New Cisco ASA and FTD Features: Blocking VPN Brute-Force Password Attacks!

As cyberattacks continue to evolve, brute-force and password-spray attacks have become a persistent threat to businesses and organizations. Fortunately, Cisco has introduced new security features for its ASA (Adaptive Security Appliance) and Firepower Threat Defense (FTD) devices to help mitigate these attacks. These updates play a critical role in protecting your network from breaches and ensuring that VPN services remain secure.

🔓 Both brute-force and password spray attacks aim to gain unauthorized access to accounts by guessing passwords. However, they work differently:

Brute-force attacks focus on a single account, trying numerous passwords in rapid succession.Password spray attacks attempt the same password across multiple accounts, aiming to evade lockouts by distributing the attack.

Earlier this year, Cisco reported a significant surge in brute-force attacks targeting VPN accounts across several vendors, including Cisco, Fortinet, SonicWall, and others. These attacks highlighted vulnerabilities that could lead to unauthorized access, account lockouts, and even denial-of-service (DoS) states. In response, Cisco rolled out crucial updates to tackle these emerging threats.

Cisco’s new features are designed to:

Block repeated failed VPN login attempts (brute-force defense).Prevent resource exhaustion caused by incomplete connection attempts.Stop attackers from trying to connect to built-in tunnel groups that aren’t meant for external access.

These features, part of Cisco’s threat detection service, offer powerful protections by blocking:

Repeated failed authentication attempts, defending against brute-force password attacks.Client initiation attacks, where the attacker starts but doesn’t complete a connection.Connection attempts to invalid VPN services, typically used by attackers to target internal functionality.

A notable success story comes from a Cisco admin who reported a dramatic reduction in failed login attempts, from 500K per hour to just 170 after enabling these new features. 🎉

Cisco admins who have deployed these features are already seeing positive results. However, some environments reported false positives during the initial setup. In these cases, reverting to the default settings improved performance and reduced unnecessary blocks. 🛠️

Cisco cautioned that while there’s no expected downside, the new features could potentially cause a performance impact depending on the device’s configuration and traffic load. It’s recommended that performance be monitored and configurations adjusted as needed.

With VPN services being a common target for attackers, enabling these new security measures can help protect your network from unauthorized access. Compromised VPN credentials are often the first step in ransomware attacks, which makes these protections critical for securing business operations.

Cisco’s new capabilities offer an efficient solution to an ever-present threat, reducing failed connection attempts and protecting against resource exhaustion. If your organization uses Cisco ASA or FTD for VPN services, enabling these features can drastically reduce the risk of breaches and enhance the overall security posture of your network.

💻 If you’re seeking more advanced network security or need a thorough assessment of your current defenses, it’s always a good idea to consider professional penetration testing services. These services simulate real-world cyberattacks, identify vulnerabilities, and provide actionable recommendations to fortify your systems.

Stay ahead of the threats — secure your VPN access and protect your digital assets today! 🔒 https://www.linkedin.com/company/wiretor