Troubleshooting Syspeace and why source IP addresses aren’t always resolved by Windowsserver in eventid 4625

Syspeace monitors failed logins attempts on Windows systems Sometimes though, the event (Eventid 4625 or eventid 529 and a few other security events we monitor) doesn’t actually contain the source IP address thus leaving Syspeace with nothing to block. If there’s no IP address to block, it can’t be put into to the Windows Frewall […]

Read more

Troubleshooting Syspeace

An interesting support case came to our attention recently. A customer claimed that Syspeace wouldn’t block according to the rules. The bruteforce attacks would continue , even after they should have been blocked. We checked the ususal culprits (verify that the .Net is fully patched, that the customer is running the latest Syspeace version, verify […]

Read more

How to battle slowgrind #bruteforce attacks against #msexchange #windows server #remotedesktop #sharepoint with #Syspeace

Syspeace automatically blocks attacks that occur according to the rules. The default rule is that if an intruder fails to login more than 5 times within 30 minutes, the intruders IP address is blocked, tracked and reported for 2 hours and simply is denied any access to the server. A new trend though has emerged […]

Read more

#Syspeace stops due to license server inaccessable on #Windows Server 2003 #infosec

Syspeace service stops due to license server not reachable / inaccessibility on Windows Server 2003 We’ll actually update the troubleshooting section with info for Windows 2003 Servers but here’s why this can occur. Apparently root certificates are not automatically updated on Windows Server 2003: http://support.microsoft.com/kb/931125 The automatic root update mechanism is enabled on Windows Server […]

Read more

#infosec Securing your #WinServ and #MSExchange with an acceptable baseline security

Securing your Windows Server with a baseline security In short, to have an acceptable baseline security for any Windows server you need to think all of the things below in this list. Sadly enough, even if you follow all of these steps, you’re still not secured forever and ever. There’s no such thing as absolute […]

Read more

#Infosec When and where is Syspeace useful for intrusion prevention ?

In what scenarios Syspeace is useful for preventing brute force attacks? Do I need it if I’ve only got a Windows workstation? Syspeace is an intrusion prevention software mainly targeted for Windows Servers, SBS Server, RDS TS Servers, RDWeb, Sharepoint Servers, SQL Server, Exchange, Sharepoint, Citrix and so on but it will also run on […]

Read more

Syspeace for internal brute force protection on Windows Servers

After installing Syspeace , the tech guys started getting notifications that their Exchange Server was trying to login to another server and it was rejected. There was no reason for this server to do so whatsoever and it had not been noticed earlier so it’s hard to say when it actually started. After disabling the […]

Read more

1 2
top