Tip

Six Windows 7 security vulnerabilities you don't know about

Windows 7 is Microsoft's most secure desktop operating system. But although it stands up well to common security checks, the new OS also comes with its own set of security issues. These weaknesses are both technical flaws and operational concerns.

Before migrating to Windows 7, consider these six security vulnerabilities that are often ignored or forgotten:

1. If you're not running Windows 7 Ultimate or Enterprise editions, then you don't have access to BitLocker drive-encryption . If this is the case, to protect your systems, you should purchase a drive-encryption product from a third-party vendor like CREDANT, Symantec or WinMagic.

2. You will hit many stumbling blocks if  BitLocker is your enterprise drive encryption technology, including the need for manual deployment, lack of audit logging and more. Furthermore, make sure to consider all of your other systems -- Windows XP, Mac OS, Linux, etc. -- as they'll need their own drive encryption.

3. Windows 7 systems that are not properly protected are as easy to break into as Windows systems from 10 years ago. "Hope" is not a good strategy when it comes to having computers lost or stolen.

4. If you've deployed DirectAccess -- Windows 7 and Windows Server 2008 R2's VPN alternative -- then you have to tighten the user restrictions on locking screens. All it takes for someone to gain "direct access" into your network is a careless user leaving his system unattended for a brief moment in a public place. Once a thief walks off with a wide-open laptop, all he has to do is keep the keyboard/mouse active to prevent a screensaver from starting and locking him out. Everything else is fair game.

5. Newer isn't necessarily better or more secure, and the decision to migrate to Windows 7 on this assumption alone will disappoint. More than 20 security updates have been installed to my Windows 7 system this year. While only a few of these threats are easily-exploited with free tools such as Metasploit, the risk remains.

6. Your desktop security standards documentation needs to be upgraded to incorporate the Windows 7 changes. The Center for Internet Security's Microsoft Windows 7 Benchmarks are a good place to start. Just remember to do this before your next security assessment or audit.

Moving to Windows 7 won't suddenly make your life as a network administrator any easier and it won't suddenly reduce business risks. The security issues remain, and if anything, managing a more complex OS makes managing desktop security more complex.

About the author: Kevin Beaver is an information security consultant and expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. In the industry for over two decades and having worked for himself the past eight years, Beaver specializes in performing independent security assessments in support of compliance and managing business risks. He has also authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). In addition, he's the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Beaver can be reached at www.principlelogic.com.


This was first published in June 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.