This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to beat brute force attacks on Linux server

GernotMeyer over 5 years ago

Hi,

is there any concept to avoid brute force attacks?

There is no concept for XG WAF, right?

When installing fail2ban the linux server always gets the sophos address (when inside out traffic is normally NATed.

Any possibility to go around this and block brute force?

Thanks for hints.

This thread was automatically locked due to age.

Parents

0 Keyur over 5 years ago

Hi GernotMeyer

You can create a custom IPS policy and add a required signature and apply on the firewall rule - https://docs.sophos.com/nsg/sophos-firewall/v16058/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/IpsPolicyDetailEdit.html

If you want to allow or block SSH service for firewall, you can create Local ACL rule - https://community.sophos.com/kb/en-us/132814#Local%20Service%20ACL%20Exception%20Rule
Cancel
Vote Up 0 Vote Down

Cancel
0 GernotMeyer over 5 years ago in reply to Keyur

Keyur, thanks for answer.

There are so many existing IPS policies in XG.

There is no existing one taking care of this behavour?

I am unable to determine that one (if existing).
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 5 years ago in reply to GernotMeyer

Hi GernotMeyer

You may create customer IPS policy and add signatures by searching Brute force and all those signatures.

You can edit General policy available in IPS, go to generalpolicy >> remove existing added details or you may keep it as per your requirement >> Click on Add will open a new tab >> Select "Select individual signature" and apply "Name" filter and add a string as brute force, it will list available signature for brute force, select them and click on save.

Please also check Vishal_R response in the previous thread.

Even this thread would helpful - https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/120481/fail2ban-and-waf
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Keyur over 5 years ago in reply to GernotMeyer

Hi GernotMeyer

You may create customer IPS policy and add signatures by searching Brute force and all those signatures.

You can edit General policy available in IPS, go to generalpolicy >> remove existing added details or you may keep it as per your requirement >> Click on Add will open a new tab >> Select "Select individual signature" and apply "Name" filter and add a string as brute force, it will list available signature for brute force, select them and click on save.

Please also check Vishal_R response in the previous thread.

Even this thread would helpful - https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/120481/fail2ban-and-waf
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data