CloudWiki
Rules
Critical

Ensure there is no unrestricted inbound access to TCP port 5900 (VNC Server)

Security & Compliance
No items found.
Description

TCP port 5900 is commonly used by VNC (Virtual Network Computing) servers, which allows remote access and control of a graphical desktop interface. Ensuring there is no unrestricted inbound access to this port is important to prevent unauthorized access to the VNC server and the system it is running on. Unrestricted access to port 5900 could allow attackers to gain remote access to the system, potentially leading to unauthorized modifications or data theft. Therefore, it is essential to properly secure this port and restrict access to only authorized personnel.

Remediation

To ensure there is no unrestricted inbound access to TCP port 5900 for VNC Server, follow the below remediation steps:

  1. Review the firewall rules and access control lists to identify if any rules are allowing unrestricted inbound access to port 5900.
  2. Modify the rules to restrict access to only the necessary IP addresses and ports. For example, you can limit access to specific IP addresses, subnets, or VPN connections.
  3. If the server is publicly accessible, consider implementing additional security measures such as two-factor authentication, SSL/TLS encryption, or a web application firewall.
  4. Enable VNC Server authentication and use strong passwords to secure VNC connections.
  5. Use VNC over SSH tunneling to add an extra layer of security.
  6. Regularly review and update firewall rules and access control lists to ensure that they continue to meet your security needs and to address any new threats or vulnerabilities that may arise.
  7. Monitor your network traffic and logs for any suspicious activity related to port 5900 and investigate any anomalies promptly.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.