February 28, 2013 / by Johan / ids/ips, IT securiy / 0 comments
Hi, all. As all of you know, we put a lot of effort and work into getting various features and improvements in place to help you protect your Windows 2003/2008/2008R2 and the Windows Server 2012 support coming up , Terminal Servers, Sharepoint Servers, Citrix Servers, Exchange Servers and so on. We’re just so into making […]
Read more
Troubleshooting Syspeace
January 16, 2015 / by Johan / brute force, cloud security, ids/ips, syspeace / 0 comments
An interesting support case came to our attention recently. A customer claimed that Syspeace wouldn’t block according to the rules. The bruteforce attacks would continue , even after they should have been blocked. We checked the ususal culprits (verify that the .Net is fully patched, that the customer is running the latest Syspeace version, verify […]
Read more
Troubleshooting Syspeace and why source IP addresses aren’t always resolved by Windowsserver in eventid 4625
January 16, 2015 / by Johan / cloud security, ids/ips, Uncategorized / 0 comments
Syspeace monitors failed logins attempts on Windows systems Sometimes though, the event (Eventid 4625 or eventid 529 and a few other security events we monitor) doesn’t actually contain the source IP address thus leaving Syspeace with nothing to block. If there’s no IP address to block, it can’t be put into to the Windows Frewall […]
Read more
#Syspeace stops due to license server inaccessable on #Windows Server 2003 #infosec
July 18, 2014 / by Johan / Uncategorized / 0 comments
Syspeace service stops due to license server not reachable / inaccessibility on Windows Server 2003 We’ll actually update the troubleshooting section with info for Windows 2003 Servers but here’s why this can occur. Apparently root certificates are not automatically updated on Windows Server 2003: http://support.microsoft.com/kb/931125 The automatic root update mechanism is enabled on Windows Server […]
Read more
#infosec VPS and #Cloud servers used for brute force attacks and #botnets against #WinServ and #MSExchange
February 20, 2014 / by Johan / cloud security, ids/ips / 0 comments
Is your VPS used for brute force attacks? or I could also have called this post “Do you know whom your VPS is hacking today?” A trend that has surfaced over the years is to simply hire computer power inte the Cloud in various forms and shapes. The basic idea is to get rid of […]
Read more
#infosec Securing your #WinServ and #MSExchange with an acceptable baseline security
February 16, 2014 / by Johan / cloud security, infosec, IT securiy, syspeace, windowsserver / 0 comments
Securing your Windows Server with a baseline security In short, to have an acceptable baseline security for any Windows server you need to think all of the things below in this list. Sadly enough, even if you follow all of these steps, you’re still not secured forever and ever. There’s no such thing as absolute […]
Read more
A walkthrough of getting #Syspeace licenses and how it works
November 27, 2013 / by Johan / cloud security, ids/ips, syspeace / 0 comments
Getting #Syspeace licenses and how it works. From time to time we get an email from customers that have bought their Syspeace licenses and they ask for the license key that they expect to get in an email. Here’s a walkthrough of how #Syspeace licensing actually works. First you install a #Syspeace trial, register a […]
Read more
Using Syspeace for a targeted bruteforce attack against a specific username
May 2, 2013 / by Johan / brute force, IT securiy / 0 comments
Today we had an interesting support question actually. Someone is trying to bruteforce a customer using the same account name but from a lot of different IP addresses and they only try once or twice from each IP address thus not triggering Syspeace to block the IP address based on the default rule. The suggestion […]
Read more
Closing in on 1 Million blocked brute force and dictionary attacks on Windows Servers world wide
April 4, 2013 / by Johan / ids/ips, IT securiy, syspeace, Uncategorized, windowsserver / 0 comments
Just a quick post about the numbers so far really. Last night , Syspeace had blocked 962 553 brute force and dictionary attacks on Windows 2003 / 2008 / SBS server / RDS servers / Citrix WorldWide. As a prediction , we will reach over 1 Million later on this week or early next week. […]
Read more
Syspeace license password reset
February 28, 2013 / by Johan / ids/ips, IT securiy / 0 comments
Hi, all. As all of you know, we put a lot of effort and work into getting various features and improvements in place to help you protect your Windows 2003/2008/2008R2 and the Windows Server 2012 support coming up , Terminal Servers, Sharepoint Servers, Citrix Servers, Exchange Servers and so on. We’re just so into making […]
Read more
Syspeace now also for Windows 2003 Server
February 4, 2013 / by Johan / cloud security, ids/ips / 0 comments
We’re happy to annonuce that the 2.0 version of Syspeace now also supports Windows 2003. A few other changes in there are that the engine is rewritten to be even faster, the GUI has been simplified and we’ve done a few other changes “under the hood” to make it more modular for future development for […]
Read more