Solved

Preventing brute force attacks

Posted on 2013-06-30
4
283 Views
Last Modified: 2014-10-07
Hi all, I'm interested in software to prevent brute force attacks to RDP etc, I have found software called RDPguard but have never seen it mentioned before, anyone know if it's legit or another fake?

Also are there any other solutions to brute force attacks? I have changed the RDP port but still the event log fills with audit failures.

Thanks all
0
Comment
Question by:Leigh2004
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Assisted Solution

by:Shaik M. Sajid
Shaik M. Sajid earned 167 total points
ID: 39287972
you can deploy certificate server SSL

to make it secure...

http://technet.microsoft.com/en-us/magazine/ff458357.aspx

as well

http://www.petri.co.il/securing_rdp_communications.htm

all the best
0
 

Author Comment

by:Leigh2004
ID: 39288087
Thanks shaiksaj, but I am more interested in the ip blocking method as RDPguard claims to be able to do, as that would also protect ftp, mssql etc

I have just found another called E-Guardo but that looks very dubious to me, also one called Syspeace with an outrageous pricing plan, any opinions on any of these ?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 166 total points
ID: 39288496
The OS can do this for you, it's built-in... use Secpol.msc, got to account policies. Adjust the lockout and duration thresholds if need be. You can also try these settings: http://technet.microsoft.com/en-us/library/cc783225%28v=ws.10%29.aspx
You can use secpol.msc to limit what users and groups can RDP, remove administrator, and only allow those in the RemoteDesktop group. Change the Administrator account name as a best practice.
http://www.umanitoba.ca/about/media/IST_Securing_Remote_Desktop_on_XPpro.pdf
-rich
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 167 total points
ID: 39306484
you will ALWAYS have failed connections filling up your logs whenever any service is open to the internet whatever the port.

using secure passwords is a good start

monitoring successfull connection attempts is useful

monitoring failed attempts and locking out the ips is mildly useful because attacks can be run from plenty of ips at the same time

limiting the number of failed attemps per user is very efficient if combined with forced password changes but might efficiently make you unable to connect to your system because of an attack. but combined with the previous and possibly ip whitelisting policies uppon successfull attemps, this can produce excellent security.

opening the RDP port only to users who successfully connected to a different service can also be a good way to prevent most such attacks.

---

bottomline is it is not a matter of software but rather of policy. it is also very likely that you can reasonably ignore these events altogether. maybe tell us more about your situation (number of users, attck frequency, existing firewall...) so we can get a better idea.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
disable USB on Dell Printers 14 83
What is the goal of SOC2 compliance? 4 50
Workstation all of a sudden says it cannot connect to domain because 3 69
wannacrypt movement 9 77
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question