IIS Web Login Protection
Many of the Web Servers use built-in IIS Authentication methods to limit access
to some parts of the website like admin panels and customer areas.
The most commonly used authentication methods are Basic, Digest and NTLM.
Being widely used, these authentication methods are subject to brute-force attacks on a regular basis.
Everyone is able to download freely available brute-force tools and start abusing your server
and flooding the logs with thousands of failed login attempts like below:
Failed IIS login attempts in the Security event log
Luckily these login attempts are logged in the Security event log and RdpGuard
is able to detect and block these brute-force attempts even if they come over SSL/TLS.
To Enable IIS Web Login Protection
IIS Web Login Protection is completely covered by RDP Protection. IIS authentication methods
generate the same 4625 events in Security event log as the RDP ones.
In order to enable brute-force protection for IIS authentication methods, please enable RDP protection as described in this tutorial.