People often ask what the biggest software-related risks are to a Windows-based network. That's an oversimplified question with complicated answers; however, if history is a good indicator, you'll probably agree that the answer is Microsoft's Outlook, Internet Explorer (IE), and IIS products. Next in risk severity are the various third-party packages that contain serious vulnerabilities, such as Denial of Service (DoS) conditions, system exposure of some type, or buffer overrun conditions that can run arbitrary code. These third-party product types may include firewalls, proxies, content scanners, Web servers, FTP servers, mail clients, and Web browsers. Web servers are probably the greatest risk because they can run various scripts, some of which might contain exploitable vulnerabilities or be able to exploit known system vulnerabilities.
I based this risk assessment on the number of serious vulnerabilities reported for various software packages, along with an educated guess about the probability that an intruder would use a given vulnerability to perform some type of exploit against a Windows-based system or user.
I think Outlook and IE present the greatest risk to Windows networks because they are so widely deployed and have lots of powerful functionality installed and enabled by default. They are the avenues intruders use most frequently to inject code into a remote system or gain elevated privileges on a network. Don't underestimate the need to consistently guard against hostile email and Web content you might receive into your network. Consider the need for content screening of services such as email, Web, FTP, and chat. And don't forget to monitor for newly reported Outlook and IE vulnerabilities.
IIS presents a large risk to networks because it's widely used, and many of its reported vulnerabilities expose sensitive information, allow access to powerful files such as administrative interfaces, or run scripts that can take actions generally limited to privileged users. To protect an IIS system, you must stay current with all the latest service packs and hotfixes, and take precautions when configuring virtual sites and directories. In addition, you must inspect any foreign applications that might be placed on the IIS server to ensure they don't contain their own security risks. For example, unchecked ISAPI applications might contain code that accesses restricted areas of the system. In addition, IIS and many add-on packages ship with under-secured sample files or known bugs for which the vendor has patches or workarounds available. Be sure to carefully investigate each add-on to ensure you have the latest versions, patches, and configurations in place.
You can use other precautions to minimize the risks associated with Windows-based networks and the applications I've mentioned. For instance, robust monitoring tools are essential for a more secure operation. Monitor logs for suspicious activity, services for availability, file systems and Registry for integrity and unauthorized changes, and network packets for suspicious traffic. In addition, be sure to consider the need for content filters. If you perform those tasks, your network will be a much safer environment for your information.
Register
I have yet to learn much about these subjects, but my limited experience indicates to me that one important threat is the spyware that websites or other sources seem to be able to install on a computer without one's knowledge. Also, when one does install a firewall, almost every outgoing and incoming message or data is stopped until you either click permit or deny.
Otherwise, the article seems well written to me.
joe guenther November 01, 2003