
	Home > Enterprise Desktop Tips > Windows desktop security tips > The 10 most common Windows security vulnerabilities

Enterprise Desktop Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

WINDOWS DESKTOP SECURITY TIPS

The 10 most common Windows security vulnerabilities

Kevin Beaver, CISSP
09.24.2008
Rating: -3.00- (out of 5)

Tips on Desktop Management, Virtualization and Security

Digg This! StumbleUpon Del.icio.us

We all know that Windows-based systems have plenty of potential security risks. But are your systems vulnerable? Likely so. Any given network is chock full of Windows vulnerabilities. It's a law of nature and a side effect of doing business using networked computers. But with the thousands of Windows vulnerabilities in the wild, what do you really need to focus your efforts on? Well, let me share with you the Windows-based weaknesses I'm seeing most often in my work -- things that can get you in a bind if you ignore them.

Here's my top 10 list:

In order to find these vulnerabilities, you're going to need good tools, including port scanners and system enumeration tools, such as SuperScan or, ideally, vulnerability scanners that do it in one fell swoop, such as QualysGuard. An easy-to-use network analyzer such as OmniPeek or CommView is a must, and so is a good hex editor. Last, but certainly not least, you'll have to use your own expertise to manually analyze your systems to

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Windows desktop security tips
	How Windows 7 stands up to security tests
	Securing sensitive data on Windows-based laptops
	Gathering and documenting your Windows desktop security policies
	Windows desktop security standards documentation best practices
	Desktop security preparation for a new wave of Windows apps
	Four Internet Explorer 8 group policy security settings
	The state of enterprise security and emerging threats in 2009
	Why should Windows shops use Microsoft Baseline Security Analyzer?
	A first look at Windows 7 security enhancements
	Using Sysinternals tools in security management scenarios

Windows Vista security issues, updates and alerts

Ten ways to sell security to management

Improve Windows security with our top 10 tips

Windows Vista management tutorial

Minasi says Vista SP1 solves problems, adds new ones

Does Vista's strong security make it better than XP?

Are Windows Vista's features silencing critics?

Managing single sign-on security burdens in Windows

Top 10 ways to improve Windows Vista security

A Windows security checklist for IT managers

Unauthenticated vs. authenticated security testing

Microsoft Windows patches and critical updates

Troubleshooting Microsoft WSUS connectivity issues

Windows security tools for the busy desktop administrator

Why should Windows shops use Microsoft Baseline Security Analyzer?

Enhancing patch management with NAP

Windows security in the enterprise: Tutorials

Microsoft will release three critical patches in May

Critical patches for IE and Office released

Have my Windows patches actually been installed?

PatchLink Update 6.4

What's hot in Microsoft Windows security

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

drive-by download (SearchEnterpriseDesktop.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

check for weaknesses. It's easy to verify whether malware protection is installed but not so simple to determine just how weak file permissions, missing Group Policies and the like can be exploited.

Now that you know what to focus on, you can start finding out what's what. The bottom line is to know what's on your systems and what can be done with your systems. This is the recipe for a secure Windows environment.

About the author: Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic LLC, where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and a blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.

Rate this Tip
To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Enterprise Desktop Security - Virus Protection, Malware Protection, Intrusion Detection

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2009, TechTarget \| Read our Privacy Policy