External Remote Services


Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management and VNC can also be used externally.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Cloud SecuritySecurity groupRead-onlyAPISecurity group Connectivity

Notes: fix me

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Initial Access, Persistence

Platform: Windows

Products Required: Tenable Cloud Security

Tenable Release Date: 2022 Q4