A walkthrough of getting #Syspeace licenses and how it works

Getting #Syspeace licenses and how it works.

From time to time we get an email from customers that have bought their Syspeace licenses and they ask for the license key that they expect to get in an email.

Here’s a walkthrough of how #Syspeace licensing actually works.

First you install a #Syspeace trial, register a valid email address and choose a password password (this is done in the initial setup of SysPeace ).

The license key is then email to that mailaddress.
This is the key that will also become the live license when you buy the license, There is no separate license key mailed to you if you purchase licenses.

Once you purchase the license, the Syspeace client will automatically be updated upon the next contact with the license server when it requests a new token to validate the license or the next time it is restared.

If you want to extend your Syspeace license to be valid for more servers, simply login to the Syspeace licensing page and extend your license and install Syspeace on the next servers , using the same license key.

When you extend the license, you also have to ability to align license renewals to fit your needs. As an example, if you bought a Syspeace license in april for 3 #Windowsservers and two months later you install an additional server. The easiest way is to extend the running license and simply adding a fourth server. This way you don’t have to have an administrative nightmare in order to rememember various license renewals for diferent servers.

If you’ve bought your license through a reseller such they’ll manage all of the administration for you.

Have a try for yourself and download a free, fully functional trial of Syspeace and have your #Windows #Server, #Exchange and #OWA , #SQL , #Citrix , #Terminal #RD #RDweb , #Sharepoint and more automatically #intrusion protexted in a minute.

#bruteforce attacks and #dictionary attacks blocked, tracked and reported.

So far , #Syspeace has blocked 2 042 900 #intrusion attempts worldwide!

By Juha Jurvanen – Syspeace reseller at JufCorp and independent IT Consultant

A #Syspeace weekly report generated last night from a single server

An example of an actual #Syspeace weekly report generated last night at a single server somewhere. Each DNS or IP Address corresponds to an intrusion attempt that occoured the past week. #infosec #cybersecurity. For those whoa are also a bit vigilant, you’ll notice the #Syspeace version ..- Yes, we are working on a new release.. stay tuned.

Report for week 2013-11-18 – 2013-11-24

— All Week ——

IP address Times Host name and country
——————– —– ——————————-
5.167.43.248 1 5x167x43x248.dynamic.yola.ertelecom.ru; Russian Federation (RU)
50.197.62.73 1 50-197-62-73-static.hfc.comcastbusiness.net; United States (US)
64.183.205.246 1 rrcs-64-183-205-246.sw.biz.rr.com; United States (US)
69.174.245.138 1 .; United States (US)
77.94.189.17 3 ; Russian Federation (RU)
78.105.173.193 4 mail.thefoundry.org.uk; United Kingdom (GB)
81.136.203.171 1 host81-136-203-171.in-addr.btopenworld.com; United Kingdom (GB)
87.108.53.202 4 ip-87-108-53-202.customer.academica.fi; Finland (FI)
88.119.151.219 1 88-119-151-219.static.zebra.lt; Lithuania (LT)
88.249.65.35 1 88.249.65.35.static.ttnet.com.tr; Turkey (TR)
95.152.198.114 1 mailgate.riskdecisions.co.uk; United Kingdom (GB)
115.238.172.226 1 ; China (CN)
117.218.1.127 1 ; India (IN)
121.20.69.84 1 ; China (CN)
178.33.205.127 1 ; Spain (ES)
182.18.160.63 1 static-182-18-160-63.ctrls.in; India (IN)
184.82.181.135 1 184-82-181-135.static.hostnoc.net; United States (US)
192.157.246.59 3 59.246-157-192.rdns.scalabledns.com; United States (US)
192.157.246.60 1 60.246-157-192.rdns.scalabledns.com; United States (US)
193.227.46.18 4 ; Egypt (EG)
198.46.103.165 1 c62e6ea5.cst.lightpath.net; United States (US)
198.50.197.100 1 198-50-197-100.ovh.net; N/A (–)
212.250.127.114 3 114-127-250-212.static.virginm.net; United Kingdom (GB)
218.241.171.186 1 ; China (CN)
221.226.157.194 1 ; China (CN)
222.110.155.133 1 ; Korea, Republic of (KR)

Hourly breakdown (blocks per hour)
00 x4
01 x3
02 x1
03 x2
04 x1
05 x2
06 x1
07
08 x1
09 x2
10 x1
11 x1
12 x1
13 x5
14 x2
15 x3
16 x2
17 x1
18 x2
19 x2
20 x1
21
22 x1
23 x2

– 2013-11-18 —

IP address Times Host name and country
——————– —– ——————————-
77.94.189.17 2 ; Russian Federation (RU)
193.227.46.18 4 ; Egypt (EG)
218.241.171.186 1 ; China (CN)

Hourly breakdown (blocks per hour)
00
01
02 x1
03
04
05
06
07
08 x1
09
10
11
12
13 x2
14
15 x1
16
17
18 x1
19 x1
20
21
22
23

– 2013-11-19 —

IP address Times Host name and country
——————– —– ——————————-
77.94.189.17 1 ; Russian Federation (RU)
212.250.127.114 1 114-127-250-212.static.virginm.net; United Kingdom (GB)

Hourly breakdown (blocks per hour)
00 x1
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17 x1
18
19
20
21
22
23

– 2013-11-20 —

IP address Times Host name and country
——————– —– ——————————-
69.174.245.138 1 .; United States (US)
178.33.205.127 1 ; Spain (ES)
182.18.160.63 1 static-182-18-160-63.ctrls.in; India (IN)
192.157.246.59 1 59.246-157-192.rdns.scalabledns.com; United States (US)
192.157.246.60 1 60.246-157-192.rdns.scalabledns.com; United States (US)
212.250.127.114 2 114-127-250-212.static.virginm.net; United Kingdom (GB)
221.226.157.194 1 ; China (CN)
222.110.155.133 1 ; Korea, Republic of (KR)

Hourly breakdown (blocks per hour)
00 x1
01 x1
02
03
04
05 x1
06
07
08
09 x1
10
11
12 x1
13
14
15 x1
16
17
18
19
20 x1
21
22 x1
23 x1

– 2013-11-21 —

IP address Times Host name and country
——————– —– ——————————-
50.197.62.73 1 50-197-62-73-static.hfc.comcastbusiness.net; United States (US)
95.152.198.114 1 mailgate.riskdecisions.co.uk; United Kingdom (GB)
117.218.1.127 1 ; India (IN)
198.46.103.165 1 c62e6ea5.cst.lightpath.net; United States (US)

Hourly breakdown (blocks per hour)
00 x1
01
02
03
04 x1
05
06
07
08
09
10
11
12
13
14 x1
15
16
17
18
19
20
21
22
23 x1

– 2013-11-22 —

IP address Times Host name and country
——————– —– ——————————-
88.119.151.219 1 88-119-151-219.static.zebra.lt; Lithuania (LT)
198.50.197.100 1 198-50-197-100.ovh.net; N/A (–)

Hourly breakdown (blocks per hour)
00
01 x1
02
03
04
05 x1
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23

– 2013-11-23 —

IP address Times Host name and country
——————– —– ——————————-
64.183.205.246 1 rrcs-64-183-205-246.sw.biz.rr.com; United States (US)
78.105.173.193 1 mail.thefoundry.org.uk; United Kingdom (GB)
87.108.53.202 4 ip-87-108-53-202.customer.academica.fi; Finland (FI)
184.82.181.135 1 184-82-181-135.static.hostnoc.net; United States (US)

Hourly breakdown (blocks per hour)
00
01
02
03
04
05
06 x1
07
08
09 x1
10
11
12
13 x1
14
15 x1
16 x2
17
18 x1
19
20
21
22
23

– 2013-11-24 —

IP address Times Host name and country
——————– —– ——————————-
5.167.43.248 1 5x167x43x248.dynamic.yola.ertelecom.ru; Russian Federation (RU)
78.105.173.193 3 mail.thefoundry.org.uk; United Kingdom (GB)
81.136.203.171 1 host81-136-203-171.in-addr.btopenworld.com; United Kingdom (GB)
88.249.65.35 1 88.249.65.35.static.ttnet.com.tr; Turkey (TR)
115.238.172.226 1 ; China (CN)
121.20.69.84 1 ; China (CN)
192.157.246.59 2 59.246-157-192.rdns.scalabledns.com; United States (US)

Hourly breakdown (blocks per hour)
00 x1
01 x1
02
03 x2
04
05
06
07
08
09
10 x1
11 x1
12
13 x2
14 x1
15
16
17
18
19 x1
20
21
22
23

Generated 2013-11-25 00:04:11 for machine *****.*****.*** by Syspeace v2.3.7.0

Windows server intrusion prevention for hosting providers and cloud service providers with Syspeace

Syspeace - intrusion prevention for Windows servers
Syspeace website

Moving to the cloud or a service provider

The more users and companies start using any kind of external hosted environment, whether it is a cloud serviced VPS, a hosted Exchange, SQL Server or Terminal Server or just a co-located server, the more responsibility will fall upon the service provider to ensure their customers data is protected from unwanted logins and have adequate reporting mechanisms in place.

A service provider will have firewalls in place. They will have monitoring of bandwidth, resource usage, hardware monitoring and probably some antivirus solution but one area that most service provider tend to ignore is intrusion detection on the host level.

PLease refer to this earlier blog post on why the standard methods are NOT adequate for maintain a secure environment, regardless of your a service provider or you host and manage your own servers http://syspeace.wordpress.com/2013/07/11/using-various-brute-force-and-dictionary-attack-prevention-methods-to-prevent-hackers-and-why-they-dont-work-repost/
.

Verify your providers security awareness

I personally encourage any users / companies having their server hosted elsewhere to actually verify how the service provider handles intrusion attempts.

Try using your login name but the wrong password and simply try to login multiple times to for instance the Exchange OWA Webmail or your Terminal Server / Remote Destop / RemoteAPP Server / Sharepoint / Citrix.

What will happen ? Will you be blocked out and automatically handled as an intruder? Is your account locked out ? Are you alerted in any way by your provider that someone has tried to access your account ? If not, you should ask your provider hos this is possible? Isn’t that one of the ideas of having someone else handling your data and security that they also act upon it and have mechanisms in place for it ? Can they provide you with information on for instance from where your account has been logged in for the last 6 months?

Another interesting side of having your servers handled by others is the reporting capabilities.

When you had your servers in-house, you could verify user logins locally (assuming you’ve enabled auditing for it) but once you’ve handed over control of the WIndows server itself or if you’re in a shared environment, this can become quite tricky to get hold of.

Say for instance you want to verify if a specific user has been logged in and actually worked during July and August ? You also want to know from where? Can your service provider get you this information easily? In some cases, probably yes, not easily but with some manual labor and an extra cost for you, they can get parts of the informtion for you.

Are there any statistics provided by your provider on how many intrusion attempts that are actually blocked by them ? Probably not since this could scare customers away if they don’t have the appropriate solutions in place for securing their customers.

Cloud services and moving your servers to hosting providers and managed services are a great way of cutting costs and getting the benefits of shared environments but you should also demand that intrusion detection is in place, that reporting can be easily arranged from the cloud provider or service provider before even considering using external services. The idea is to get a heightened security , not a lowered one.

If you’re talking to a provider, simply ask them if they’ve thought of these questions and if they have, what countermeasures d they use and what processes do they have in place for intrusion attacks?

If they’re not aware of the problems or even worse, ignore them, maybe you should consider talking to another provider or have them take a look at Syspeace.

I personally believe that using Syspeace will become an advantage for any cloud service provider, hosting provider or outsourcing provider and it will cut administrative costs, strengthen security and be a selling pitch for customers that your using Syspeace to protect your customers from intrusion attemts and dictionary attacks.

Syspeace is not specifically targeted for Cloud providers but should be installed on any Windows based server as part of the baseline security, regardless if it’s a physical server or a virtual server.

By Juha Jurvanen – JufCorp