Hack into Windows Vista to test security features

That's fine and dandy, but it's not the real world. Testing for vulnerabilities on a default install of the operating system (OS) is one thing, but once you get users on board and software is installed, drives are shared and other complexities are thrown into the mix, then there's plenty of room for attacks…secure OS or not.

It can happen to you

Remember that the art of hacking doesn't have to focus solely on fancy code injection, address spoofing and virtual server hopping. In fact, many -- if not most -- of the breaches carried out against Windows-based systems are simplistic issues. It usually boils down to power users tweaking their systems, and that introduces vulnerabilities and administrators not having the resources or technology to apply patches in a timely manner. This is exactly the stuff you want to focus on during your Windows security testing. They are your highest payoff tasks. When and if you get the time, then you can dig in looking at minute nuances that someone may exploit in your environment a hundred years fr

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security issues, updates and alerts Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Minasi says Vista SP1 solves problems, adds new ones Does Vista's strong security make it better than XP? Are Windows Vista's features silencing critics? Managing single sign-on security burdens in Windows Top 10 ways to improve Windows Vista security A Windows security checklist for IT managers Unauthenticated vs. authenticated security testing Windows desktop security tips How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? A first look at Windows 7 security enhancements Using Sysinternals tools in security management scenarios

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

om now.

Like its predecessors, Windows Vista can be exploited in numerous ways by an external hacker or rogue insider. Here are some approaches that hackers use:

Remember, all it takes is your users installing software or making very minor configuration changes to their Vista systems to create big problems. Even if you have an enterprise domain, air-tight GPOs and a formal acceptable use policy banning anything and everything you can imagine, you're still going to have issues with Vista on your network.

Likewise, once Vista-based systems are outside of your control (for example, at a user's home, hotels or coffee shops), it only takes one disabled firewall, one shared directory or one missing patch for Vista to be abused and network security to be compromised.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.