PSLogonFailures is a PowerShell script to help mitigate brute force attacks against remote desktop servers, both those published to the public Internet and those on your internal network. This script was developed in collaboration with my long-time friend @zandeez. You can find the script on GitHub along with the relevant documentation.
Working in IT, predominantly with Microsoft Windows systems, I noticed a lot brute force attempts trying to login to servers via remote desktop protocol (RDP). RDP is great for managing Windows servers and workstations but also opens the system up to attack and potential abuse. On Linux we have tools like Fail2Ban to help protect against brute force attacks but I couldn't find something free at the time I initially released this script. After I started implementing this script at customer sites the number of failed logon attempts (typically overnight) would drop to less than 10% of the pre-implementation value.
Why not just use product X?
Since I and Andee wrote
PSLogonFailures I've seen a number of similar solutions become available, so this is a natural question. I'd suggest
PSLogonFailures has the following benefits:
- You can review the code, so you know what it's doing
- It's free
- You can modify
PSLogonFailuresto meet your needs (pull requests and contributions welcomed)