Protection against remote desktop attacks

Abstract

This paper overviews the most common malicious software types. The motivationof writing this paper was a real wordcase studythat had to be investigated. Acomputer was suspected to have had an unwanted remote desktop connection attack. This paper presents how to investigatethe event log artifacts. For the unfortunate case when such an attack is proved to have happened, the second part of the article describes a method that allows the system administrator to detect brute force attacks through the remote desktop connection. When such an attack was revealed, the attacker’s IP address can be blacklisted.