Security Vulnerability Assessment
One of the first area to review is the security policy of your PC or server. If you take a closer look at PCs or servers that have been operating for a long time, you may find IDs that are not required. These IDs may have powerful access to your files especially if they are in the administrator group.
Another area to check when conducting security vulnerability assessment is the password policy set in the Windows Operating System i.e. password is required, no expiration, minimum password length. Weak or IDs without passwords are an open invitation for intruder to hack into your computer systems.
Security Audits
Step 1 How to extract IDs and Security Policies From the Windows Server.
a) I use a neat free tool called Somarsoft ACL to conduct Security Audits.
b) Install the tool and Run DumpSec program.
c) Extract the permissions of user, group, file system, registry, password policy and other information you find useful.
The figures below shows the sample output of the IDs and Permission settings from this tool.
Step 2 Cross check the IDs with the Administrator
a) Once you have extracted these information, cross check with the administrator if all the IDs and password policy extracted from the tool are valid and necessary.
b) Delete or disable the unnecessary IDs and enforce the stronger passoword policy.
c) Further ensure that only IDs that are absolutely required are active and enforce a strong password policy using WIndows Active Directory. e.g. complex alphanumeric password, 180 days password expiration. As for PC make sure the administrator password is changed and only known by yourself/office administrator.
d) Everyone else should use basic IDs.
e) Activate password for the screen saver to lock the PC screen when there is no activity for say 10 minutes.
f) Educate all users on the importance of compliance to computer security policy and security audits.
g) One of the reminders I usually highlight is do not share passwords and do not stick the password in front of the computer monitor for all to view. ( I have observed "this sticking password on the monitor" quite a few time in my rounds of IT Security Audits for corporates !).
