?
Solved

common miscnfigured windows services and data exposure

Posted on 2011-09-27
2
Medium Priority
?
339 Views
Last Modified: 2012-05-12
As an internal only user often we identify what we call “open shares and directories” on our domain – that often house sensitive data. I believe we access them over the SMB protocol. Aside from open shares, where all the user really needs to do to access is be a member of everyone or domain users group and no how to mount a remote share - are there any other services or common mistakes made on windows server that could also grant internal users inappropriate access to any sensitive data resident with little or no skill required to access it? Or are “Open shares” by far the easiest and most common on windows server? If there are other common misconfigured windows services that can grant access to data on target server – please detail.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Accepted Solution

by:
jsdray earned 2000 total points
ID: 36708750
You are absolutely correct in that  “Open shares”  are the easiest and most common way of allowing inappropriate access.  So the key is to properly configure these shares to only allow those whom you'd really like to have the access.  My experience (as little as it may be) has been the over-use of the "everyone" group on shares.  Users should be categorized as much as possible in Active Directory by OUs and Groups to allow only the access needed.  Again, in my experience, I've seen the lazy method used to allow everyone access, and then we wonder why we have problems....
A second problem I've seen is another lazy implementation... overuse of the administrator group.  When this is done, your entire domain is in jeopardy.  
Not sure if I answered your question, but you've at least allowed me to vent...
0
 
LVL 3

Author Comment

by:pma111
ID: 36708761
Good points will keep open for other input
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question