Here we have gathered some of the most common questions about Syspeace Server IPS.
If you do not find an answer to a question or have other concerns, you are welcome to contact our support.
I already have antivirus software and a firewall. Why should I use Syspeace?
Syspeace provides complementary protection to antivirus software and firewalls. Read more about Syspeace Server IPS.
How do the licenses work?
Syspeace implements a floating license model that helps you manage your Syspeace investment with a minimum of administration.
Licenses are bought per computer per day, but not allocated to any specific computer. This means that you are free to move the Syspeace application to different computers in your environment depending on where the service is needed without any extra web-based deactivation/activation.
When you register Syspeace for the first time, you get a license key that you can use on all subsequent Syspeace installations. The common license key allows you to utilize the floating license model and hence minimize the administration.
How does Syspeace know when someone’s failed to log in?
Syspeace follows the Windows Security Audit event logs. This requires that Windows log such “login failure” events; instructions are available in the manual.
If a user forgets their password but login correctly just before they are blocked, will Syspeace deem them as attackers if they login incorrectly once more?
Whether a successful login resets the record of incorrect login attempts is configurable in the Syspeace settings.
How does Syspeace block attackers?
By adding a block of the attacker’s IP address to the Windows Firewall.
What does the attacker see?
Nothing; connections of all kinds to the attacked computers are simply dropped, usually giving the attacker an error message about being unable to connect. Beyond these effects, the attacker is not aware of Syspeace or of being blocked.
Why do Syspeace blocks expire at all? Why not just continue blocking attackers for all eternity?
Syspeace blocks IP addresses and not individual attackers. IP addresses are reassigned periodically in many circumstances and the IP address leading to an attacker today might lead to your best customer tomorrow. If an attacker has been seen to return under the same IP address, a stricter rule can be instated to block repeat offenders for a longer time, or that IP address can be added to the local blacklist.
The global blocklist sounds great, but what information is sent to the Syspeace server for this to work?
This information is sent:
- the local IP address of the server
- the local hostname of the server
- the IP address of the attacking IP
- the hostname, as resolved by DNS, of the attacker
- a traceroute from the server to the attacker
- the point in time at which the attack happened
- the version of Syspeace
- the version of Windows
- the Syspeace account ID
The information is collected to facilitate the logic to find the worst blocklist offenders. The information about the local computer and Syspeace account ID is used to let the blocklist algorithm contrast between an attack against many computers in the same account and many computers across many accounts.
What about Windows XP/Vista/7/8/10?
Although Syspeace is not technically restricted from being used on a Windows client operating system, our End User License Agreement does not cover this and we do not support this scenario, license, or no license. Our customers have so far told us that they like to use Syspeace on servers and that they like to use Windows Server operating systems on their Windows servers. We are not planning on officially supporting any Windows client operating system as long as that is the case.
I have never done any business with a company from Sweden before. Is there anything that I need to know?
If you are located in the US, we have an EIN from the IRS as well as a signed W8-BEN-E form.
Who do I contact in case I have questions not covered in the FAQ?
Please use our Support form.