REMOTE DESKTOP ACTIVITY

Operating SystemWindows

Normal security access control may be compromised by external access via any remote desktop access program onto a terminal that has been logged in to the SQL Server. In this case, another computer has taken control of the original desktop, which was logged in and authenticated and thereby has the same level of access and control.

There may be instances where such external control is authorized and proper.
This alert enables the identification of possible cases where approving remote access control was accidental or remained open unintentionally. When remote access is done to an admin user, extra caution needs to be taken since a possible attacker might breach your system via remote access.

AimBetter tracks the incidence of users accessing the server through a remote desktop connection, such as AnyDisk, RemotePC, TeamViewer, or any suspicious program you may want to add to the list.

Impact: 

Programs remaining open unnecessarily might cause slowness since consuming the server’s resources. In addition, possible attackers might breach your system via remote access.

Expected behavior

Every access via a remote desktop should be in accordance with the company’s security policy and awareness, along with the control of the start and end time of the connection session.

Possible causes

1- Remote Desktop Activity.

The incidence of users accessing the server through a remote desktop connection, such as AnyDisk, RemotePC, TeamViewer, and others.

Problem identification:

Identify the running remote desktop program process on the server and verify its approval and awareness.

Hands-on approach
Get the answer in just seconds!
Hands-on approach
  1. If you are the user which approved the session, the open session of the remote activity will be displayed via the start menu of windows. You can know the user’s name that did the connection.
  2. If you are not the user in which the remote session is open, you can review it in system logs or via the task manager. However, this test must be done manually, being hard to track and know when you should do it.
Get the answer in just seconds!

No need for manual tracking once any remote desktop activity to the server is notified including the user name.

Recommended action :

Access is a matter of security control, and this alert serves to advise of these instances. Ensure the session is closed once there is no more need for it.

A multi-layered security approach and policy enforcement is recommended.

    Learn more how you can solve IT systems performance issues faster



    Share with friends:

    Testimonials:

    FEATURED POSTS

    Menu
    Skip to content