How does the IAM Identity Center portal prevent brute-force attacks from causing AD account lockouts?

0

I have configured the identity source of IAM Identity Center to be AWS Managed Microsoft Active Directory. For security reasons, I have enabled the Account Lockout Policy in Active Directory, which locks an account after 6 failed login attempts.

My concern is that since the IAM Identity Center portal is open to the internet, anyone can access my portal and attempt to log in by brute force. If there are 6 failed login attempts, my AD account will be locked.

Is my concern valid? Are there any ways to address or mitigate this situation?

PokeBug
asked 6 months ago535 views
1 Answer
0

Your concern about account lockouts due to brute force login attempts on the IAM Identity Center portal is valid. Since the portal is internet-facing, it could potentially be subjected to such attacks.

A few things you can do to help mitigate this risk:

  1. Enable multi-factor authentication (MFA) for administrative users who access the portal. This adds an extra layer of security beyond just a password.

  2. Monitor sign-in logs and alerts from IAM Identity Center and Active Directory for any suspicious activity. This can help detect brute force attempts early.

  3. Use threat detection services like Amazon GuardDuty or AWS Security Hub to monitor for abnormal login patterns that could indicate a brute force attack.

  4. Consider implementing rate limiting on the IAM Identity Center portal to restrict the number of failed login attempts within a certain time period. This can help prevent account lockouts.

  5. Make sure your Active Directory password policies are properly configured to restrict weak, reused or predictable passwords. Stronger passwords raise the bar for attackers.

  6. Use a web application firewall or AWS WAF to filter and block traffic patterns typical of brute force attacks at the network layer, before it even reaches the portal.

Sources [1] [Manage your identity source - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source.html) [2] [Using Active Directory as an identity source - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/gs-ad.html) [3] [Manage identities in IAM Identity Center - AWS IAM Identity Center] (https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-sso.html)

AWS
answered 6 months ago
profile picture
EXPERT
reviewed 6 months ago
  • Thank you for your reply. I understand that measures 1, 2, 3, and 5 can help prevent and monitor brute force attacks on the account. However, even with these measures in place, it is still not possible to completely avoid the account being locked due to persistent brute force attempts. Measures 4 and 6 seem useful, but I have been unable to find information on how to configure them. Do you have any specific configuration or reference materials that could help me understand how to configure these measures?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions