Problem solve Get help with specific problems with your technologies, process and projects.

Not looking at the whole picture

When it comes to performing security assessments on your Windows system, avoid these five mistakes in order to help cut back on weaknesses in your network.

It's easy to check Windows systems for vulnerabilities -- both as an untrusted outsider and an authenticated user. We tend to think the servers are "where it's at" and we end up focusing most of our attention and effort here. One thing's for sure: Never, ever underestimate the importance and criticality of seemingly harmless hosts and network systems -- including technologies and protocols that affect your overall security. This includes:

Also, you'll never be able to say with conviction that you've tested for all security vulnerabilities unless and until you look at things on the business side. Operational security weaknesses that can lead to Windows hacks and other abuse include:

  • Poorly managed user provisioning and passwords.
  • Patching (or lack thereof).
  • User NTFS rights assignments.
  • Backups and media handling.
  • Policy documentation and enforcement.
  • Incident response and disaster recovery procedures.

Minimizing information risks means looking at everything -- soup to nuts.


Security assessments and five mistakes to avoid

 Home: Introduction
 Step 1: Relying on audit checklists and automated tools
 Step 2: Not considering the side effects of your tests
 Step 3: Not looking at the whole picture
 Step 4: Spending too much time trying to fix everything
 Step 5: Assuming testing once is enough

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheelsaudiobook series. You can reach Kevin at kbeaver@principlelogic.com>.

 

This was last published in May 2007

Dig Deeper on Endpoint security management tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close