IP Warden is a host intrusion prevention tool that monitors the Windows Event logs for unsuccessful login attempts from any given source IP. IP Warden firstly watches the Windows Event Logs for authentication logs and identifies unauthenticated attempts. It then blocks the IP address from which the attempt originated, preventing any further attempts.
IP Warden is an essential tool for businesses, which integrates into the Windows firewall. By blocking IP addresses with failed authentication attempts through the Windows Firewall, IP Warden helps prevent data breaches and safeguards businesses.
In addition, IP Warden can be configured to send notifications whenever an IP address is blocked.
After your specified number of login attempts is exceeded, the offending source IP is added to a custom IP Warden firewall rule within the Windows firewall. This allows any further activity from the offending IP to be blocked on the Windows Firewall level to the server.
IP Warden can monitor Remote Desktop, IIS, SMB (File and Printer Sharing) and MSSQL.
Features
DYNAMIC IP BLOCKING
IP addresses are a vital part of the internet. However, IP addresses can also be used to launch attacks against websites and online services. This technology prevents the originating IP address from submitting requests after a specified number of failed login attempts using incorrect usernames or passwords. As a result, dynamic IP blocking can help to thwart malicious activity and keep data safe.
CUSTOMISE MONITORED PORTS
Allocate which ports are being used. To customise monitored ports and allocate which ports are being used by your server services and monitored with IP warden, businesses can identify which ports are most attacked by offenders. By taking this approach, businesses can ensure that they have the knowledge and visibility necessary to protect their operations from potential threats.
MANUAL IP BLOCKING
IP Warden can help you quickly manually block IP addresses with our IP blocking feature. Simply add the IP addresses you want to be blocked in the IP Warden interface, and our system will automatically block all traffic from those IP addresses.
BLOCK ACCORDING TO ACCESS TYPE
IP Warden allows the blocking of specific service types such as RDP, IIS, MS SQL and SMB. Blocks the selected type of traffic according to an access type. IP address blocking can be used to restrict access.
MAX IP BLOCKS THRESHOLD
You can set the maximum number of IP addresses blocked on a server. To do this, simply navigate to the “Block Settings” section of your server’s control panel and enter the desired number into the “Max IPs” field. Once you have saved your changes, all new attempts to access your server from an IP address that is already blocked will be automatically rejected.
SMTP NOTIFICATIONS
Do you need to be notified by email when an IP address is blocked? Our system will send you an email notification whenever an IP address is blocked. This way, you can stay on top of any potential issues and take action accordingly. There’s no need to worry about keeping track of IP addresses yourself – we’ll do it for you.
LAST LOGIN USERNAME
The last logon is a server security feature that displays the previous username used to attempt to gain access to the server. This information can help determine if unauthorised access has been tried and can help track down the source of the intrusion. In addition, the last logon can also help to identify user accounts that are no longer in use, which can be disabled or deleted to free up resources.
WHITELISTING BASED ON DNS NAME OR IP ADDRESS
Whitelist DNS names and IP addresses so that they are never blocked. Whitelisting creates explicit firewall rules to block all IP addresses and only allows specific IP or DNS addresses should you wish to do so. IP Warden does continuous DNS lookups to ensure that firewall rules are updated even if DNS record IP addresses change. This means that you can even whitelist Dynamic DNS addresses.
PERMANENT / TEMPORARY BAN TIMES
Set if you want to permanently block IP’s, or if you allow a timeout and allow offending IP’s to connect again after a timeout is reached. A perma-ban never expires.
HOSTNAME LOOKUPS
This Hostname Lookup tool, often referred to as hostname lookup, looks up the Hostname of the blocked IP Address—a simple yet very effective tool for getting the hostname information you need.
Partner with us
sales@avertitd.com
support@avertitd.com
Johannesburg
+27 (0) 10 007 4430
Cape Town
+27 (0) 21 007 2655
© Copyright 2022. All Rights Reserved