Auto-ban Sensitivity Level for Admin Connection


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v8 and later

DISCUSSION

EFT provides a built-in system to detect and counter against various layer-7 targeted DoS attacks. These attacks either intentionally target availability or do so indirectly as a byproduct of brute forcing, vulnerability scanning, directory traversal, and similar attacks that attempts to exploit confidentiality or integrity. EFT uses a point system to determine the likelihood of an attack, with separate counters in place to account for different attack vectors. You can control the sensitivity of the attack detection logic or override the default values.

The advanced property sets the flood/hammer auto-ban sensitivity level for admin connection.

Add the name:value pair below to the AdvancedProperties.JSON file in the \ProgramData\ folder for EFT (for example, C:\ProgramData\Globalscape\EFT Server):

{
"AutobanSensitivityLevelForAdminConnections":"5"
}

Possible values:

  • 0 - Off
  • 1 - Very low
  • 2 - Low
  • 3 - Medium (the default if the key is not present)
  • 4 - High
  • 5 - Very high

MORE INFORMATION

To mitigate the effects of Layer 3 or 4 DoS attacks, including volumetric Distributed Denial of Service (DDoS) attacks, we recommend the use of external DDoS protection services, where traffic is redirected to a content delivery network cloud security provider, which in turn returns only clean traffic to your organization. These solutions can be costly but are the only effective means of preventing these types of attacks. EFT includes additional protections against confidentiality and integrity attacks. Some of those are configurable, such as failed login attempt ban logic, password complexity rules, username blacklisting, IP white/blacklisting, banned file types, max allowed connections from same IP, and various other configurable settings.

For more information about flood/DoS prevention, read the "Flooding and Denial of Service Prevention" topic in the help for your version of EFT.

For more information about Advanced Properties, read the "Advanced Properties" topic in the help for your version of EFT.

 

For pre-v8 versions of EFT, the registry value is

SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.2\

Values are the same as above.