topic Can i prevent windows login bruteforce through palo alto? in General Topics

Can i prevent windows login bruteforce through palo alto?

AhmedSheta — Wed, 19 Oct 2016 06:20:32 GMT

Hello all,

is palo alto is capable of detecting password bruteforce attempts on windows login, for example, if a user put the password wrong many times while he was trying to login to a machie inside a company, is palo alto capable of detecting this kind of activity, i am not talking about HTTP or SMB bruteforce, i am talking about kerberos authentication bruteforce,

Regards,

Re: Can i prevent windows login bruteforce through palo alto?

santonic — Wed, 19 Oct 2016 06:02:24 GMT

If the brute force attempt was made over network (RDP) and traffic passed through firewall, then yes.

Re: Can i prevent windows login bruteforce through palo alto?

AhmedSheta — Wed, 19 Oct 2016 06:10:58 GMT

no , its not through RDP, it's like someone sitting in my place, and he is trying to guess my password to access the machine, if yes how can i prevent this?

Re: Can i prevent windows login bruteforce through palo alto?

santonic — Wed, 19 Oct 2016 06:14:29 GMT

In that case you can only use FW appliance to smack him on his/her head 🙂

Which is also another pro of appliance compared with virtual machine.

Re: Can i prevent windows login bruteforce through palo alto?

BPry — Wed, 19 Oct 2016 17:02:22 GMT

@AhmedSheta since the Palo Alto doesn't actually see any traffic from local logins; or even for interzone RDP traffic depending on your network setup, this isn't possible. You could setup the alerts through event triggers in group policy and task scheduler but as far as the firewall goes it isn't going to help you much.

Re: Can i prevent windows login bruteforce through palo alto?

pulukas — Sat, 22 Oct 2016 13:46:48 GMT

For these types of use cases you set the windows AD to automatically lock the accounts on a number of bad passwords to prevent the brute force attacks.