My CFO recently asked me if it were possible for one of our employees to gain access to his (and other officers') PC and browse through files. Without having concrete evidence, I told him that it most certainly was possible. By what means could someone get to and browse his files and conversely, how does an Admin prevent it?
Lack of proper/weak security policies and procedures lead to these kinds of intrusion/unauthorized access problems. Studies have shown that more than 60% of the attacks originate from within the local network (by employees).
Your case is not different from the ones faced by many companies. Some of the top most reasons for this kind of problem are:
Default Installation of Operating System. Keep in mind "DEFAULT" means open for all.
Lack or weak system policies.
Weak passwords on the system. This is a major problem and any password cracking software can take advantage of this weakness.
Unknown and unrestricted shared folders- This is very common on Windows environment.
Administrative access on Local system. If a user is made an admin on the local system, his password is cached on that system and can be easily cracked.
Administrative shares- usually C$, D$ and can be more depending on the number of disks inside your system. These shares are usually created by for administrative purposes, but by default they are not protected by any password. It's very easy to take advantage of these shares and browse the drive.
Remote control softwares- There are many remote control PC softwares available these days. They are very easy to operate and many times the client or the agent which needs to be installed on the target machine are stealth installers. If you don't monitor your network PC's for these kind of agents, they can prove to be one hell of a problem.
Multi user system- If you allow more than one user to log onto the system, you are most likely to face these problems.
Have a clearly defined and documented system security policy.
Never rely on the default OS installation. Use the system security policy for configuring the system.
If using Windows based workstations, use Policy /registry editor to harden the system.
Keep your system updated with latest security patches.
Educate users about the shares. Never let them create a share without a proper access control. By default every share created has "Everyone" access, which is a big problem. Allow only specific users who need access. Also, don't let these shares around forever. Delete them as soon as the task/purpose is over.
Use Registry Editor to disable the Administrative shares.
Force strong password policy on the system to make it less vulnerable to password cracking software's.
Never allow admin access on the local system , unless it is really required. This will restrict users from installing unwanted or malicious software's.
Regular auditing of networked PC's is very important. This will help in keeping an inventory and more importantly it will reveal if there are any stealth programs are running on the system.
Let me know if you need any further information.
Dig Deeper on Network Security Monitoring and Analysis
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://...
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.