Exchange OWA - failed logins and brute force monitor

Good day, Colleagues!
Does exist a reliable way to convenient monitoring of Exchange OWA failed logins and brute force attempts?
I need user-friendly utility ; )
adromanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony GiangrecoCommented:
I had a Problem a few years ago with hackers trying to break into a terminal server in a Brute Force manner. I resolved the problem taking these steps that may help you:

1. Make sure all users have strong passwords and possibly change the passwords so you know they are strong using upper case, lower case, a number and a special character in each.

2. Install Syspeace on the windows 2008 server from www.syspeace.com.

After three invalid login attempts, it locks out the account in Active Directory so the hackers can't login. After a pre-determined amount of time, it removes the lock.

It also has it's own global blacklist of hacker's IP addresses that are blocked right away. Syspeace updates that list based on hacking activity it sees from other servers that have Syspeace installed on it.  The program works very well.

Hope this resolves your issue.
0
Will SzymkowskiSenior Solution ArchitectCommented:
The best method would be to use your firewall.

Will.
0
Tony GiangrecoCommented:
Just installing a firewall won't resolve your problem. You need to configure it to either only allow your users access to OWA or check the attempted connections to see where they are coming in from. If they are from foreign countries and you don't have users in foreign countries, you can see of your firewall can block the OWA port for those countries.

If you do have a firewall installed, I'd find an export to install and configure it properly for your network.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Mal OsborneAlpha GeekCommented:
When a user attempts to authenticate against OWA, their credentials are checked by Exchange on a Domain Controller. This will generate an entry in the server's security log. Unfortunately, these logs are "busy", and difficult to read manually.

Thus, you need a tool to parse, analyse and make sense out of a security log, fortunately such things exist.

Here ae a few links to get you started:

https://www.manageengine.com/products/eventlog/
http://www.microsoft.com/en-au/download/details.aspx?id=24659
http://go.solarwinds.com/LEM/NA/event-log-analyzer?&CMP=KNC-TAD-GGL-LEM_APAC_AU_P-LEM-DL-X&gclid=CLO5xInR1McCFYUHvAod4EUNzg
0
Tony GiangrecoCommented:
If the invalid logins are from your employees, then identify them by searching the windows logs and review the situation with them.

If the invalid logins are from hackers, then you need a firewall or more vigorous security software to manage the situation for you so you don't have to be there 24x7 manually managing the problem.

Evaluate the situation and take the appropriate action.
0
adromanAuthor Commented:
OWA uses windows server, so I have windows integrated firewall and I don't know how it can help me to identify basic attack attempts to OWA

The risks are from external hackers

Where could I find more vigorous security software for OWA to maintain composure about the problem? :)

I also want to monitor failed logins attempts and approved logins from any users, including myself :)
0
Tony GiangrecoCommented:
Hi adroman,

SysPeace will record and display all failed logins in it's interface for you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.