Hack into Windows Vista to test security features

That's fine and dandy, but it's not the real world. Testing for vulnerabilities on a default install of the operating system (OS) is one thing, but once you get users on board and software is installed, drives are shared and other complexities are thrown into the mix, then there's plenty of room for attacks…secure OS or not.

It can happen to you

Remember that the art of hacking doesn't have to focus solely on fancy code injection, address spoofing and virtual server hopping. In fact, many -- if not most -- of the breaches carried out against Windows-based systems are simplistic issues. It usually boils down to power users tweaking their systems, and that introduces vulnerabilities and administrators not having the resources or technology to apply patches in a timely manner. This is exactly the stuff you want to focus on during your Windows security testing. They are your highest payoff tasks. When and if you get the time, then you can dig in looking at minute nuances that someone may exploit in your environment a hundred years from now.

Like its predecessors, Windows Vista can be exploited in numerous ways by an external hacker or rogue insider. Here are some approaches that hackers use:

• Scan for open ports looking for running services that can be probed further.

• Establish null sessions and enumerate the OS to detect various system configuration settings.

• Gain access to the network via ARP poisoning using Cain & Abel in order to glean Windows passwords and other passwords off the wire.

• Gain physical access to a Vista desktop or laptop system and obtain the password hashes out of the SAM (Security Accounts Manager) database files using a tool such as BartPE and then loading the hashes into a password cracking tool such as Elcomsoft's Proactive Password Auditor. Or, as an alternate, you can use Elcomsoft's new all-in-one bootable solution based on WindowsPE called Elcomsoft System Recovery. This will allow you (or an attacker) to reset the list of local user accounts, view account privileges, grant administrator privileges to any account, reset accounts, reset passwords and more.

• Connect to Windows shares with previously cracked or easy-to-guess passwords and copy and/or delete sensitive ...
  
  To continue reading for free, register below or login

  Requires Membership to View

  To gain access to this and all member only content, please provide the following information:

  Email Address:
  
  
  

  By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  To read more you must become a member of SearchEnterpriseDesktop.com

  As an existing member of the TechTarget network please activate your SearchEnterpriseDesktop.com account 

  By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
  
  TechTarget cares about your privacy. Read our Privacy Policy
  
  
  

  Digg This!     StumbleUpon     Del.icio.us

  
  
  
  

  RELATED CONTENT Network intrusion detection and prevention and malware removal 20 days to a more secure enterprise Improvements to offline file synchronization in Windows 7 Underlying causes of inconsistent patch management Windows security tools for the busy desktop administrator Check IT List: Five steps for rootkit detection Top Windows client security tools for end users Hacking Exposed Windows: Windows security features and tools Tools for virus removal and detection Windows security testing: Five tips for the summer Buffer overflows can be prevented by GS cookies Microsoft Windows Vista operating system Windows 7 launches, offers salvation from Vista An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Choosing the best way to install images Has Microsoft corrected Vista annoyances in Windows 7? Microsoft's August patches run the gamut Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Combining folder redirection with roaming profiles IPv6 protocol, Windows Vista features simplify peer ad-hoc networking Windows desktop security tips The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise Improvements to offline file synchronization in Windows 7 How to get -- and keep -- user support with security Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP

  RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary desktop management  (SearchEnterpriseDesktop.com) Vista  (SearchEnterpriseDesktop.com) Vista glossary  (SearchEnterpriseDesktop.com)

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

  
  
  files.

• Exploit a missing patch and obtain a remote command prompt using Metasploit or CORE IMPACT.

Remember, all it takes is your users installing software or making very minor configuration changes to their Vista systems to create big problems. Even if you have an enterprise domain, air-tight GPOs and a formal acceptable use policy banning anything and everything you can imagine, you're still going to have issues with Vista on your network.

Likewise, once Vista-based systems are outside of your control (for example, at a user's home, hotels or coffee shops), it only takes one disabled firewall, one shared directory or one missing patch for Vista to be abused and network security to be compromised.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.