Hello, we have a few servers where the security logs shows repeated brute force login attempts via RDP... shouldn't the IPS block these kind of "attacks" by default?
An IPS can't detect password guessing -- a guess looks like a legitimate login attempt. Detecting a brute force attempt against a RDP server (which, IMHO, should not have the RDP port directly exposed to the internet anyway) would require a plugin or log monitoring of the servers involved.
You may also want to look at implementing certificates for security on your RDP server(s), if the version of OS on the servers is new enough to support it.
An IPS can't detect password guessing -- a guess looks like a legitimate login attempt. Detecting a brute force attempt against a RDP server (which, IMHO, should not have the RDP port directly exposed to the internet anyway) would require a plugin or log monitoring of the servers involved.
You may also want to look at implementing certificates for security on your RDP server(s), if the version of OS on the servers is new enough to support it.
