Remote Desktop Reports in Sunfirewall

In order to provide optimal remote desktop protection, SunFirewall Cybersecurity system offers a number of features, specifications of each of which, we have detailed in separate articles. But what is particularly handy in both the RDP protection itself and also in presenting invaluable meta data regarding it, is a detailed report log, with tables, graphs, and maps, that give a thorough outlook into where, when, who, how many, how much of brute force attacks have been launched against your system through remote desktop. Below you will find a full, exhaustive, rigorous description of what you will find in each tab of the report section, giving you a transparent idea of what makes Sun Firewall stand out as a remote desktop protection system.

SunFirewall’s Report Feature Explained

SunFirewall RDP protection software development is an ongoing project, meaning that more features will be getting added to the ones currently existing, so the 5 tabs that catalog failed logins, blocked IP addresses, unblocked IP addresses, successful logins, and logouts, which are being described here, are only the first 5 tabs, and more are to be expected in the upcoming updates.

Failed logins lists indicating brute force attack details

Every time a person or software program attempts to log into the remote desktop port putting in an incorrect username and password, and fails, and the IP of the person gets registered in the event log as a failed login, accompanied by its exact date and current local time. This is because if this failed logins happen for an unreasonable amount of times a brute force attack might be happening.

Blocked IP Addresses of 3-time failed login users

If the same IP attempts to log in, trying three different username- password combinations within a 12-hour period, it will be blocked, which will qualify as an event, and will appear in the event log, with the date and exact time, in current local time of the country, that is.

Unblocked IP Addresses after 24 hours If They Don't seem to be hostile

If there are quite a large number of IP addresses getting blocked on a daily basis, keeping all of them blocked forever would strain the CPU That is why Sun Firewall is set to automatically unblock the IP Addresses after 24 hours, which is another event that is registered in the event log with the precise date and time.

Successful logins of authorized and unauthorized users

SunFirewall also reports on successful logins they are mainly personnel that entered the correct password, but and their IP Addresses are shown in the event log, together with the accurate time, date, and a notification on the windows desktop. This is handy for times when the login takes place at an unusual time.

Logout details of the remote desktop user with specifics

If the user is authorized and part of the team, they will be doing legitimate activity through the remote desktop connection session and log out when done, the time and date of those IP addresses' logouts will be reported in the event log, along with a windows notification.

Brute force attack details, By Country

In the second tab of the report section of the Sun Firewall remote desktop protection software , brute force attack details are reported, categorized by country; here is how it works: in the first column the name of the country with the highest numbers of attacks is shown. in the next column the total number of failed logins coming from that country is seen. in the third column number of blocked IP addresses of that country is reported, which is usually about one third of the failed login number, as IP addresses are blocked after 3 failed attempts, and usually, but not always, any given IP makes three attempts within 12 hours; And on the fourth column, the time of the last attack made by an IP from the country is shown.

Graphical representation of failed login history

When clicked on, his tab opens into a page featuring 4 line graphs, comparing and contrasting the rate of incoming brute force attacks in 4 time frames: the last hour, the last 24 hours, the last week, and the last months, accurate by the minute. Another level of accuracy is also provided through zooming analysis of the lines. You can scroll into each part of the rising, falling or plateauing line, and see the number of attacks having happened at that minute, hour, day, and week, respectively. The total number of attacks in each window of time is written above its designated graph.

Blocked IP history

Tab 5 consists of another 4 line graphs presenting summarized data in the same 4 time frames as the previous tab: last our, last day, last week, and last month, but this time on the blocked IP addresses. On these 4 graphs, too, you can scroll up and down, zooming in and out, observing at what minute of the hour, what hour of the day, what day of the week, and what week of the month, what number of IP addresses were blocked, which gives precise insight into what time frames the least, and the most attacks tend to happen.

Bar graph insights

The sixth and last tab of the report section in our remote desktop protection software, sun firewall, presents 3 bar charts showcasing stats on the distribution and prevalence of brute force attacks in three windows of time, the last 24 ours, the last week, and the last year. The first graph shows the rate of hourly change in the number of IP addresses attempting to log in. The second bar chart exhibits that on what days. The last chart shows annual trends. The exact number of attacks at any point in any time period can be seen with a simple cursor hover on the bar.