Internet crime has evolved to a full blown cyber-war, using internet servers as virtual soldiers to take down critical network infrastructures, or to steal information. While most security products focus on backdoors and security holes, hackers “go in” like normal users. The reason is obvious: It’s simple, and many systems are not protected adequately.
System auditing is essential, and log file inspection on systems which provide access to users from the internet should be done on a daily basis. Looking for unsuccessful logins on services can provide essential information for security administrators to refine their firewall rules to lock out suspicious IP addresses on the firewall level.
These tasks can also be automated, using Cyberarms Intrusion Detection and Defense System (IDDS) for Windows. IDDS monitors the Windows security log as well as specific network protocols like SMTP, FTP, and TLS/SSL used by Remote Desktop, for unsuccessful logins. The software can be configured with threshold values for unsuccessful logins to close doors immediately when a brute force or dictionary attack is detected.
With a focus on simplicity and easiness, IDDS became an integral part of the security strategy for a growing number of administrators worldwide and is used by small business as well as by enterprises. Cyberarms focusses on re-use of standard Windows components like the security event log and the Windows Filtering Platform, introduced with the Windows Server 2008 family.