System auditing is essential, and log file inspection on systems which provide access to users from the internet should be done on a daily basis. Looking for unsuccessful logins on services can provide essential information for security administrators to refine their firewall rules to lock out suspicious IP addresses on the firewall level.
These tasks can also be automated, using Cyberarms Intrusion Detection and Defense System (IDDS) for Windows. IDDS monitors the Windows security log as well as specific network protocols like SMTP, FTP, and TLS/SSL used by Remote Desktop, for unsuccessful logins. The software can be configured with threshold values for unsuccessful logins to close doors immediately when a brute force or dictionary attack is detected.
With a focus on simplicity and easiness, IDDS became an integral part of the security strategy for a growing number of administrators worldwide and is used by small business as well as by enterprises. Cyberarms focusses on re-use of standard Windows components like the security event log and the Windows Filtering Platform, introduced with the Windows Server 2008 family.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.