Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Remote Desktop Protocol (RDP) is a common target for attackers because RDP provides remote access to a Windows device. Brute force attacks on RDP are low cost and relatively easy to perform. Even though this type of brute force attack is noisy, it can be highly effective due to the commonality of weak and repurposed passwords.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
An attacker looking to remotely run commands on target devices over Remote Desktop Protocol (RDP) must first acquire valid remote desktop credentials. A brute force attack is a method for guessing a weak user password. Brute force attacks can occur manually through trial and error or automation tools.
Limit the number of Remote Desktop Protocol (RDP) login attempts and then block users that exceed this number
Implement strong authentication methods for remote access services
Implement network segmentation and firewall policies to limit how devices can communicate and enforce security zones
Review access controls to ensure that only necessary users can connect to remote access services with RDP
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
