Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Brute force and Terminal server (Ts Web Access 2008) on server 2008 ent editon x32 Cisco or server 2008

Posted on 2011-09-24
3
Medium Priority
?
387 Views
Last Modified: 2012-05-12
Hi there,
I get now thousands of auto emails genetrated regarding unsuccessful security logs from one of my server on which I am running tsweb access.  My clients access this server via https://server.mydomainname.com' and work on a database program.  As a precautionary measure I have already put in the account lock out policy after certain number of unsuccessful attempts but it seems like the people who attempt to have un authorized access to this server use Dos console with port mapped to 3389 and then they use brute force with different combinations to gain access.
I need help how to block the external unauthorized users IP addresses and or break their connection after certain # of logins? in server 2008.
Or
Any good software firewall which checks the unsuccessful attempts and puts them in the block IP and then release them after an amount of time.
Or
Cisco solution.  At the moment I have cisco 2911 router with IOS firewall, I am getting tired of putting in manually the IPs of these buggers.
Help plz
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 400 total points
ID: 36594353
There is a worm going around that has a limited dictionary of passwords that it tries. The problem is that a firewall has no way to tell a good connection from a bad connection because it only understands TCP, and it has no visibility into what is happening over the encrypted RDP session. Your best defense is to have good passwords in place. There was another question on EE asking for the same thing. I don't remember the resolution.

You can require VPN connection or RDP Gateway. The worm isn't coded to go through an RDP gateway (and it would be hard to do because you would need to name or IP of the RDP server behind the gateway).

Whitelisting your clients is another way, but not foolproof. I suggest implementing RDP gateway. You can also add cool two-factor authentication such as PhoneFactor, which is free for up to 25 unique users per month.
0
 
LVL 11

Accepted Solution

by:
yelbaglf earned 1600 total points
ID: 36595249
0
 
LVL 4

Author Closing Comment

by:amanzoor
ID: 36595524
I am really thankful to experts like you, your uptodate knowledge.
Thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question