TSA and TZ600 can it block dictionary attacks on a Terminal Sever?
I am researching adding the Terminal Server Agent (TSA) on a Terminal Server that is behind out TZ600.
The open terminal server port is hit by dictionary attacks daily. I am new to firewall theory so my beginner question is will adding the TSA to the terminal server lockout the random IP sources the hacker is using for the dictionary attack?
We have already implemented the GEO block for any source IP outside of the USA so the attacker switched to stateside IP's and continues to attempt to access the terminal server.
Ajishlal Community Legend ✭✭✭✭✭
I would seriously suggest you to consider setting up a SSLVPN if you need to remote into using RDP/TSA. Allowing any traffic initiating from the outside of your network, especially from the internet, is never, ever a good idea.
A SSLVPN will in effect provide you with a connection that is "inside" of your environment and can be easily monitored.
As well as recommended the SonicWALL NGAV for the end points for the behavior analysis & prevent known and unknown threats.
The below article will help you to protect the firewall and the network behind it from brute-force / dictionary attacks.1
I hope you are well.
Did this reply answer your question? If so, please mark the appropriate response so that others may benefit.