Remote Access Detection Report

Many organizations today utilize remote access services and applications to remotely connect to internal systems within a network. Without continuous monitoring, these services can be exploited and leave critical data at risk. This report presents a high-level overview of known remote access vulnerabilities from products such as Cisco AnyConnect, Citrix GoToAssist, Microsoft Remote Desktop, and RealVNC.

The content in this report leverages all collection methods from Tenable SecurityCenter. By using Tenable Nessus and the Tenable Nessus Network Monitor (NNM), the components are able to identify systems capable of remote access. Nessus looks for installed software, browser plugins, and other artifacts pointing to desktop control software to identify systems with remote access capabilities. NNM passively monitors network traffic to identify vulnerabilities and perform host, application, and operating system discovery using advanced packet analysis. 

This report uses the Common Platform Enumeration (CPE) filter to identify many of the software programs used in enterprise networks. According to NIST, the CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. Tenable assigns CPEs to plugins where appropriate. This allows for analysts to search for common CPE prefixes such as “cpe:/a:cisco:vpn,” “cpe:/a:citrix:gotoassist,” and “cpe:/a:realvnc.” Associating CPE strings with vulnerabilities allows the analysts to separate operating system vulnerabilities from application vulnerabilities, and adds to the level of vulnerability detail provided to the organization.

This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

• SecurityCenter 5.3.1
• Nessus 6.8.1
• NNM 5.1.0

Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organization. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Active scanning examines running processes and services, including remote access services, and detects vulnerable software applications, configuration settings, and additional vulnerabilities. Monitoring the network to ensure that all systems are secured against vulnerabilities is essential to ongoing security efforts. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable’s customers range from Fortune Global 500 companies, to the Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail, and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.

The following chapters are included within this report:

• Executive Summary: The Executive Summary chapter provides a high-level overview of remote access related vulnerabilities that have been detected on the network. Vulnerabilities are tracked by severity, applications, and protocols in order to provide a complete look at remote access solutions that may be at risk. These services help to protect critical services and infrastructure within an organization, and help to detect and prevent unauthorized users and devices from connecting to internal resources. Using the elements within this report, analysts will be able to quickly identify, remediate, and reduce overall security risks.
• Remote Access Vulnerabilities: The Remote Access Vulnerabilities chapter provides insight into vulnerabilities detected from remote access solutions within the network. Each element will alert on specific remote access vulnerabilities that have been detected, along with a detailed vulnerability summary. Each table presents the latest information on relevant vulnerabilities, including plugin, name, family, severity, and total count of vulnerabilities detected. Data presented within this chapter can be modified to include specific CPE filters, additional host information, and additional details on the detected vulnerability.