All Windows managers know about the risks that viruses, zero-day exploits, missing operating system patches and weak passwords pose to their environments. But how familiar are you with the other lesser-known vulnerabilities that will expose your business to attack?
Here are the five soft spots I’ve encountered most often in security assessments. They probably exist in your Windows environment. Be sure to add the items to your security-testing to-do list, since it only takes one rogue employee or piece of malware to take your business from zero to breach in no time flat.
Requires Free Membership to View
1. Open and unprotected file shares
The most prevalent flaw I spot in internal security assessments is the surprising amount of
sensitive information contained in the Windows “everyone” group.
Many users share their local drives, not realizing that they’ve granted access to potentially sensitive data. Many also neglect to close the drives, letting them remain open forever, giving anyone easy access to the information on the Windows desktops and servers in your enterprise.
2. Missing patches for third-party applications
Adobe, Firefox, iTunes and other applications that are likely ingrained in your company are also
ripe targets for exploitation. This is because they are often unpatched or patched much more
sporadically than the operating system itself.
Malware aside, all it takes is an insider with a vulnerability scanner like GFI LANguard and an exploit tool like Metasploit to gain unlimited back-door access to desktops and servers alike -- all without your knowledge.
3. The move toward BitLocker for whole disk encryption
These days, more businesses are considering BitLocker for laptop and desktop
encryption. After all, it’s free, unlike commercial competitors such as PGP and WinMagic. But you should still think long and hard about
factors such as platform support, user PIN resets and key management before you roll BitLocker
across your enterprise.
Even though the Microsoft BitLocker Administration and Monitoring tool addresses several well-known BitLocker shortcomings – such as the ability to prove encryption status -- its encryption strength can be completely negated by tools like Passware Kit Forensic.
4. Sensitive information that can be extracted from the OS and apps
Once a hacker or rogue insider gains access to your Windows-based system, anything is fair game.
The locally-stored files are at risk, because many admins forget about the configuration
information stored in their Windows-protected storage environment, not to mention the numerous
passwords scattered about the OS and installed Web browsers.
Any hacker can use tools like Elcomsoft’s Proactive System Password Recovery and Internet Password Breaker to access this information. There’s even a free Facebook Password Extractor tool that can expose all browser-cached Facebook passwords immediately. There is a wealth of information sitting there waiting to be exploited, so make sure you’re protected.
5. Clear-text data floating across the wire
Placing a network analyzer just inside or outside the network firewall provides interesting insight
into the amount of sensitive data and passwords that are transmitted in clear text in Windows
environments. Depending on your network configuration, a hacker can access given data set flowing
across the wire, especially if he’s using a tool like Cain
and Abel. This tool performs ARP
spoofing and turns
your network switches into hubs allowing visibility across the entire network segment, while it
captures all clear-text passwords as well.
The common theme of these five security risks is that rogue insiders don’t require elite hacking skills to exploit them and harm your system. They only need simple curiosity and free tools. These often-overlooked Windows security vulnerabilities can still harm your Windows enterprise, so neglect them at your own peril.
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant,
expert witness, author and professional speaker with Atlanta-based Principle Logic, LLC. With
over 22 years of experience in the industry, Kevin specializes in performing independent security
assessments revolving around minimizing information risks. He has authored/co-authored nine books
on information security including the best-selling Hacking
For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals
on the go. You can reach Kevin through his website www.principlelogic.com and follow him on Twitter at @kevinbeaver.
This was first published in September 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation