Here we have gathered some of the most common questions about Syspeace Server IPS.
If you do not find an answer to a question or have other concerns, you are welcome to contact our support.
Syspeace provides complementary protection to antivirus software and firewalls. Read more about Syspeace Server IPS
Syspeace implements a floating license model that helps you manage your Syspeace investment with a minimum of administration.
Licenses are bought per computer per day, but not allocated to any specific computer. This means that you are free to move the Syspeace application to different computers in your environment depending on where the service is needed without any extra web-based deactivation/activation.
When you register Syspeace for the first time, you get a license key that you can use on all subsequent Syspeace installations. The common license key allows you to utilize the floating license model and hence minimize the administration.
Syspeace follows the Windows Security Audit event logs. This requires that Windows log such “login failure” events; instructions are available in the manual.
Whether a successful login resets the record of incorrect login attempts is configurable in the Syspeace settings.
By adding a block of the attacker’s IP address to the Windows Firewall.
Nothing; connections of all kinds to the attacked computers are simply dropped, usually giving the attacker an error message about being unable to connect. Beyond these effects, the attacker is not aware of Syspeace or of being blocked.
Syspeace blocks IP addresses and not individual attackers. IP addresses are reassigned periodically in many circumstances and the IP address leading to an attacker today might lead to your best customer tomorrow. If an attacker has been seen to return under the same IP address, a stricter rule can be instated to block repeat offenders for a longer time, or that IP address can be added to the local blacklist.
This information is sent:
- the local IP address of the server
- the local hostname of the server
- the IP address of the attacking IP
- the hostname, as resolved by DNS, of the attacker
- a traceroute from the server to the attacker
- the point in time at which the attack happened
- the version of Syspeace
- the version of Windows
- the Syspeace account ID
The information is collected to facilitate the logic to find the worst blocklist offenders. The information about the local computer and Syspeace account ID is used to let the blocklist algorithm contrast between an attack against many computers in the same account and many computers across many accounts.
Although Syspeace is not technically restricted from being used on a Windows client operating system, our End User License Agreement does not cover this and we do not support this scenario, license, or no license. Our customers have so far told us that they like to use Syspeace on servers and that they like to use Windows Server operating systems on their Windows servers. We are not planning on officially supporting any Windows client operating system as long as that is the case.
If you are located in the US, we have an EIN from the IRS as well as a signed W8-BEN-E form.