I administer a Windows Small Business Server 2003 R2 server for a small business. The only ports that this server has exposed to the internet are SSL and the RDP tunnelling port used by the SBS remote web workplace feature.
I've noticed in the security event log that there are times where there are a bunch of login failure events - which looks like someone hammering the server with various username/password combinations. Since SSL is the only port where one can do a login, I'm guessing they are hammering away at either SBS remote web workplace, Exchange OWA or Exchange Activesync.
We currently have just a linksys router (with aftermarket firmware), so I was thinking of getting a business grade firewall / UTM appliance - specifically a Sonicwall TZ 100. However, its my understanding that most UTM's can't secure HTTPS traffic, so I'm not sure if it would help in this case?
Is there something out there that can detect a string of login attempts all coming from the same IP and then block it?
Thanks
