Troubleshooting Syspeace and why source IP addresses aren’t always resolved by Windowsserver in eventid 4625

Syspeace monitors failed logins attempts on Windows systems Sometimes though, the event (Eventid 4625 or eventid 529 and a few other security events we monitor) doesn’t actually contain the source IP address thus leaving Syspeace with nothing to block. If there’s no IP address to block, it can’t be put into to the Windows Frewall […]

Read more

How to battle slowgrind #bruteforce attacks against #msexchange #windows server #remotedesktop #sharepoint with #Syspeace

Syspeace automatically blocks attacks that occur according to the rules. The default rule is that if an intruder fails to login more than 5 times within 30 minutes, the intruders IP address is blocked, tracked and reported for 2 hours and simply is denied any access to the server. A new trend though has emerged […]

Read more

Syspeace for internal brute force protection on Windows Servers

After installing Syspeace , the tech guys started getting notifications that their Exchange Server was trying to login to another server and it was rejected. There was no reason for this server to do so whatsoever and it had not been noticed earlier so it’s hard to say when it actually started. After disabling the […]

Read more

Using various brute force and dictionary attack prevention methods to prevent hackers – and why they don’t work . Repost

This is actually a repost on a fairly well read blogpost but I thought I’d share it with you again. Intro on brute force / dictionary attack prevention tactics and some common misconceptions Protection from brute force attempts on Windows servers has always been a nightmare and would continue to be so if not .. […]

Read more

Using Syspeace also for internal protection and access reporting.

Using Syspeace for internal server protection Most Syspeace users have the software in place to protect them from mainly from external threats from the Internet such as hacking attempts via bruteforce attacks and dictionary attacks. Quite often, the internal netowrk ranges are excluded in the local whitelist by sysadmins , thus never blocking anything from […]

Read more

Protecting your customers from brute force attacks in Cloud services or in an outsourcing company

 About brute force protection and Cloud Security and VPS (Virtual Private Servers) and outsourcing or hosted environments Thoughts on cloud security by Juha Jurvanen @ JufCorp If you are a Cloud Service provider or an outsourcing company and giving your customers access to various Windows services such as file access, Exchange, Exchange OWA,  Sharepoint, Citrix, […]

Read more

About Syspeace and it’s background

By Juha Jurvanen Senior IT consultant in backup, IT security, server operations and cloud The goal with Syspeace is to simplify security management and prevent brute force hacking, primarily in Microsoft Windows Server environments and is targeted at system administrators that manage servers, either ther own ones or for external customers or even in data centers […]

Read more

Securing your webmail/OWA on Microsoft Exchange and a few other tips

This is what I’d called a “blogomercial” with a hidden agenda but I hope you’ll find some interesting pointers anyway, the commercial part is at the end really. 🙂 Servicing your users and customer over the Internet  Anything facing the Internet is a potential target for anyone who wants to gain access or disrupt your […]

Read more

top