eemmpph
asked on
How can block, by ip address, people trying to vpn into my server?
I have 135 entries in my system log, with event ID 20271: The user xxxx connected from 104.x.x.x but failed an authentication attempt. Looking at the user names, none are associated with our firm.
How can I block them, by IP address, from even trying to VPN into the server?
I am running Windows Server 2008-R2.
Your help is greatly appreciated.
How can I block them, by IP address, from even trying to VPN into the server?
I am running Windows Server 2008-R2.
Your help is greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess for those 5, I can supply each of them with a different very strong password. They currently make up there own strong (complex) password.
Only allow VPN profiles on company owned laptops that do not have user administrative privileges. Then no one can access. Firewalls are not email. You can block email. People can scan IP blocks and knock. Not much you can do about this.
ASKER
To make sure I understand correctly, the only way a user has permission to vpn into the server, is to go to the Dial-In tab in Active Directory and click Allow Access, is that correct?
If I click Deny Access, will it prohibit the user from using Outlook Web Access to check e-mail?
If I click Deny Access, will it prohibit the user from connecting to Exchange Server on there iphone?
If I click Deny Access, will it prohibit the user from using Outlook Web Access to check e-mail?
If I click Deny Access, will it prohibit the user from connecting to Exchange Server on there iphone?
the only way a user has permission to vpn into the server, is to go to the Dial-In tab in Active Directory and click Allow Access,
Yes
If I click Deny Access, will it prohibit the user from using Outlook Web Access to check e-mail?
Should not. Outlook has its own security and usually you can access Outlook and Web Mail without VPN.
If I click Deny Access, will it prohibit the user from connecting to Exchange Server on there iphone?
I do not think so. Same answer as above.
Yes
If I click Deny Access, will it prohibit the user from using Outlook Web Access to check e-mail?
Should not. Outlook has its own security and usually you can access Outlook and Web Mail without VPN.
If I click Deny Access, will it prohibit the user from connecting to Exchange Server on there iphone?
I do not think so. Same answer as above.
ASKER
Thank you John for all your help. I greatly appreciate it!
Thank you and I was very happy to help you.
Depends on the level of security you need.
Your options include, as stated,
1. Ignoring the attempts
2. Implementing a business class firewall that can block IPs based on geography - the FREE Untangle Unified threat management systems can do this and the paid one offers more capabilities.
3. Create firewall rules that only allow connections from your employees who need it (this can be difficult unless your employees are all using systems with static IP addresses; but if your VPNs are from business partners, then this is a practical solution).
4. Implement a properly configured IPS (Intrusion Prevention System) that can detect repeated attempts to connect and temporarily lock out that IP/user account that failed too many times.
Your options include, as stated,
1. Ignoring the attempts
2. Implementing a business class firewall that can block IPs based on geography - the FREE Untangle Unified threat management systems can do this and the paid one offers more capabilities.
3. Create firewall rules that only allow connections from your employees who need it (this can be difficult unless your employees are all using systems with static IP addresses; but if your VPNs are from business partners, then this is a practical solution).
4. Implement a properly configured IPS (Intrusion Prevention System) that can detect repeated attempts to connect and temporarily lock out that IP/user account that failed too many times.
ASKER
I am able to block e-mails from both countries using Vamsoft ORF, but not the VPN.
What does closely controlled profiles mean? I do have about 5 users where they can VPN into the server to access client files.