Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Remote Access Detection Report

by Stephanie Dunn
November 9, 2016

Remote Access Detection Report Screenshot

Many organizations today utilize remote access services and applications to remotely connect to internal systems within a network. Without continuous monitoring, these services can be exploited and leave critical data at risk. This report presents a high-level overview of known remote access vulnerabilities from products such as Cisco AnyConnect, Citrix GoToAssist, Microsoft Remote Desktop, and RealVNC.

The content in this report leverages all collection methods from Tenable SecurityCenter Continuous View (CV). By using Tenable Nessus and the Tenable Passive Vulnerability Scanner (PVS), the components are able to identify systems capable of remote access. Nessus looks for installed software, browser plugins, and other artifacts pointing to desktop control software to identify systems with remote access capabilities. PVS passively monitors network traffic to identify vulnerabilities and perform host, application, and operating system discovery using advanced packet analysis. 

This report uses the Common Platform Enumeration (CPE) filter to identify many of the software programs used in enterprise networks. According to NIST, the CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. Tenable assigns CPEs to plugins where appropriate. This allows for analysts to search for common CPE prefixes such as “cpe:/a:cisco:vpn,” “cpe:/a:citrix:gotoassist,” and “cpe:/a:realvnc.” Associating CPE strings with vulnerabilities allows the analysts to separate operating system vulnerabilities from application vulnerabilities, and adds to the level of vulnerability detail provided to the organization.

The Tenable Log Correlation Engine (LCE) is used to log PVS events and track other remote access related events. LCE also provides the ability to monitor NetFlow information by either collecting NetFlow flows using the Tenable NetFlow Monitor or by using the Tenable Network Monitor Agent. The Network Monitor Agent works similar to a NetFlow collector, but stores the records in a LCE-friendly method. An additional benefit of the Network Monitor Agent is that any syslog messages captured will also be forwarded to LCE for analysis. The NetFlow and Network Monitor Agent can detect traffic patterns, which can then be identified as interesting. Remote access activity leverages the destination port filter, which shows common ports used for remote access. Security teams can use this information to identify malicious activity, along with any potential false positives. Additionally, this data can be useful in understanding and mitigating potential threat vectors, and securing remote access solutions within the organization.

This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • SecurityCenter 5.3.1
  • Nessus 6.8.1
  • PVS 5.1.0
  • LCE 4.8.0
  • Tenable NetFlow Monitor
  • Tenable Network Monitor

Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organization. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Active scanning examines running processes and services, including remote access services, and detects vulnerable software applications, configuration settings, and additional vulnerabilities. Monitoring the network to ensure that all systems are secured against vulnerabilities is essential to ongoing security efforts. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable’s customers range from Fortune Global 500 companies, to the Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail, and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.

The following chapters are included within this report:

  • Executive Summary: The Executive Summary chapter provides a high-level overview of remote access related vulnerabilities that have been detected on the network. Vulnerabilities are tracked by severity, applications, and protocols in order to provide a complete look at remote access solutions that may be at risk. These services help to protect critical services and infrastructure within an organization, and help to detect and prevent unauthorized users and devices from connecting to internal resources. Using the elements within this report, analysts will be able to quickly identify, remediate, and reduce overall security risks.
  • Remote Access Vulnerabilities: The Remote Access Vulnerabilities chapter provides insight into vulnerabilities detected from remote access solutions within the network. Each element will alert on specific remote access vulnerabilities that have been detected, along with a detailed vulnerability summary. Each table presents the latest information on relevant vulnerabilities, including plugin, name, family, severity, and total count of vulnerabilities detected. Data presented within this chapter can be modified to include specific CPE filters, additional host information, and additional details on the detected vulnerability.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Try Tenable Web App Scanning

    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

    Buy Tenable Web App Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs

    $3,578

    Buy Now

    Try Tenable Lumin

    Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

    Try Tenable Nessus Professional Free

    FREE FOR 7 DAYS

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

    NEW - Tenable Nessus Expert
    Now Available

    Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

    Fill out the form below to continue with a Nessus Pro Trial.

    Buy Tenable Nessus Professional

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

    Select Your License

    Buy a multi-year license and save.

    Add Support and Training

    Try Tenable Nessus Expert Free

    FREE FOR 7 DAYS

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Already have Tenable Nessus Professional?
    Upgrade to Nessus Expert free for 7 days.

    Buy Tenable Nessus Expert

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Select Your License

    Buy a multi-year license and save more.

    Add Support and Training