Home > CAPEC List > CAPEC-555: Remote Services with Stolen Credentials (Version 2.10)  

CAPEC-555: Remote Services with Stolen Credentials

 
Remote Services with Stolen Credentials
Definition in a New Window Definition in a New Window
Attack Pattern ID: 555
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary leverages remote services such as RDP, telnet, SSH, and VNC to log into a system with stolen credentials.

+ Solutions and Mitigations

Disable RDP, telnet, SSH and enable firewall rules to block such traffic. Limit users and accounts that have remote interactive login access. Remove the Local Administrators group from the list of groups allowed to login through RDP. Limit remote user permissions. Use remote desktop gateways and multifactor authentication for remote logins.

+ References
[R.560.1] ATT&CK Project. "Remote Desktop Protocol (1076)". MITRE. <https://attack.mitre.org/wiki/Remote_Desktop_Protocol>.
[R.560.1] ATT&CK Project. "Remote Services (1021)". MITRE. <https://attack.mitre.org/wiki/Remote_services>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017