Tip

The right security tools for finding Windows desktop weaknesses

As secure as the Windows operating system has become in recent years, it still has its troubles. Security challenges include the fact that the OS is an 800-pound gorilla with a target on its back and the mix of user and admin tweaks. Vendors want us to believe that viruses, spyware and rootkits are the source of most Windows worries. While they certainly can be if the proper malware protection isn't used, the right tools -- and some judgment – are needed to deal with the real security challenges of Windows desktops.

There are security issues beyond the widely accepted Windows hardening practices and security standards that, if you are not careful, will creep into your environment and bleed you dry.

Security best practices include requiring strong passwords, renaming the administrator account and disabling unused accounts. However, I'm not convinced they're the best ways to spend your resources -- at least until the bigger problems are fixed. In fact, often default installations of Windows desktops as well as other lower-hanging fruit pose even greater risks. These things include open file shares, enabled null sessions, a lack of drive encryption, and insecure versions of software like SQL Server Express and VNC.

To find vulnerabilities in Windows, the right tools are needed. I'm partial to the commercial tool QualysGuard, which I've used for a decade and I have yet to find another tool that produces results at the same quality level. However, these days it can be difficult to scrounge up money for security tools. The good news is that if you've got the time and are willing to put forth the effort, there are many low-cost and free tools to help with Windows security, including the following:

With these tools, you can accomplish a lot in the ethical hacking methodology of scan, enumerate, assess and exploit -- especially if you integrate BackTrack and the Sysinternals suite into the mix. While you may not find everything, and it may take longer, it beats overlooking critical Windows flaws waiting to be exploited.

Keep in mind that in order to find security flaws in the majority of Windows systems, you need to look at only a relatively small cross-section of them. If a specific security weakness is on 10% or 20% of Windows desktops, odds are it's on all of them.

If you really need higher-end tools for scanning Windows systems, try to get a trial version of the software. Such tools can help you convince management that their money will be well spent.

Finally, don't take your Windows security tools too seriously -- they're not all you need. The missing ingredient for well-rounded Windows security assessments is good old-fashioned experience. If you don't know what to look for -- i.e., the things that count in your environment -- then you might as well not be looking.

ABOUT THE AUTHOR:   
Kevin Beaver
Kevin Beaver is an information security consultant, keynote speaker and expert witness at Atlanta-based Principle Logic LLC. He specializes in performing independent security assessments and helping IT professionals enhance their careers. Beaver has also written and co-authored seven books on information security, including Hacking for Dummies and Hacking Wireless Networks for Dummies (Wiley). In addition, he's the creator of the Security on Wheels information security audio books and Security on Wheels blog providing security learning for IT professionals on the go. He can be reached at kbeaver@principlelogic.com.

This was first published in December 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.