Remote Access Detection

by Michael Willison
July 11, 2014

This dashboard provides information on remote access vulnerabilities. These include vulnerabilities associated with the standard protocols of SSH, VNC, and RDP, along with the proprietary protocols of pcAnywhere, Apple Remote Desktop, WebEx, Google Desktop, and GoToMyPC. Remote access is an important IT function within most companies and the IT security team must have an understanding of the vulnerabilities that exist and their impact to company security.

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard can be easily located in the SecurityCenter Feed by selecting category Discovery & Detection, and then selecting tags remote access and  SSH. The dashboard requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.7
  • PVS 4.0.2

Listed below are the included components:

Remote Access – 7-Day Trend of Vulnerabilities: This chart presents a 7-day trend analysis of remote access vulnerabilities on the network. These include vulnerabilities associated with SSH, VNC, RDP, Apple Remote Desktop, WebEx, and GoToMyPC. This trending component will help IT security teams see anomalies or excessive vulnerabilities over a period of time for any of these types of remote access.

Remote Access - Exploitable, High CVSS Score, and Compliance Vulnerabilities: This component provides more information on vulnerabilities associated with various remote access protocols. Displayed for each protocol are the percentages of vulnerabilities that are exploitable, that have a CVSS score of 7.0 or above, and that are noted as compliance vulnerabilities. For each percentage, 0 to 24 percent will display green, 25 to 49 percent will display orange, 50 to 74 percent will display red, and 75 to 100 percent will display purple. The IT security team should attempt to keep all of these percentages as close to zero as possible.

Remote Access - Remediation Summary: This table provides information on remediation solutions available for remote access vulnerabilities. Each solution provides the percentage of risk reduction, the total hosts affected, and the percentage of vulnerabilities resolved.

Remote Access - Vulnerabilities Indicator: This component displays warning indicators for 28 specific remote access applications. An indicator will display purple when vulnerability has been detected in that specific remote access application. Purple does not necessarily indicate a critical detection, but shows that a vulnerability has been detected, even it is just an informational indicator. This component can be altered to add or remove applications as needed.