Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1245
  • Last Modified:

How to protect the Besadmin account from a brute force password attack

Hi,
We have been having an issue where the besadmin account is getting locked out because of outside attempts to use this account to get into some servers.  What are best policies to protect this account?

Thanks
0
dross333
Asked:
dross333
  • 2
  • 2
  • 2
1 Solution
 
Sudhakar KumarService ArchitectCommented:
Well most of the times it is due to weak passwords. I always use 14-16 letter Strong Passwords.

A strong password guidelines:
•Atleast fourteen characters long, due to the way in which encryption works.
•Contain both uppercase and lowercase letters.
•Contain numbers.
•Contain symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
•Contain a symbol in the second, third, fourth, fifth or sixth position (due to the way in which encryption works).
•Not resemble any of your previous passwords.
•Not be your name, your friend's or family member's name, or your login.
•Not be a dictionary word or common name.

Some Examples-

Qu!cK2@!!He!P
eXtr@0rd!N@ry
k!LL#tHE#b!rd

The Other thing is Never Share the passwords and you have to have it remembered. :-)
0
 
Sudhakar KumarService ArchitectCommented:
Apart from strong password please consider good practices of crosscheck service account permissions for a BlackBerry Enterprise Server

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB02276
0
 
Mike SullivanDirectorCommented:
As well as all of the above, also consider changing the login name of the BES Administrator account. BESadmin is quite common - BBAdmin is less so, for example.

Check all of the services on the BES that are authenticated using the BES Admin account and ensure that their logon credentials are up to date. If the password is wrong in one of them, it will look like a brute force attack as it attempts to restart the service and constantly gets the password wrong.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
dross333Author Commented:
Thanks for the responses.  But even if I have a strong password, after multiple wrong attempts, the account gets locked out. Do I assign a policy of some sort so that it never gets locked out.  My concern is if I do this, then it just gives an attacker more attempts of trying to hack the password as the account will never get locked out after a # of incorrect password attempts.


Thanks
0
 
Mike SullivanDirectorCommented:
Change the login name for the account. An attacker can't compromise the account if they don't know the login name.
0
 
dross333Author Commented:
Thank You
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now