What is RDS-Knight?

Protect your Remote Desktop Server or PC from hackers from all across the globe that easily access login credentials anywhere and carry out ransomware attacks and run arbitrary code on the targeted systems.

It is designed to secure remote desktop, monitor login failures, block prohibited or suspicious IPs and prevent unauthorized actions.

Who need this?

Any company server that run on Terminal Server or Remote Desktop Services. An cost effective Remote Desktop Services is to use ServerLink.

2 Types of RDS-Knight

RDS-Knight Security Essentials provides three major protections:

• Homeland Access Protection : prevents foreign attackers to open a session. 
• Working Hours Restriction: prohibits users to connect at night (for all Users).
• Prevents Brute-Force Attacks: blacklists the offending IP addresses.

RDS-Knight Ultimate Protection provides all protections you need:

• Homeland Access Protection: prevents foreign attackers to open a session. 
• Working Hours Restriction: prohibits users to connect at night (per Users or per Groups).
• Prevents Brute-Force Attacks: blacklists the offending IP addresses.
• One Click to Secure Desktop: provides highly secured user’s environment (per Users or per Groups).
• Endpoint Protection and Device Control : restricts access per device (per Users).

Homeland Access Protection – Geo-Restriction for RDP

Your users are located in USA, UK and Canada offices. Why anyone should be able to open a session from China, India, Iran, or Germany?

In a snap with RDS-Knight, you protect your RDS servers from any attackers trying to open a session from foreign countries. This is extremely simple and so powerful. Just do it!

Working Hours Restriction

Of course, your users should be free to connect and to work when they are at their desks. However, why would they be allowed to open a session at midnight?

With RDS-Knight, you can specify the working time of the day when each of your user or group are allowed to open sessions. 

It will be so easy and amazingly nice to enhance your security policies

Prevent Brute-force Attacks – Block IPs

If your Windows server is publicly available on Internet, then there is a 100% probability that hackers, network scanners and brute force robots are trying to guess your Administrator login and password – as we speak. Using current logins and password dictionaries, they will automatically try to login to your server hundreds to thousands times every minute. Not only this is bad for your server’s security, but it can also consume a lot of its resources (CPU and bandwidth)

Stop the constant attacks right now with RDS-Knight brute-force attacks defender. It will instantly protect your server by monitoring Windows failed login attempts and automatically blacklist the offending IP addresses after several failures. Moreover, you can of course configure it to match your needs.

One Click to Secure Desktop – Set User Rights Policies

(Available in Ultimate Edition)

Windows is providing many powerful GPOs but it will cost you several days to enforce the expected security rules. Most of us are not comfortable enough with such kind of system restriction policies; as a result we give up on it or we select only few of them.

In one click, RDS-Knight will enforce for you the best security practice. In few minutes, you will get the best level of security that you expect to achieve for your Remote Desktop user’s environment. It is as easy to do it  “user per user”, or to set it up “per group”. More than a time-saver to protect your server, RDS-Knight is providing you more security without complexity. 

Endpoint Protection and Device Control

(Available in Ultimate Edition)

Why should a hacker be able to use a stolen Windows credential  to open a session from any device? This should be prevented. The EndPoint Protection is the right answer. It will bind the user’s credential to the user’s own device.

How does that work? RDS-Knight will record the user’s device name at his first connection. The administrator can decide to restrict access for this logon to that recorded device’s name. Doing so, any attempt to connect from another device will be automatically detected and rejected.