Server Cloak is an Intrusion Prevention System that works with windows firewall developed to protect windows servers from attacks that are intended to hack the server or provide any operational damage.
By keeping eye on event logs in windows event viewer and sniffing system's network activities Server Cloak capture and log any failed/denied inbound calls from IPv4 as well as IPv6.
Once the calls reaches its limit, the service immediately tells windows firewall to block the attacking IP by adding a denial inbound firewall rule.
Server Cloak verifies and keep windows firewall enabled all the times. With having intrusion detection and prevention system enabled and firewall defense system for windows Server Cloak protects the following windows features
- Active Directory
- Mail Server
- Microsoft Sql Server
- File Transfer Protocol
- Remote Desktop Protocol - ServerCloak capture the IP address even when Event ID 4625 is missing source IP
- File Maker
- Windows Security
- Routing and Remote Access
- Windows Firewall if firewall got disabled, Server Cloak re-enables it within minutes
Supported Operating Systems
Windows 7 or later. Developed and tested on Windows 8.1
Windows Server 2008 R2 or later. Tested and deployed on Windows Server 2008 R2 & Windows Server 2012 R2 based production servers
Note : Windows Server 2008 is based on Windows Vista so Server Cloak is not compatible with Windows Server 2008 (non-R2 version), whereas it is fortunate that Windows Server 2008 R2 is based on Windows 7, I've tried and tested Server Cloak on Windows 2008 R2 and is fully compatible.
Microsoft .Net Framework 4.5, Latest version available here
1Ghz higher multi-core CPU, Intel Dual Core or better
Windows firewall must be enabled, If not enabled Server Cloak will try to enable windows firewall automatically.
Previous version is available on github.