The previous articles about authentication attacks focused on how an end user identifies and protects themselves from authentication attacks. But what about protecting the server itself, and all user accounts, from such attacks? This article goes over what can be considered in order to objectively secure all accounts on a server.
Enforce Strong Passwords
It’s one thing to recommend and hope that your users create strong passwords, and it’s another to make it an absolute requirement. 8 characters should be the bare minimum, with at least one upper case letter, one lower case letter, one number, and one symbol. It may be enticing to have less stringent password requirements to reduce support calls should people forget their passwords. However, the increase in compromised accounts would not be worth it.
Don’t Allow Common/Known Passwords
If you do a search for common passwords, anything that shows up should not be used by any of your users. Don’t allow your users to have common passwords, or passwords that contain their username or domain in it. The list of ‘banned’ passwords should also be updated regularly, as large data breaches happen frequently and the number of compromised credentials keep piling up. Keep up to date with the latest password data breaches. If resetting the passwords of affected users is not possible, at the very least inform your users of password breaches that might affect them. You never know who is reusing passwords across different services.
2 Factor Authentication
Nowadays, more and more services are offering 2 factor authentication (2FA). Common forms of 2FA are ‘secret questions’ that you have to answer after logging in, or a code sent to your mobile device that you have to enter. However, it is usually offered as an option and not a mandatory setting. Adopt 2FA as a mandatory account setting and the number of successfully compromised accounts will dramatically decrease.
Restrict Authentication by Country
Understanding the geographical location of your users (or in other words, the GEOIP of normal traffic connecting to your server) can help identify unwanted or suspicious traffic. If a particular user normally signs in from a Canadian IP, and a short time later there are suddenly connections from Russia and China IPs accessing that user ‘s account, this is a strong hint something abnormal may be going on. Implementing authentication restrictions by country will greatly reduce the amount of authentication attacks that bombard your server.
Restrict Connections from Suspicious Networks
Similar to restricting authentications by country, a more fine-tuned approach is to restrict by networks. If you investigate into the compromised accounts of your server, you may consistently find that the connection is from specific networks. This is no coincidence, as once bad actors find a method that works they will continue to use it.
Outbound Email Volume Limits
Monitoring abnormal outbound email volume from user accounts can be an indicator of a successfully compromised account. The devices/machines of end users that are infected with certain types of malware will become spam bots. Having no outbound rate limits can damage the reputation of your service if you have user accounts spamming endlessly undetected. Understanding normal levels of user outbound email can not only help you quickly identify compromised accounts, but also protect your server’s reputation.
Software Solutions for Email Server Security
Settings such as password strength configuration are a common feature in most Web Host Managers that handle email. However, other security features require more work to implement. There are software solutions out there that provide extra security features for email servers. One such product is MagicSpam, a powerful security tool for mail servers. MagicSpam contains features such as Country Authentication Restrictions, Source Based Authentication, and Outbound Rate Limiters, allowing you to not only improve the security of your user accounts, but also protect your IP reputation. Check out MagicSpam today.