RdpGuard IP Cloud Overview
RdpGuard IP Cloud is a new service by RdpGuard designed to help you protect
Windows machines in a more pre-emptive and pro-active way.
Instead of waiting until attackers may even reach your server and perform a number of failed login attempts,
you may receive their IP addresses from IP Cloud and block them before they even find your server.
Why do you need it
While many tools can easily detect brute-force attacks from the single IP addresses,
this approach may not work in case of distributed attacks from the botnets, when each
host controlled by the intruder performs a small number of failed login attempts at low frequency,
allowing them to avoid blocking.
Some botnets may contain hundreds of thousands infected hosts, allowing cyber criminals
to perform massive brute-force attacks without disclosure.
Distributed botnet-based brute-force example
How does it work
The solution is to use the centralized method of detecting brute-force attempts -
each IP Cloud participant sends information about failed login attempts to the IP Cloud server,
where it is possible to detect infected hosts by aggregating results from many other reporters.
Failed login attempts are collected and aggregated on the IP Cloud server
How to enable RdpGuard IP Cloud
1. Open Tools, Options, IP Cloud
Open Tools, Options, IP Cloud
2. Tick the Enable RdpGuard IP Cloud checkbox.
Tick the Enable RdpGuard IP Cloud checkbox.
3. Click Save