Vista tested: Expert shares results

I ran several tests against Windows Vista as both an untrusted outsider and a trusted insider, as well as with/without the Windows Firewall enabled. These best- and worst-case scenario techniques always uncover issues that would be tough to find otherwise, so be sure to make them part of your security testing methodology.

I admit that this was a pre-production version of Vista, but what I found didn't really surprise me because the same old Windows issues were present: NetBIOS leaks here, ports open there, generic network problems -- you name it. Sure, it's not the final release of the operating system (OS), but I'll wager that none of these fundamental problems will change. The fact is, it's a complex, networked OS, and no matter what the marketing gods want us to believe, it's going to have certain flaws that people can and will take advantage of.

The following screenshots, along with brief descriptions, show what I was able to uncover using the standard ethical hacking methodology of enumerating, checking for vulnerabilities and exploiting those vulnerabilities.

Port scan results show which services are available on a typical Vista system.

QualysGuard scan results show that many of the old Windows weaknesses still exist in Vista.

Proactive Password Auditor crack was successful against Vista accounts.

I know, I know. This was carefully setup in a lab environment and no big-time exploits were found. But just wait; it's only a matter of time before serious Vista flaws are made public and the guys over at the Metasploit Project and the experts at vendors like Core Security Technologies have nicely packaged exploits to help us out.

But that's just the beginning, because once other tools like the powerful Ophcrack Live CD and many others support Vista, we're back to square one with Windows weaknesses in the enterprise.

That is, unless you've really hardened your Vista systems against attacks -- including turning on BitLocker Drive Encryption and tweaking Windows Firewall -- and your users are always doing the right things. (Ha ha!)

As Vista becomes more prevalent over the next year or two, just like any other operating system, it'll serve to introduce risks into your environment. So, test and test often. Also, make sure you have good tools that you're comfortable using to help you find a lot of the vulnerabilities that would be next to impossible to uncover yourself -- that's almost half the battle. Don't overlook the importance of manually poking and prodding the OS from every possible angle keeping that malicious mindset intact.

Thinking like the bad guys and understanding how they can (and will) exploit OS weaknesses will prove to be very fruitful -- for Vista and beyond.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments regarding compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Patches, alerts and critical updates Microsoft releases six patches for November Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Microsoft Windows Vista operating system Windows 7 launches, offers salvation from Vista An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Choosing the best way to install images Has Microsoft corrected Vista annoyances in Windows 7? Microsoft's August patches run the gamut Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Combining folder redirection with roaming profiles IPv6 protocol, Windows Vista features simplify peer ad-hoc networking User passwords and network permissions 20 days to a more secure enterprise Eight is too many characters for strong passwords Nine common password oversights to avoid Secure your Windows systems with proper password practices Managing multiple passwords in Windows Windows desktop endpoint security challenges podcast series How to strike a balance between Windows security and business needs Managing single sign-on security burdens in Windows Build secure computer password policies Remote user security checklist RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.