#infosec Syspeace support for #FTP on #IIS and #Filezilla in beta

Syspeace website

This is just a short newsflash that the Syspeace devteam has been working on adding detectors for #Microsoft #IIS FTP server and for #Filezilla FTP server.

Using the Syspeace engine to prevent bruteforce attacks against #windowsserver #msexhange #Sharepoint #remotedesktop #Citrix has proven to be highly efficient and the need for more detectors grows steadily the more users we get.

We’ve blocked,tracked and reported over 3 Million #bruteforce and #dictionary attacks against Windows Servers worldwide so far.

We have a constant dialogue with Syspeace users over mail or Uservoice to see what new detectors our users need and one of the most frequently asked for is FTP support.

If you have ideas for new features or detectors, please join us at Uservoice or drop us an email.

We’ve already publically released the Syspeace API to enable you to write your own webapplication detectors and have Syspeace handle bruteforce attacks for you.
For more information on how to do this, please refer to the Syspeace Detector API page .

#infosec Next #Syspeace release closing in with new features and more protection


We’re happy to announce that the next version of bruteforce prevention software for #windowsserver #msexhange #Sharepoint #remotedesktop #Citrix #SQLServer , Syspeace , is closing in and already running in select live environments.

One of the major new features is the support for external #detectors.

In short, you can integrate and protect for instance a #webapplication that’s not already protected by #Syspeace by default (Syspeace already protects any webapplication using the winlogon process and Windows Authentication mechanisms such as Exchange OWA, Terminal Server / RD Server rdweb login, Sharepoint and more ) with an API to have #Syspeace handle the bruteforce prevention for it.
Documentation on how to use Syspeace with your application will be released at the same time the next version is publically available.

Another new feature is the ability to export most of the settings from one #Syspeace installation to another.

We really look forward to this next step in the evolution of Syspeace and widening our range of functions, services and applications we are able to protect from unwanted bruteforce and dictionary attacks.

By Juha Jurvanen – Senior IT Consultant @ JufCorp

Would #Syspeace help against #Heartbleed #OpenSSL bug ?

In short, no.

Syspeace monitors failed logins on  #msexchange #WinServ #sharepoint #remotedesktop #Citrix and evaluates if it is a bruteforce attack against the system or not. Syspeace has blocked over 2.6 Million bruteforce attacks against #windowsserver around the world so far.

However, if an attacker has gained access to passwords and usernames he or she will use those and be able to log in. From the systems point of view it is a fully legitimate login thus not awakening #Syspeace.

The nearest days, #sysadmins around the world will be upgrading their systems to the secured OpenSSL but for you as an enduser it is highly recommended to change all of your passwords .
Remember to use strong passwords and never use the same password on different sites.

Here’s a blogpost that might be of use for you to remember complex online passwords.

By Juha Jurvanen @ JufCorp

#infosec More than 2.6 Million bruteforce attacks blocked on #msexchange #WinServ #sharepoint #remotedesktop with #Syspeace

So far we’ve helped avert over 2.6 Million bruteforce attacks against Windows Servers ranging from 2003 to 2012 R2 around the world.

Syspeace protects Microsoft Exchange including the webmail OWA, Terminal Server / Remote Desktop Services incliding RDWeb, Sharepoint, Citrix, SQL Server and more by montoring the Windows Server eventlog for failed login attempts.

Syspeace trial is a free, fully functional 30 day trial to have your or your customers servers protected from brute force hacking.

#infosec Securing your #WinServ and #MSExchange with an acceptable baseline security

Securing your Windows Server with a baseline security

In short, to have an acceptable baseline security for any Windows server you need to think all of the things below in this list.
Sadly enough, even if you follow all of these steps, you’re still not secured forever and ever. There’s no such thing as absolute security. That’s just the way it is but you might use this as some kind of checklist and also the links provided in this post.

Syspeace logo
Syspeace logo

Securing Windows Serves with an acceptable baseline security

1. Make sure all of your software is updated with all security patches. This includes the Windows operating system but also Adobe, Java,Office and any software really. This reduces the risk for so called 0day attacks or your server being compromised by software bugs.

2. Make sure you have a good and not too resource intensive antivirus running on everything. Personally I’m a fan of F Secure PSB for servers and workstations for lots of reasons. It’s not just a pretty logo.

3. Verify you have thought your file and directory access structure and that users and groups are only allowed to use and see what they’re supposed to. Setting file permissions is a very powerful tool to secure your server and crucial.

4. Always make sure to read best practices for securing applications and servers and Google for other ideas also. No manual is the entire gospel.

5. Enable logging. If you don’t know what’s happeing, you can’t really react to it can you ? It also makes any troubleshooting hopeless in restrospect.

7. Have a good monitoring and inventory system in place such as the free SpiceWorks at http://www.spiceworks.com

8. If your server has any monitoring agents from the manufacturer such as HP Server Agents, then install them and set them up with notifications for any hardware events to be prepared.

9. User Group Policies. It’s an extermely powerful tool once you start using it and it will make you day to day operations much easier.

10. If your server is reachable from the Internet, use valifd SSL certificates. They’re not that expensive and any communications should be encrypted and secured as fa as we’re able. Yes, think Mr. Snowden.Think NSA.

11. Disable any unused services and network protocols. They can be a point of entry and for the unused network protocols, you bascially fill your local network with useless chatter that comsume bandwidth. This also goes for workstations and printers and so on.

12. Enforce complex password policies! You won’t be well-liked but that’s not what you get paid for.
If people are having trouble remembering passwords the have all over the world, maybe you could have thme read this
http://jufflan.wordpress.com/2012/11/03/remembering-complex-online-passwords/ and on the topic of online passwords and identities also, http://jufflan.wordpress.com/2012/11/03/reflections-on-theft-and-protection-of-online-identity-on-the-internet-who-are-you/

13. Use a good naming standard for user logins. Not just their first name as login or something too obvious. Here’s an old blog post on why http://syspeace.wordpress.com/2012/10/21/securing-your-webmailowa-on-microsoft-exchange-and-a-few-other-tips/

14. Backups! Backups! and again. BACKUPS!!
Make sure you have good backups (and test them at least once a year for a complete disaster revovery scenario) and make sure you have multiple generations of them in case any of them is corrupted, preferrably stored offsite in some manner in case of a fire, theft or anything really.
For day to day operations and generation management I highly recommend using the builtin VSS snapshot method but never ever have it instead of backups.
You can also use the built in Windows Server backup for DR as described here http://jufflan.wordpress.com/2013/07/15/using-windows-server-backup-20082008-r2-for-a-disaster-recovery-from-a-network-share/

15. You need to have an automatic intrusion protection against brute force and dictionary attacks with Syspeace since the ”classic” methods do not get the job done. Here’s an older blog post on why http://syspeace.wordpress.com/2013/07/11/using-various-brute-force-and-dictionary-attack-prevention-methods-to-prevent-hackers-and-why-they-dont-work-repost/ . I you don’t have the time to read the article then simply download the free Syspeace trial, install it and you’ve set up a pwerful and easy to use bruteforce prtection for your server in minutes.

If you’re up for it, I’ve written a few other related posts here:


By Juha Jurvanen @ JufCorp