Micro Focus GroupWise: GWIA Intruder Detect and Defeat while not blocking legitimate user

Currently GWIA's (and supporting infrastructure) intruder detection is an all or nothing, where if an intruder tries to brute force attempt to log in, the legitimate user gets blocked.
We need a method within GWIA to block only the intruder attempts while letting the user still use the system.
A current work around is https://www.novell.com/communities/coolsolutions/block-gwia-intruders-firewall-lockout-users/ but this would work much better if it was built in to GWIA to handle directly without waiting for the attack to show in the logs.

by: Andy K. | over a year ago | Agents

I would also like to see the IP Address get blocked if it has too many invalid attempts, and also some administrator configurable list of blocked IP Addresses.

by: Dawn D. | over a year ago
There is already a IP blocklist in GWIA, which is written out to blocked.txt:
https://www.novell.com/documentation/groupwise2014r2/gw2014_guide_admin/data/adm_gwia_internet_access.html

But something like denyhosts or fail2ban where IPs are blocked after too many failed attempts.

by: Marc C. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

15

GWIA Intruder Detect and Defeat while not blocking legitimate user

Comments