Skip to main content

Remote Access Section Guide

Frankie Bacigalupo
Updated

This article will help you to understand the Remote Access Section of the Perimeter Report.

 

What is Remote Access? 

Remote access services allow a user to access and control a computer or network from a remote location. This can be done over the internet or through a dedicated network connection. Remote access services can be useful for providing remote support to users, allowing employees to access company resources from their home or other remote locations, and enabling access to resources that may be located in a different geographic location.

 

What are the risks of remote access services? 

Any vulnerability that is detected in this section is considered an elevated vulnerability. This is because there are several security risks associated with remote access services, including the following:

  • Unauthorized access: If remote access is not properly secured, it can be possible for unauthorized users to gain access to the system or network. This can lead to data breaches, unauthorized access to sensitive information, and other security incidents.

  • Man-in-the-middle attacks: In a man-in-the-middle attack, an attacker intercepts the communication between the user and the remote system, allowing them to intercept and potentially alter the data being transmitted. This can lead to a loss of confidentiality, integrity, and availability of the data.

  • Malware: Malware, such as viruses and trojans, can be transmitted through remote access connections and infect the system or network. This can result in breaches, data loss, system downtime, and other security incidents.

  • Network attacks: Remote access connections can be a target for network-based attacks, such as denial-of-service (DoS) attacks, where the attacker attempts to overwhelm the network or system with traffic, rendering it unavailable to legitimate users. 


What service is affected?
The Cyber Risk Report will detect unsecured Remote Access ports using the following services: 

  • SSH
  • RDP
  • SMB

SSH

SSH is a secure network protocol used to remotely access and manage servers and network devices over an unsecured network. It encrypts data and uses public-key cryptography for authentication, allowing system administrators and developers to execute commands, transfer files, and troubleshoot remotely. SSH is widely used for securely managing servers, deploying code, and collaborating on development tasks.

 

What causes this to be flagged on the Risk Report?  

  • The SSH port (22) is open
  • There appears to be a service behind the open port

How to remediate: There are three options to remediate - enable key-based authentication and disable password authentication, put access behind a firewall, or close the port entirely if it is not in use.

 

RDP

Remote Desktop Protocol (RDP) is a Microsoft-developed protocol that allows users to remotely access and control a Windows computer over a network. It is commonly used for remote work, technical support, and accessing software on specific machines. While RDP provides a secure, encrypted connection, it is also a common target for ransomware attacks if not properly secured.

 

What causes this to be flagged on the Risk Report? 

  • The RDP port (3389) is open
  • There appears to be a service behind the open port

How to remediate: There are two options to remediate - either close the port or put access behind a firewall.

 

SMB

Server Message Block (SMB) is a network protocol used for sharing files, printers, and other resources between computers, mainly in Windows-based networks. It enables users to access shared files and devices like printers, facilitating collaboration and resource sharing. However, unsecured SMB ports can be exploited by cybercriminals through attacks like password spraying, man-in-the-middle attacks, and vulnerabilities such as the EternalBlue exploit used in ransomware attacks.

 

What causes this to be flagged on the Risk Report?  

  • The SMB port (445) is open
  • There appears to be a service behind the open port

 

How to remediate: There are two options to remediate - either close the port or put access behind a firewall.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk