How to prevent DOS/DDOS attacks on Juniper SA/Pulse Connect?

--> In order to prevent from Denial of Service (DoS), Distributed Denial of Service (DDoS) from the same IP address, You can configure Lockout options to protect the Secure Access (SA).

--> Juniper SA blocks the IP address of the user who is trying to perform Denial of Service (DoS), Distributed Denial of Service (DDoS) or Password Guessing Attacks.

--> Juniper SA does not block the User Account, it simply blocks the IP Address of the User.

--> If you try to login with another username via the same IP address (or computer) during the lockout period, it will also not be able to authenticate; until the lockout is over.



--> The terms that are used in the Lockout Options Settings are as follows:

Rate: Specify the number of failed sign-in attempts to allow per minute.

Attempts: Specify the maximum number of failed sign-in attempts to be allowed, before triggering the initial lockout.

Lockout period: Specify the number of minutes that you want the SA to lock out the IP address.

Ex:

Rate: 3 (attempts per minute)

Attempts: 180 

Duration: 2 (duration of lockout in minutes)

--> The SA determines the maximum initial period of time (in minutes) to allow the failed sign-in attempts to occur by dividing the specified number of attempts by the rate.

--> For example, 180 attempts divided by a rate of 3 results for an initial period of 60 minutes.

--> If 180 or more failed sign-in attempts occur within 60 minutes or less, the SA locks out the IP address being used for the failed sign-in attempt.

--> After the 2 minute lockout period has expired, the IP address is unlocked and users are again allowed to login from that IP address.

--> For the next 60 minutes, the determining factor for the next lockout is only the rate (3 attempts/minute) that is configured above.

0 Comments