I have been watching the CEH course and am a little disappointed in the lack of demonstrations of all the topics that are being discussed. One of the biggest questions I have regards remote access and actually "Gaining access to a computer." In these segments there is discussion about getting passwords, using key loggers, other physical capture devices, etc., however, there is little discussion on how remote access to a computer is actually obtained and what is and is not possible based on how a host is configured. I have a lot of questions but one I am hoping someone can shed some light on is the following -
If a computer on a network does not have any remote connection settings enabled (SSH, Windows remote desktop, telnet, etc.) and I have a user name and password for the machine, what good is it? Can the computer even be accessed with the information that is gathered from scanning and enumeration? I realize there are other means that you can physically install or perform or prompt another user to perform in order to install malware to make the computer remotely accessible but if these services are disabled is the host at risk? If so, what techniques accomplish this?
If anyone has answers or links to additional resources where I can research this I would be grateful.
Thanks for your input.