Question

1
Replies
77
Views
ackel Member since 2012 4 posts
PEGA
Posted: June 27, 2017
Last activity: June 27, 2017
Closed
Solved

Pegacloud Brute Force Attack Prevention?

Hi Community,

The customer runs an application in the Pegacloud. Customer's architect found in the services description somewhere that a kind of basic Brute Force Attack protection is available OOTB in Pegacloud. (As per my understanding, this is related to repeated access attempts with generated or guessed credentials and hence different from DoS attacks.)

1) Is there any more specific documentation about what is actually protected and how?

- Logon servlet?

- SSO servlet?

- PRCustomAuth?

- IAC / exposed forms?

- REST / SOAP via HTTPS?

- others...?

2) Is there any recommendation or guide how to perform additional configuration for increasing security in terms of brute force attacks? Or is the customer even required to cover certain scenarios by himself? (Thinking of SSO or IAC...)

Appreciate any "official" statement from Pegasystems regarding the brute force attack protection capabilities of Pegacloud.

Thank you,

Lars

Security Cloud Services
Moderation Team has archived post
Share this page LinkedIn