Jump to content

Eset RDP Brute Force Protection?

itman

By itman
in General Discussion

 Share

Recommended Posts

itman

itman 1,659

Posted
Posted

As far as I am aware of, Eset has no protection against it.

On the other hand, Kaspersky's IDS has included it since 2014 on all product lines where IDS is included: https://www.kaspersky.com/blog/a-multiheaded-battering-ram-rdp-bruteforce-attacks-on-the-rise/14971/

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted

It would be much useful to know that the RDP is being brute-forced , and much more if the attempts would be blocked till the user apply any kind of other prevention like firewall or changing password or account lock-out.

Link to comment
Share on other sites
  • Most Valued Members
peteyt

peteyt 393

Posted
  • Most Valued Members
Posted
7 hours ago, Marcos said:

EIS+ESSP as well as business products v7+ protect from brute-force attacks by Network protection.

Does this include RDP?

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted
10 minutes ago, Marcos said:

Yes, it also covers SQL and SMB brute-force attacks.

Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
10 minutes ago, Rami said:

Does that apply also to File Security ? , and it would be very nice addition the advanced machine learning settings for File Security , because too much files would just come through the servers.

Yes, EFSW v7.x has it as well.

Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted
2 minutes ago, Marcos said:

Yes, EFSW v7.x has it as well.

Ok thank you very much , I will just wait for the advanced machine learning settings that came to the endpoints and consumer products , it would be much useful for 0-day threats or never seen before threats.

Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted
9 hours ago, Marcos said:

EIS+ESSP as well as business products v7+ protect from brute-force attacks by Network protection.

I was aware that a RDP setting existed in Eset IDS. However per Eset online help, it only covers:

Quote

Protocol RDP –  Detects and blocks various CVEs in the RDP protocol (see above).

https://help.eset.com/eis/13/en-US/idh_config_epfw_advanced_settings.html

As far as I am aware of, CVE's only pertain to known hardware/software vulnerabilities. A brute force RDP attack does not fall into this category to my best knowledge.

Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted

Maybe the way to proceed is to verify Eset's RDP brute force password protection. For anyone using RDP, here is an article listing a number of RDP brute force attack tools that are readily available for penetration testing: https://resources.infosecinstitute.com/popular-tools-for-brute-force-attacks/

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...