Remote Control Server Running


Summary

Many enterprises augment their system administration operations with remote control software, such as pcanywhere and timbuktu. These products, if improperly configured, can provide remote access to unauthroized users.

Impact

Pcanywhere reportedly comes "out-of-the-box" with little or no password protection. Timbuktu updates its LDAP server with information about your enterprise -- which could be viewed by users outside of the enterprise.

Fix

Confirm that systems are properly configured. Consider blocking the timbuktu LDAP server at the enterprise's firewall.