Skip to main content

Remote Access Section Guide

Frankie Bacigalupo
Updated

This article will help you to understand the Remote Access Section of the Perimeter Report.

 

What is Remote Access? 

Remote access services allow a user to access and control a computer or network from a remote location. 

 

What are the risks of remote access services? 

Any vulnerability that is detected in this section is considered an elevated vulnerability. This is because there are several security risks associated with remote access services, including the following:

  • Unauthorized access: If remote access is not properly secured, it can be possible for unauthorized users to gain access to the system or network. This can lead to data breaches, unauthorized access to sensitive information, and other security incidents.

  • Man-in-the-middle attacks: In a man-in-the-middle attack, an attacker intercepts the communication between the user and the remote system, allowing them to intercept and potentially alter the data being transmitted. This can lead to a loss of confidentiality, integrity, and availability of the data.

  • Malware: Malware, such as viruses and trojans, can be transmitted through remote access connections and infect the system or network. This can result in breaches, data loss, system downtime, and other security incidents.

  • Network attacks: Remote access connections can be a target for network-based attacks, such as denial-of-service (DoS) attacks, where the attacker attempts to overwhelm the network or system with traffic, rendering it unavailable to legitimate users. 


What service is vulnerable?
The Cyber Risk Report will detect unsecured Remote Access ports using the following services: 

  • SSH (Port 22)
  • RDP (Port 3389)
  • SMB (Port 445)

SSH

What is SSH?

SSH is a secure network protocol used to remotely access and manage servers and network devices over an unsecured network. It encrypts data and uses public-key cryptography for authentication, allowing system administrators and developers to execute commands, transfer files, and troubleshoot remotely. SSH is widely used for securely managing servers, deploying code, and collaborating on development tasks.

 

How do I remediate this?

There are three options to secure the port and remediate this vulnerability:

  1. Enable key-based authentication and disable password authentication
  2. Put access behind a firewall
  3. Close the port entirely if it is not in use

 

RDP

What is RDP?

Remote Desktop Protocol (RDP) is a Microsoft-developed protocol that allows users to remotely access and control a Windows computer over a network. It is commonly used for remote work, technical support, and accessing software on specific machines. While RDP provides a secure, encrypted connection, it is also a common target for ransomware attacks if not properly secured.

 

How do I remediate this?

There are two options to secure the port and remediate this vulnerability:

  1. Close the port
  2. Put access behind a firewall

 

SMB

What is SMB?

Server Message Block (SMB) is a network protocol used for sharing files, printers, and other resources between computers, mainly in Windows-based networks. It enables users to access shared files and devices like printers, facilitating collaboration and resource sharing. However, unsecured SMB ports can be exploited by cybercriminals through attacks like password spraying, man-in-the-middle attacks, and vulnerabilities such as the EternalBlue exploit used in ransomware attacks.

 

How do I remediate this?

There are two options to secure the port and remediate this vulnerability:

  1. Close the port
  2. Put access behind a firewall