GEN:SID 1:560
Message POLICY VNC server response
Summary This event is generated when network traffic indicating the use of an
application or service that may violate a corporate security policy.
Impact This may be a violation of corporate policy since some applications can
be used to bypass security measures designed to restrict the flow of
corporate information to destinations external to the corporation. In
some instances this event may indicate behavior contrary to best
security practices.

In this case the event is generated when a VNC server response is
detected. This traffic indicates that a VNC client has made an attempt
to connect to a VNC server.

Virtual Network Computing (VNC) allows users to connect machines across
a network. It allows full control of the connected machine to take
place, the user can access all resources on the machine and any other
resources that machine is connected to.
Detailed Information This event may indicate a violation of corporate policy. It may also
indicate the use of services or applications that may be the antithesis
of best security practices.
Affected Systems All systems
Attack Scenarios Violation of corporate security policy can manifest serious risk to
company assets.
Ease of Attack Not applicable
Corrective Action Ensure adherence to best security practices and strict adherence to
corporate policy
Additional References