Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Brute force attacks are low cost and relatively easy to perform. Even though this type of brute force attack is noisy, a successful LDAP brute force attempt can provide the attacker with details about the network environment, queried from an LDAP server, or unauthorized access to any service that accepts the LDAP credentials. Depending on the privilege levels associated with the account, the impact to a business can be significant.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
An LDAP directory server contains valuable information about user accounts, administrative accounts, workstations, services, group policy objects, domain trusts, and more. An attacker can target an LDAP server with a brute force attack, which is a method for guessing a weak user password. To guess LDAP passwords, the attacker submits various combinations of usernames and passwords in the initial LDAP authentication request, known as a bind request. Brute force attacks can occur manually through trial and error or with password cracking tools.
Limit the number of account login attempts and then lock accounts that exceed this number
Enforce policies for secure credential creation and multi-factor authentication
Implement the least privilege model for accessing important LDAP objects, which can help minimize unnecessary reads or writes to certain objects
