Brute-force attack prevention on OpenStack controller
The Identity service does not provide the brute-force protection capability.
That is why, this use case will help you install the Web Application Firewall
(WAF) with rules dedicated to mitigating and limiting the strength of
the brute-force attack that an attacker outside runs through the OpenStack
Dashboard service (Horizon) connected to the public network.
Caution
The use case has several limitations and does not cover the following type of attacks:
- An external attack through the public Keystone endpoint, because it may lead to blocking
proxy IPs when an attacker goes through the public OpenStack Dashboard. To prevent
the brute-force attack on the Keystone level, enable notification of failed login attempts
in the OpenStack Identity service. See Enable CADF notifications in Keystone for more details.
- An internal attack from within the security perimeter when the Management network
is compromised.
- The brute-force prevention using IP blocking is useless for an attack strengthen
by a botnet.
To prevent the brute-force attack that comes through the OpenStack Dashboard,
on the OpenStack controller, complete the following steps:
- Install ModSecurity on the OpenStack controllers.
- Create brute-force rules for ModSecurity.
- Verify alerts generated by ModSecurity in log files.