Medic Lv1Posted 27 Mar 2024 00:05
  
My suggestion is that you can run the Intrusion Prevention System (IPS) feature in NGAF. This will protect your server from attackers.
jerome_itable Lv3Posted 27 Mar 2024 08:18
  
The most effective Sangfor NGAF function to protect internal hosts from SSH and RDP brute-force attacks is:

4. IPS (Intrusion Prevention System)

Here's why IPS is the best choice for this scenario:

    Brute-force attack detection: IPS is designed to monitor network traffic for malicious activity, including brute-force login attempts. It can identify patterns of repeated failed login attempts from a single source, which is a hallmark of brute-force attacks.

    Blocking malicious traffic: Once IPS detects a brute-force attack, it can take action to block the attacker's IP address or throttle login attempts after a certain number of failures. This significantly reduces the risk of successful unauthorized access.

    Real-time protection: IPS operates in real-time, constantly analyzing network traffic for threats. This ensures immediate response to ongoing brute-force attacks.

While the other options you mentioned offer valuable security features, they are not directly suited for this specific task:

    APT Detection: APT (Advanced Persistent Threat) detection focuses on identifying sophisticated, targeted attacks, which may not involve brute-force methods.

    RT Vulnerability Scanner: This function identifies vulnerabilities in systems and applications, but it doesn't actively block attacks that exploit those vulnerabilities.

    Web App Protection: This feature is designed to secure web applications from attacks, not SSH or RDP services typically used for remote server access.

By implementing Sangfor NGAF's IPS and configuring it with appropriate rules for SSH and RDP traffic, you can significantly strengthen your defenses against brute-force attacks and protect your internal hosts.
Farina Ahmed Lv5Posted 28 Mar 2024 13:40
  
To protect internal hosts from SSH and RDP brute force attacks, the feature of Intrusion Prevention System (IPS) in (NGAF) would be the most suitable. IPS monitors network traffic for malicious activity and can detect and block brute force attacks targeting SSH and RDP protocols by analyzing patterns and behaviors associated with such attacks in real-time. This proactive approach helps prevent unauthorized access attempts and strengthens the security posture of internal hosts against brute force attacks...

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders