By Joshua Bagwell
When’s that last time you had a vulnerability assessment performed on your network? If you’ve never had one done or it’s been a while, you may want to rethink that strategy. A good vulnerability scan will find things that are often overlooked (or even hidden) and can help shed some light on things that you didn’t know were going on. A typical vulnerability scan will discover things such as:
- Systems that are missing security updates
- Open ports on workstations and servers
- Shared network folders and permissions
- Windows password age and current password policies
- Windows User Accounts that haven’t been used within the last 30 days
- Security group members
- Age of workstations
- Installed applications
- DNS errors that could be slowing things down
This list is just a small portion of what’s discovered using a network vulnerably scan. Since most organizations don’t monitor these items they can easily lead to a network being compromised and used for malicious purposes or data being stolen.
Imagine a scenario where an employee left over year ago. Their user account wasn’t disabled. Their Windows password and Office 365 password were the same password used for their personal Gmail account. Well, last month they clicked on a phishing email in their Gmail account and their password was stolen. Now, the person that stole their password can access the former employees Office 365 account as well as the network if there’s any form of remote access enabled. Now image that someone made them part of the “Administrators” group when they created the users account. A network vulnerability scan would have detected and alerted that the user hadn’t logged into their account lately, that their password had not been changed and that they were part of the Administrators group.
If you think this scenario doesn’t happen and happen often, you would be wrong. Most companies that have had their network breached never know that it happened. If they figure out that the network has been breached, they don’t know how or when it happened.
If you value your business data and privacy, have a vulnerability assessment performed!