GEN:SID | 1:560 |
Message | POLICY VNC server response |
Summary | This event is generated when network traffic indicating the use of an application or service that may violate a corporate security policy.
|
Impact | This may be a violation of corporate policy since some applications can be used to bypass security measures designed to restrict the flow of corporate information to destinations external to the corporation. In some instances this event may indicate behavior contrary to best security practices.
In this case the event is generated when a VNC server response is detected. This traffic indicates that a VNC client has made an attempt to connect to a VNC server.
Virtual Network Computing (VNC) allows users to connect machines across a network. It allows full control of the connected machine to take place, the user can access all resources on the machine and any other resources that machine is connected to.
|
Detailed Information | This event may indicate a violation of corporate policy. It may also indicate the use of services or applications that may be the antithesis of best security practices.
|
Affected Systems | All systems
|
Attack Scenarios | Violation of corporate security policy can manifest serious risk to company assets.
|
Ease of Attack | Not applicable
|
Corrective Action | Ensure adherence to best security practices and strict adherence to corporate policy
|
Additional References | |