I’ve found a common trend on what the CISSP exam might want you to know about brute force counter-measures.
The exam wants you to know clipping levels.
Clipping levels are thresholds, boundaries, a maximum limit.
Clipping levels ensure job security. At the SOC, the monitoring system is filled with various clipping level thresholds that have been crossed regarding bandwidth, CPU usage, or even the internal temperature of a system case unit.
Here’s an example of setting clipping level thresholds for TCP/IP connections:
After a maximum connection threshold has been reached, connections are dropped or denied, and an alert is e-mailed.
Clipping Levels and Brute Force
Brute force attacks will eventually succeed, given enough time. And by enough time it could mean longer than the total timespan of the known Universe. Check out my post about how 3DES Will Blow Your Mind.
If an attacker or a legitimate user tries multiple times to login with a wrong password, the account will be locked out.
For a user, it’s a matter of resetting their password via a Self-Service Password reset (it’s in the exam) feature.
For an attacker, it means starting ALL OVER AGAIN. Think about it, a brute force attack attempts millions of passwords.
If the account is locked out after 5 incorrect password entries, that ends the attack right there.
CISSP Pop Quiz
If used correctly, what is the one type of encryption technique that cannot be broken, even by brute force?