Hi everybody,
As we all know, if you have a normal firewall that allows certain traffic through to a public server then the firewall doesn't provide any protection for the server on those ports. For example, it doesn't realise that the same external IP address has been hammering away at the server for the past 3 hours trying to guess a valid username and password combination.
Does anyone know of a product that can add extra functionaility to a firewall, or even replace the firewall, so that attacks like this can be automatically caught and the traffic blocked? A cisco engineer I know said that an IPS system is unlikely to be able to pick up this behaviour as suspicious, is he right?
We have a basic budget of 5000 Euros to replace or augment our firewall, specifically to mitigate brute force attacks like this. Current firewall is a Cisco PIX 515E. I was thinking of maybe a Cisco ASA5510 with some add-on module or other, but if it won't help,...
Any help is most appreciated.