TS_Block
-
A Nice script we started using in addtional to our firewalls nice thing is we scripted it to be able to add to our palto alto and not just the windows box and even email us when it blocks it and what IP. : https://github.com/EvanAnderson/ts_block
-
For a while we were using the free version of Cyberarms. They recently changed their model and now offer their full product for free. It covers more than RDP which is nice. Great for OWA and other exposed Windows services.
-
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
-
For a while we were using the free version of Cyberarms. They recently changed their model and now offer their full product for free. It covers more than RDP which is nice. Great for OWA and other exposed Windows services.
It doesn't seem to do as much as the VB script. with that you can set it so with certian accounts are used they are instantly ban. for us we modified the script to make it so any user not a member of certain groups results in an instant ban.
-
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
RDPGuard is the one a lot of people use, but a non-admin can even modify that one.. and I like scripts.
-
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
RDPGuard is the one a lot of people use, but a non-admin can even modify that one.. and I like scripts.
Can the script monitor a webpage such as OWA or RDWEB?
-
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
@Mike-Davis set it up for some RDS servers.
-
@scottalanmiller said in TS_Block:
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
@Mike-Davis set it up for some RDS servers.
Right, but I want to protect OWA also.
-
@JaredBusch said in TS_Block:
@scottalanmiller said in TS_Block:
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
@Mike-Davis set it up for some RDS servers.
Right, but I want to protect OWA also.
Not sure which tool does that.
-
@scottalanmiller said in TS_Block:
@JaredBusch said in TS_Block:
@scottalanmiller said in TS_Block:
@JaredBusch said in TS_Block:
There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.
@Mike-Davis set it up for some RDS servers.
Right, but I want to protect OWA also.
Not sure which tool does that.
RDPGuard says it does. But I do not want to buy it if a scripted solution works.
-
RDPGuard Pricing.
Price is per computer.
So for me to protect RDS and OWA I will need two.
-
The script uses logon auditing. I'm not sure if owa makes an event log for failed audits but if it does it will work. There is another script that is suppose to work for other stuff. I'll have to find it again.
-
RDPGuard has as free 30 day trial. As easy as it is to install, I would test it to see if it works.
I guess it depends what your time is worth if you want to try to script something.
-
@Mike-Davis said in TS_Block:
I guess it depends what your time is worth if you want to try to script something.
Scripting isn't about trying to save money. Doing the script cost way more in time than what that thing costs. Scripts are way more flexible than a program. You can add more variables and even pass off arguments to other systems.
-
@Mike-Davis said in TS_Block:
I guess it depends what your time is worth if you want to try to script something.
Scripting isn't about trying to save money. Doing the script cost way more in time than what that thing costs. Scripts are way more flexible than a program. You can add more variables and even pass off arguments to other systems.
Also a script, once completed, can be replicated for no additional outlay of time beyond deployment. So it can scale to every Windows device needed in this case.
