Assessing Security Vulnerabilities in a Windows Network

By CIOReview | Tuesday, August 30, 2016
561
934
188

Most Windows networks have a number of security issues, even though majority of the problems can be resolved before they pose a threat to business critical areas. Determining the vulnerability of a system is essential for any enterprise network, as ignoring them can create devastating effects on the organization as a whole. Following are some of the core areas in a Windows network that cannot be left unattended if found dicey.

File and Share permissions

Irrespective of the type of system or the version of windows being used, this is one of the most common vulnerability found in Windows operating systems. The file sharing mechanism with Windows XP has been made so easy, that it is effortless for hackers on public WiFi to gain access to the information. The security measures to curb these problems however seemed uncomplicated, but these issues were carried forward even in the later version of Windows such as Vista and Windows7. Victims of such attacks are users who create shares for local files to be available across networks. It has been noticed by experts that most of the times the “Everyone group” is allowed complete access to every file in the system.

But such mistakes are unlikely to happen with Windows 10, as it displays multiple warnings while exposing shared files to unreliable networks. Also, the file sharing permission by default gives access only to authenticated Windows users on the host system in a read only mode. With the right set of security tools such as Bitlocker encryption and Azure Rights Management System, users can set permissions and protect their data from snoopers.

Anti Malware and Firewall Protection

In many of the older windows systems it was found that personal firewall protection and spyware software were not enabled or not installed at all. These issues were addressed by Microsoft in their Windows XP version, but it was on the part of the user to turn on the firewall. However, after the Blaster and Sasser worm attacks started spreading worldwide, Microsoft turned on the firewall by default in their next Windows editions. But still, the protection offered by Windows firewall was limited to inbound connections and its usability was not taken into account by many organizations.

Microsoft upgraded the firewall in Windows 7 version by providing a firm integration of the same with the operating system and turning off network discovery in public networks. With the further advancements in Windows 8, third party firewall vendors started offering their own version of Windows compatible firewalls.

Weak or No Encryptions on Devices

A vast majority of organizations are not deploying the disk encryption methods available with the latest versions of windows. The only way to protect information foreseeing a theft or loss is by encrypting everything using good and earnest passwords.

Bitlocker, the full disk encryption feature was offered with selected versions of Windows and was first made available with Vista. It can be encrypted with a 128 bit or 256 bit encryption key and proves to be extremely useful at times when the system gets stolen or lost. As compared to the other disk encryption products available in market, Bitlocker has been widely accepted by Windows users all across the world. In a business environment, the Bitlocker can be used to secure business-critical information stored in removable drives and even mobile devices. Now with the advanced features and tools for managing Bitlocker, it can be used for a full-fledged encryption on Windows servers.

Risk of Using Weak or Easily Guessable Passwords

Weak passwords can make your business vulnerable to attacks. Companies often leave the systems unprotected as their employees may find it difficult to deal with complex passwords. Often, the administrators and IT managers overlook the risks and attacks arising due to the same. Most of the times, the default password is not changed by the user and they remain an easy target for attackers. Therefore, companies should take stringent measures to protect their digital assets by enforcing strong password combinations.

Managing the Windows Mobile Devices

In the initial days when organizations adopted to enterprise mobility, device management and administration was a herculean task. Now with the advent of advanced management tools, Microsoft has elevated themselves from just Exchange and Active sync as the only options for securing devices. Windows 10 protects the content using enterprise mobility features such as Continuum for seamless device use and containerization for added security.

Experts are of the view that the new Windows 10 OS can function smoothly across a wide range of devices. Microsoft also integrated Office into its Universal Apps initiative so that Word, Excel and PowerPoint can easily be used on mobile phones and tablets.

Mobile Device Management (MDM) is now on high rise as more and more enterprises are moving into the mobility zone. Companies can also implement MDM by using third party products attuned to Windows devices.