RDS and TSE are systems that have long been eagerly attacked because of the ease of attack and the availability of interesting data. A successful attack caused the destruction of files, the use of computers as another machine to attack or loss of confidence in the brand. Most corporations do not implement too advanced security and do not even care about updating their remote desktop services.

Remote connections are the most common attack


Remote desktop is a common feature in operating systems. Allows the user to log on to a remote session with a graphical user interface on the server. Microsoft refers to its implementation of Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS). It would be quite reasonable to assume that most security threats will be taken up by running an RDS server, in the past it was quite infamous, such as “Pass-the-hash” or “Encrypted” vulnerabilities. The associated port exceptions in firewalls were one of the first things we did when installing Windows. But the risk of using an RDP client does not seem so obvious.

Opponents can connect to remote systems via RDP / RDS to extend access if the service is enabled and allows access to accounts with known login credentials. Opponents are likely to use credential access techniques to obtain credentials for use in RDP. They can also use the RDP protocol in combination with the persistence availability technique.

Although there is still some risk associated with connecting to RDP servers, although there are no documentation about self-copied exploits (ie Viruses, Trojans or worms) that use remote desktop connections with updated RDP clients:

  • User activity tracking and key logging

    In fact, the RDP server can record all operations on it, including viewed sites, downloaded files, documents that the user has accessed and changed, passwords entered to access remote services via the RDP server, User session.

  •   Client infection by remote hosted files:

    Any files downloaded from an RDP-enabled server may be compromised or infected with malware. You can falsely rely on each of these files, thinking that since they were downloaded during the previous RDP session, they were not compromised or infected in the meantime while they were transferred to the RDP client and opened / executed / …

  • Man-in-the-middle attack (MITM attack):

    Similar to tracking user activity, only this time the attacker is active on the RDP server while connecting and listening for RDP client communication with the RDP server or RDP server and remote LAN / WAN, or both. In addition to checking the contents of exchanged network packets, the man-in-the middle can also change their contents. RDP session can be encrypted using TLS, effectively preventing eavesdropping, but not necessary when other connections (remote LAN or WAN) use RDP.

  •   Social engineering attacks:

    You may be a victim of a social engineering attack where an attacker gains trust by using false pretenses and introduces an RDP server address that can trust the RDP client while creating a new session, but the given address is actually an attacker. An attacker could host an RDP server at this address to write credentials for another real RDP server you are connecting to.Protect your RDS server from hackers and malware

    We have probably left many other possibilities of overusing user trust on the RDP server with which the session has been established, but the user still accepts this trust without seeing any potential danger. These four sample attack vectors show that there is a clear need to use RDS-KNIGHT to prevent brute force attacks and protect their RDS servers.

    The RDS-Knight Security solution consists of a robust and integrated security suite that protects against remote desktop attacks. We are the only company to provide a complete solution with proven performance and high security to meet the growing demands of RDS servers.

    Keep Threats Away From Your Server:

          Download RDS-Knight Now .