Detections
Analytics
External Remote Services (Windows)
Description
Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management and VNC can also be used externally.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 64582 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Persistence, Initial Access
Technique: External Remote Services
Sub-Technique: External Remote Services
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q4