Battle of the Week - Failed Login Attempts

The Battleground:    

Infrastructure of a rural county that has the public works offices such as police department, library, and fire department which are all interconnected. 

The Presumption:  

A brute force from a malicious IP should be stopped by the firewall and accounts should lockout after a set limit of failed attempts. 

The Discovery:  

The customer had a multitude of login attempts causing brute force alarms to show in our system. The attempts were all from the same internal IP and were all failing on a Microsoft Exchange Server. 

Our Solution:

The cause of the large amount of the failed logons was due to a misconfiguration from the following two things: 

  • Cisco Jabber settings were not set correctly to access the calendar or voicemails 

  • Outlook cache setting 

Lessons Learned:  

A large number of failed logons may not always be malicious and could be a result of a misconfiguration on the network.  Always set up login limits on accounts to prevent bandwidth from being wasted and to help prevent brute force attacks. 

Let InfusionPoints assist you with your CyberSecurity needs today!

Contact Us