All Windows managers know about the risks that viruses, zero-day exploits, missing operating system patches and weak passwords pose to their environments. But how familiar are you with the other lesser-known vulnerabilities that will expose your business to attack?
Here are the five soft spots I’ve encountered most often in security assessments. They probably exist in your Windows environment. Be sure to add the items to your security-testing to-do list, since it only takes one rogue employee or piece of malware to take your business from zero to breach in no time flat.
1. Open and unprotected file shares
The most prevalent flaw I spot in internal security assessments is the surprising amount of sensitive information contained in the Windows “everyone” group.
Many users share their local drives, not realizing that they’ve granted access to potentially sensitive data. Many also neglect to close the drives, letting them remain open forever, giving anyone easy access to the information on the Windows desktops and servers in your enterprise.
2. Missing patches for third-party applications
Adobe, Firefox, iTunes and other applications that are likely ingrained in your company are also ripe targets for exploitation. This is because they are often unpatched or patched much more sporadically than the operating system itself.
Malware aside, all it takes is an insider with a vulnerability scanner like GFI LANguard and an exploit tool like Metasploit to gain unlimited back-door access to desktops and servers alike -- all without your knowledge.
3. The move toward BitLocker for whole disk encryption
These days, more businesses are considering BitLocker for laptop and desktop encryption. After all, it’s free, unlike commercial competitors such as PGP and WinMagic. But you should still think long and hard about factors such as platform support, user PIN resets and key management before you roll BitLocker across your enterprise.
Even though the Microsoft BitLocker Administration and Monitoring tool addresses several well-known BitLocker shortcomings – such as the ability to prove encryption status -- its encryption strength can be completely negated by tools like Passware Kit Forensic.
4. Sensitive information that can be extracted from the OS and apps
Once a hacker or rogue insider gains access to your Windows-based system, anything is fair game. The locally-stored files are at risk, because many admins forget about the configuration information stored in their Windows-protected storage environment, not to mention the numerous passwords scattered about the OS and installed Web browsers.
Any hacker can use tools like Elcomsoft’s Proactive System Password Recovery and Internet Password Breaker to access this information. There’s even a free Facebook Password Extractor tool that can expose all browser-cached Facebook passwords immediately. There is a wealth of information sitting there waiting to be exploited, so make sure you’re protected.
5. Clear-text data floating across the wire
Placing a network analyzer just inside or outside the network firewall provides interesting insight into the amount of sensitive data and passwords that are transmitted in clear text in Windows environments. Depending on your network configuration, a hacker can access given data set flowing across the wire, especially if he’s using a tool like Cain and Abel. This tool performs ARP spoofing and turns your network switches into hubs allowing visibility across the entire network segment, while it captures all clear-text passwords as well.
The common theme of these five security risks is that rogue insiders don’t require elite hacking skills to exploit them and harm your system. They only need simple curiosity and free tools. These often-overlooked Windows security vulnerabilities can still harm your Windows enterprise, so neglect them at your own peril.
ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, expert witness, author and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around minimizing information risks. He has authored/co-authored nine books on information security including the best-selling Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Kevin through his website www.principlelogic.com and follow him on Twitter at @kevinbeaver.
This was first published in September 2011