> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/3.-connect-and-protect-networks-and-network-security/module-4/os-hardening/brute-force-attacks-and-os-hardening.md).

# Brute force attacks and OS hardening

Let’s imagine you’re a knight defending your kingdom’s castle from invaders who are trying to break in using brute force. Now, these invaders aren’t swinging swords or throwing rocks. Nope, they're using trial and error, just like a video game where you’re trying every key on the map to unlock a treasure chest. That’s a brute force attack! Let’s dive into the lesson with a little adventure to keep it ADHD-friendly and fun.

#### Act 1: The Kingdom of Securetopia

You’re in charge of **Securetopia**, a land that guards treasures like sensitive information (your passwords and private data). The invaders (hackers) are constantly trying to figure out the **secret codes** (passwords) to break into the kingdom.

* **Simple brute force attack** is like a brute trying every combination of keys on a door to unlock it. “Is it 123? No? Okay, how about ‘password1’? No?” It’s slow, but they keep trying until they get in.
* **Dictionary attack** is sneakier. The invaders have stolen a dictionary full of **commonly used passwords** (think "password," "123456," or "letmein"). They think, “Hey, people love easy passwords; let’s try these first.” And sometimes they succeed!

#### Act 2: Fortifying the Castle

You don’t want your castle to be taken down by these invaders, right? Time to **harden your defenses**!

1. **Virtual Machines (VMs)**: Picture a magical room where any damage done can be instantly repaired or erased. VMs let you test things (like suspicious files) safely. If the invaders (malware) try to wreck things in this room, no big deal, just reset it. But beware! Some invaders are smart enough to escape the VM!
2. **Sandboxes**: Imagine a **sandbox** like a magical testing arena. It’s a place separate from your castle where you can throw your enemy's suspicious artifacts (software) to see if they explode (harm your systems). If they do, the damage stays in the sandbox and doesn’t hurt the kingdom!

#### Act 3: The Mighty Weapons Against Invaders

Now, let’s talk about the **powerful weapons** you can use to stop brute force attacks:

* **Hashing & Salting**: Imagine you have a secret recipe for a potion (password) that’s encrypted with a **magical code** (hashing). No one can reverse-engineer the potion without the code. But wait! You add a sprinkle of **salt** (random characters) to the potion, making the magical code even harder to guess!
* **Multi-Factor Authentication (MFA)**: This is like requiring not just a key, but a secret handshake, **AND** a magical ring to enter the castle. Even if the invader steals the key (password), they still can’t get in without the handshake (fingerprint or OTP) and ring!
* **CAPTCHA**: Ever seen a magical gate that asks, “Prove you’re not an invader by picking the pictures with bridges!” That’s CAPTCHA. Only real humans (not bots) can solve these riddles, and it stops invaders from using automated brute force attacks.
* **Password Policies**: Your knights enforce strict rules in Securetopia. Everyone needs a strong password like “SirDragonSlayer198!” instead of “password123.” And no one is allowed to reuse old passwords. Otherwise, you’re kicked out of the castle for bad security!

#### Act 4: Adventures in Vulnerability Testing

Before invaders even approach, you send out **cyber knights** to find any weak points in your defenses. They use **virtual machines** and **sandboxes** to simulate attacks and find vulnerabilities. It's like running drills to test if any walls in the castle need reinforcing.

Your knights also know that **some invaders** have advanced tricks. They pretend to be harmless while being observed but turn into full-fledged beasts once they escape the sandbox or VM. So, you have to be careful even with your magical protections.

#### Act 5: Wrapping it Up with Key Takeaways

* **Brute force attacks** are like invaders trying different keys until one fits.
* **VMs and Sandboxes** are magical rooms where you can test suspicious things without getting hurt.
* **Prevention tools** like **MFA, CAPTCHA, salting, and password policies** are the knight's armor that protects the kingdom from invaders.

And there you have it! Your castle (computer and network) is now secure from invaders trying brute force attacks. Keep those defenses strong, use your magical tools wisely, and your kingdom of Securetopia will stay safe!
