#infosec Do bruteforce attacks really exist ?

The other day I sat down and just looked at various statistics on how the visitors ended up here in terms of referrers and keyword searches and one of the terms was ”do bruteforce attacks really exist ?”.

This made me smile.

Syspeace has so far blocked over 2.77 Million bruteforce attacks against #windowsserver #msexhange #Sharepoint #remotedesktop #Citrix and #SQLServer worldwide so I dare say they really do exist and they’re very common.

We’ve also published a 30 day list of the most commonly attacked and attacking countries as reported by Syspeace installations around the world. It might be interesting read for you and it can be found here, Syspeace worldwide security staus center.

One of the features of Syspeace is for instance the Syspeace Global Blacklist that is distributed automatically to all Syspeace installations.
If an attacker has been deemed to have attacked X number of different Syspeace customers and Y number of times, it will be automatically put in the GBL and distributed to all other Syspeace installations, making them preemtively blocking the attacking IP address from ANY communicating with their servers that have Syspeace installed.

Any #Cloud service provider or any #outsourcing or #service provider or also any IT techs at a company knows there are hundreds and thousands of intrusion attacks every month but historically these attacks, also called dictionar attacks , have been very hard to deal with so in essence, they’ve given up. Some providers or companies actually don’t even bother turning on logging on the servers, simply turning a blind eye to the actual problem. From an operational point of view, security point of view and from the customers point of view this is of course not acceptable.

There are some previous posts on why it’s been so difficult on this blog for instance this one, Why firewalls, vpns, account lockout policies  and other bruteforce prevention methods aren’t enough.

After we launched Syspeace , service providers, Cloud providers and companies have been given a new, cost efficient, easy to set up and easy to use countermeasure against hacking attempts.

No need to change your infrastructure, hire costly consultants and launch a big, costly project.
Simply download Syspeace trial , install it in a minute and your #remotedesktop #msexhange #Sharepoint #windowsserver is protected.
It couldn’t be easier and frankly, it should be the part of any #Windowsserver Baseline security just as you’ve got antivirus, backups, patch management in place.

Enable logging on your Windows server as described in the Syspeace manual and see for yourself if you’re targeted. You might be surprised.

By Juha Jurvanen – Senior IT Consultant @ JufCorp

image
Syspeace - intrusion prevention for Windows servers

#infosec Next #Syspeace release closing in with new features and more protection

image

We’re happy to announce that the next version of bruteforce prevention software for #windowsserver #msexhange #Sharepoint #remotedesktop #Citrix #SQLServer , Syspeace , is closing in and already running in select live environments.

One of the major new features is the support for external #detectors.

In short, you can integrate and protect for instance a #webapplication that’s not already protected by #Syspeace by default (Syspeace already protects any webapplication using the winlogon process and Windows Authentication mechanisms such as Exchange OWA, Terminal Server / RD Server rdweb login, Sharepoint and more ) with an API to have #Syspeace handle the bruteforce prevention for it.
Documentation on how to use Syspeace with your application will be released at the same time the next version is publically available.

Another new feature is the ability to export most of the settings from one #Syspeace installation to another.

We really look forward to this next step in the evolution of Syspeace and widening our range of functions, services and applications we are able to protect from unwanted bruteforce and dictionary attacks.

By Juha Jurvanen – Senior IT Consultant @ JufCorp

Would #Syspeace help against #Heartbleed #OpenSSL bug ?

In short, no.

Syspeace monitors failed logins on  #msexchange #WinServ #sharepoint #remotedesktop #Citrix and evaluates if it is a bruteforce attack against the system or not. Syspeace has blocked over 2.6 Million bruteforce attacks against #windowsserver around the world so far.

However, if an attacker has gained access to passwords and usernames he or she will use those and be able to log in. From the systems point of view it is a fully legitimate login thus not awakening #Syspeace.

The nearest days, #sysadmins around the world will be upgrading their systems to the secured OpenSSL but for you as an enduser it is highly recommended to change all of your passwords .
Remember to use strong passwords and never use the same password on different sites.

Here’s a blogpost that might be of use for you to remember complex online passwords.

By Juha Jurvanen @ JufCorp