Printable View
Hello Everyone,
In PCAnywhere you have the option of "Limiting Login Attempts Per Call", but it's pointless because the user can immediately log back in again and attempt to login. The setting "Cancel host after abnormal end of session" doesn't help either because it doesn't count as an abnormal end of a session.
Does anyone have any ideas or already know how you can prevent PCAnywhere from being brute-force hacked?
-Noel
Use its IP restriction feature. That way, at least you can restrict it to just your IP...which should help that tremendously.
There are also connection counts and times between connections that could be bumped way up to make it very very very time consuming to try to brute force.
Have never tried to use it but you could maybe consider using certificates...
Just a few ideas...
/nebulus
I wasn't able to find the place where I could confiugre the time between connections. If I could do that, it would be sufficient for my situation. Does it have to be done in the registry or something?
Hmm...maybe it is just a client side option, that may not have been what i was thinking it was...
sorry, should have paid closer attention. What I was looking at was:
remotes -> (select your remote connection) -> settings
It is at the bottom of that window, but now the more that I think about it, that is probably for your client and its attempts to connect to the remote, not vice versa.
Just thought of another thing, you can have the screen lock (or logoff) on any disconnect. That way, the person would have to have a real account to log on and get rid of screen lock. I think if you were to do that, have it setup on a non-standard port, and limit connections to IP's, you would remove a very large number of your problems. Unfortunately to me though, it looks like there is no real way to stop brute force, other than to limit connection attempts to 1 per call, but like you said, they can just reconnect...
I haven't tested it, but you could may be make the authentication for the connection be tied to the users on the box itself (using windows authentication). Then maybe the account will be locked out if too many tries are made (depending on your own audit setup). You might want to give that a shot as well...
/nebulus