Skip to content

Introduction

Note

Mideye Shield released in Mideye Server 6.5.12.

Mideye Shield provides early-stage rejection of authentication requests based on the username and/or the originating IP address.  Rules for username-based rejection of requests are configured under 'Static Filter Rules'.  Requests originating from IP addresses with a high fraud score are rejected based on a central automated service that provides real-time rating of IP addresses. The purpose of Mideye Shield is to prevent spamming of authentication logs and provide protection against DoS, brute-force, password spray and MFA fatigue attacks.

Prerequisites

To apply filtering based on usernames, some uniform characteristics of allowed usernames are required. These characteristics can be defined in 'Static Filter Rules', either as specific content (e.g. suffixes or common characters such as @ or .), or using regular expressions.

For automated IP-address-based filtering, RADIUS clients (VPN concentrators/Firewalls) must be configured to send the client IP address as Calling Station ID (attribute #31) in the RADIUS Access Requests to Mideye. The Mideye central service shield.mideye.com must be reachable on port 443, and the service must be enabled in the Mideye Server.

Note that activation of automated protection involves sharing of IP addresses and the corresponding authentication result (blocked, invalid username, invalid password, timed out) with the central Mideye Shield service. This information is used for real-time calculation of fraud scores, and the resulting scores are shared among Mideye servers participating in the service. Trusted IP addresses or subnets can be defined with Allow Rules in Static Filter Rules, and are then excluded from automated protection and are not shared with the central rating service.

Key Benefits

  • Multi-Layered Security: Combines manual and automated checks for enhanced protection.
  • Privacy Controls: Allows you to shield internal or sensitive IP addresses from external threat analysis.
  • Adaptive Threat Detection: Continuously adapts with every authentication attempt to improve fraud scoring and blocking.

By integrating these layers of security, Mideye Shield ensures that only legitimate users are granted access while proactively blocking suspicious activities. It provides both immediate protection through your custom rules and evolving protection through its intelligent dynamic assessment.