of predetermined possible passwords. It might as well be outright attempts to guess the password one letter and number at a time. Brute force prevention needs to be applied for both the WebUI login page and the SSH interface of the device.
The network administrator can limit the amount of failed login attempts. Exceeding the number of guesses will cause adding the device to a block list to prevent further interaction. The default number on RutOS is ten attempts; however, this limit is customizable. The administrator can remove devices from the blocklist at any time. This security feature is on by default, and all the events are logged for investigation purposes.
So, here was a quick glimpse into the additional security features of RutOS. Strong network security will undoubtedly involve more essential components, like tight firewall rules, network segmentation, and proper VPN usage. If you would like to learn more about RutOS security, we recommend reading an article on this topic or watch a webinar recording should you prefer video format over reading.