Block brute force
One can either enable or disable this feature.
The tresholds are set for 1-5 pitches.
>=3 attempts - blocked for 5 minutes
>=10 attempts - blocked for 30 minutes
>=20 attempts - blocked for 2 hours
>=30 attempts - blocked for 1 week
>=40 attempts - blocked for 1 month
This should be possible for all users and if possible for ftp/website access as well (additional to rdp/computer configurable for each intranet site?)
Michael Hommon commented
Make it possible to unlock again an IP too, in case there was a configuration Error.
they never done rigth
German Ruiz commented
The intrusion prevention system is very good. However blocking ip after a number of attempts would be very helpful. Currently I have to manually block ip so thousands of connections are not permanently hitting on our servers.
I give a 3 votes
brute force detection. for ftp http telnet rdp smtp sip.
create a Blacklist and honeypots to have more shield against attacker
and have a report of all data...