Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The VNC desktop-sharing system is a common target for attackers because VNC provides remote access to other devices over the Remote Frame Buffer (RFB) protocol. Attackers can find weak VNC passwords with low-cost techniques such as brute force attacks. If an attacker has credentials for several devices on the network, they can easily open multiple VNC connections from a single device to control many devices on the network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
An attacker looking to remotely run commands on target devices over VNC must first acquire valid remote desktop credentials. A brute force attack is a method for guessing a weak user password. Brute force attacks can occur manually through trial and error or automation tools.
Disable VNC access unless required
Limit the number of VNC login attempts and then block users that exceed this number
Implement microsegmentation by adding secure zones based on the zero-trust security model: partition network traffic with endpoint firewalls, virtual or software-defined networks, or physical networks
Disable guest access to prevent anonymous users from establishing VNC connections without a password
Enable encryption to prevent exposure of plaintext credentials
Review access controls to ensure that only necessary users and hosts can connect to remote access services with VNC
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
