Code: p513 Severity: Critical
Description: This event is generated when an attempt is made to gain administrative rights to a PC running pcAnywhere Impact: Serious. By the very nature of pcAnywhere, without a strong administrative password, a successful attack will allow the attacker to gain total control of the machine. Corrective: Make sure only servers and workstations that require remote control have pcAnywhere installed. Make sure that a strong password is required for any level of access, this ideally should be coupled with some for of alternate authentication, such as SecurID, modem callback or be blocked at the external firewall so that the remote control functionality is only available on the protected network.
|
