When I scan a server now (Microsoft Server running Nessus 3.2.1.347 and
plugins downloaded today, I received a error in total "Medium" rated
vulnerabilities.
The count at the top of the report will reflect the following as a
"Medium" vulnerability when it is marked as "Risk Factor: None" I agree
it is a known risk and we are moving to a more secure application for
remote management. But why count and yellow flag if it has been
downgraded and if not downgraded why not mark it as "Risk Factor:
Medium"?
Thanks
Check for VNC HTTP
Synopsis :
The remote host is running a remote display software (VNC).
Description :
The remote host is running VNC (Virtual Network Computing), which uses
the RFB (Remote Framebuffer) protocol to provide remote access to
graphical user interfaces and thus permits a console on the remote
host to be displayed on another.
See also :
http://en.wikipedia.org/wiki/Vnc <http://en.wikipedia.org/wiki/Vnc>
Solution :
Make sure use of this software is done in accordance with your
organization's security policy and filter incoming traffic to this
port.
Risk factor :
None
Nessus ID : 10758
<http://www.nessus.org/plugins/index.php?view=single&id=10758>
Robert A. "Bob" Schommer
Audit & Security Officer
Bway Corporation
Desk 770-645-4882
Cell 404-769-1966
bob.schommer@bwaycorp.com
plugins downloaded today, I received a error in total "Medium" rated
vulnerabilities.
The count at the top of the report will reflect the following as a
"Medium" vulnerability when it is marked as "Risk Factor: None" I agree
it is a known risk and we are moving to a more secure application for
remote management. But why count and yellow flag if it has been
downgraded and if not downgraded why not mark it as "Risk Factor:
Medium"?
Thanks
Check for VNC HTTP
Synopsis :
The remote host is running a remote display software (VNC).
Description :
The remote host is running VNC (Virtual Network Computing), which uses
the RFB (Remote Framebuffer) protocol to provide remote access to
graphical user interfaces and thus permits a console on the remote
host to be displayed on another.
See also :
http://en.wikipedia.org/wiki/Vnc <http://en.wikipedia.org/wiki/Vnc>
Solution :
Make sure use of this software is done in accordance with your
organization's security policy and filter incoming traffic to this
port.
Risk factor :
None
Nessus ID : 10758
<http://www.nessus.org/plugins/index.php?view=single&id=10758>
Robert A. "Bob" Schommer
Audit & Security Officer
Bway Corporation
Desk 770-645-4882
Cell 404-769-1966
bob.schommer@bwaycorp.com