ISSUE:

Brute force attack on a PC as reported by Rapid 7,

BACKGROUND:

Rapid 7 is a managed security service provider outsourced by Kemin to provide security incident detection and response services for the company. A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations' systems and networks.

SOLUTION:

1. Open Windows Firewall with Advanced Security by running wf.msc. to block the bad actor's IP address.

2. On the left, select Inbound Rules, then under the Action menu, choose New Rule.

3. On the Rule Type page, choose Custom.

4. On Program, choose "All programs."

5. On Protocol and Ports, leave the default of Any.

6. On Scope, select "These IP addresses" in the remote addresses section and add the problematic IP address in the Add dialog. (Add the IP address reported by Rapid 7).

7. On Action, choose "Block the connection."

8. On Profile, leave the defaults of everything checked.

9. Finally, on Name, give the rule a name and optionally a description.