Remote Desktop Protocol (RDP) are a fast-increasing attack vector to enterprise networks, due to the fact that corona made employees move their workstations from their offices to their home, which decreased the security normally implemented. Windows uses Remote Desktop Protocol (RPD) for remote connection to a server, as when employees are working from different locations, […]
Technology means endless opportunities, but also endless headaches. Scripting, machine learning, AIs and easier access to more advanced systems does not mean your every-day becomes easier – it also means that the every-day of the malicious hacker becomes easier. It is said that internet users have to keep track of about 190 passwords and PINs. […]
Syspeace’s way of detecting Windows logon failures is based on using the audit events produced by Windows. This is reliable and non-invasive, but in some cases, there are oddities. When a login succeeds or fails during Remote Desktop/Terminal Services authentication, the event is logged, but there is no reference to the IP address of the […]
Update to Syspeace 2.7.0! We highly recommend it. Why? It introduces improved support for detecting RDP login failures where the IP addresses are missing in the event log entries. For details, see the separate post A comprehensive approach to detecting RDP login failures. It includes a setting to mitigate repetitive “success” login entries on file […]