Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

TSA and TZ600 can it block dictionary attacks on a Terminal Sever?

Charles_BCharles_B Newbie ✭
in Entry Level Firewalls

I am researching adding the Terminal Server Agent (TSA) on a Terminal Server that is behind out TZ600.

The open terminal server port is hit by dictionary attacks daily. I am new to firewall theory so my beginner question is will adding the TSA to the terminal server lockout the random IP sources the hacker is using for the dictionary attack?

We have already implemented the GEO block for any source IP outside of the USA so the attacker switched to stateside IP's and continues to attempt to access the terminal server.

Category: Entry Level Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    AjishlalAjishlal Community Legend ✭✭✭✭✭
    Answer ✓

    Hi @Charles_B

    I would seriously suggest you to consider setting up a SSLVPN if you need to remote into using RDP/TSA. Allowing any traffic initiating from the outside of your network, especially from the internet, is never, ever a good idea.

    A SSLVPN will in effect provide you with a connection that is "inside" of your environment and can be easily monitored.

    As well as recommended the SonicWALL NGAV for the end points for the behavior analysis & prevent known and unknown threats.

    The below article will help you to protect the firewall and the network behind it from brute-force / dictionary attacks.

    https://www.sonicwall.com/support/knowledge-base/can-sonicwall-firewalls-prevent-brute-force-attacks/171006033550997/


  • CORRECT ANSWER
    MicahMicah SonicWall Employee
    Answer ✓

    Hello @Charles_B,

    I hope you are well.

    Did this reply answer your question? If so, please mark the appropriate response so that others may benefit.

    Kind Regards,

    @micah - SonicWall's Self-Service Sr. Manager

Sign In or Register to comment.