The invention relates generally to computer systems, and deals more particularly with a system, method and program to filter out login attempts by hackers and other unauthorized entities.
It is well known today that a valid combination of userID and password (or other password information) are typically required for secure access to protected resources. Such resources include files, databases, computer programs, computer systems and networks. In many cases, a server computer is responsible for granting access to a remote user based on a valid combination of userID and password supplied by the user's “client” computer. The userID and password are especially important when the access to the remote server computer is via an insecure network, such as the Internet. In such cases, a “hacker” or other unauthorized entity may flood the remote server with random or semi-random combinations of userIDs and passwords, hoping that one combination is valid to enable the hacker to access the protected resource. Security is improved by ensuring that authorized entities avoid use of predictable passwords such as “passwd”, “login” or common names. Security is also improved by limiting dissemination of the valid userIDs if possible, although only the password is considered to be secret.
A known solution is for the remote server to track and limit the number of login attempts by each userID. If there are more than a specified number of login attempts by a certain userID within a specified period of time, then the remote server “disables” the userID, i.e. the remote server will ignore the excess login attempts, will not attempt to authenticate the combination of userID and password (or other password information) and will not allow access by the userID to the protected resource even if a valid password is supplied. Because the number of possible passwords is typically high, the hacker is unlikely statistically to furnish a valid combination of userID and password within the foregoing constraints. This disablement of the userID may continue until the real user contacts an administrator to explain the situation and reestablish his or her authorization.
Another known solution is for the remote server to limit the rate at which it replies to submissions by the client of combinations of userIDs and passwords. Consequently, the rate at which the client can furnish different combinations of userIDs and passwords is limited. Because the number of possible passwords is typically high, it is unlikely statistically that the hacker can furnish a valid combination of userID and password before an administrator or security tool detects the attack.
There are also various types of “denial of service” attacks that are known today. In a “global” type of denial of service attacks, a hacker may attempt to flood a remote server with work requests in an attempt to overload the server to prevent it from servicing any of its authorized clients. A global denial of service attack is generally expensive for the hacker to implement and easy to detect by an administrator, although service may be impaired before the attack is detected and fixed. In a “focussed” type of denial of service attack, the hacker attempts to deny service to one or a few clients or users. For example, if a hacker floods a remote server with invalid combinations of a single, valid userID and different, invalid passwords, typically the server will “disable” the userID after a certain number of unsuccessful attempts, as explained above. While the hacker will not gain access to the remote server, this attack will nevertheless prevent the real owner of this userID from accessing the protected resource until the real owner contacts an administrator and reestablishes his or her authorization. A focussed denial of service attack is generally less expensive for the hacker to implement because lesser network traffic is required. Also, a focussed denial of service attack is typically more difficult for an administrator to detect because less network traffic is involved.
As explained above, the requirement for a valid combination of userID and password make it difficult for a hacker to gain access to protected resources. Also, the known techniques to prevent hackers from flooding a server with random combinations of userIDs and passwords further protect the resources from unauthorized access. However, further improvement to prevent unauthorized access would be valuable. Also, these known techniques make possible the focussed denial of service attack as described above.
Accordingly, an object of the present invention is to make it difficult for a hacker to access a protected resource.
Another object of the present invention is to make it difficult for a hacker to promulgate a focussed denial of service attack intended to prevent a legitimate user from accessing a protected resource.