Symantec VIP MFA and VPN brute-force attacks
search cancel

Symantec VIP MFA and VPN brute-force attacks

book

Article ID: 385858

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Attackers attempting to gain access to a VPN account can exploit it to infiltrate sensitive systems for nefarious reasons. This can cause the network connection denials, timeouts, or unresponsiveness -- essentially disrupting users' ability to access the internet through the VPN due to overloaded servers or connection disruptions. This can affect Symantec VIP on-premise and cloud services when multi-factor authentication is enabled and the MFA verification factor is configured before the LDAP factor.

Cause

Configuring VIP multi-factor authentication before the LDAP factor shifts all incoming requests to Symantec VIP resources. During an attack, unsuccessful attempts to gain access can consume computational resources on the VIP Enterprise Gateway and the User Store LDAP connection, while VIP Cloud network protections can affect incoming MFA requests. Ultimately, valid users are caught in the storm of invalid request and are prevented from connecting to network resources.

Resolution

Consult your VPN\NAS vendor for appropriate mitigation techniques to prevent any type of brute-force attacks from negatively affecting the MFA flow.