Scan Systems to Detect and Guard against Windows Vulnerabilities
When you assess Windows vulnerabilities, start by scanning your computers to see what hackers can see. From there, you can use many of the multiple tools available to steel yourself against attacks. A few straightforward processes can identify weaknesses in Windows systems.
Test Your System
Start gathering information about your Windows systems by running an initial port scan:
Run basic scans to find which ports are open on each Windows system:
Scan for TCP ports with a port scanning tool, such as NetScanTools Pro. The NetScanTools Pro results show several potentially vulnerable ports open on a Windows 7 system, including those for DNS (UDP port 53); the ever-popular — and easily hacked — NetBIOS (port 139); and SQL Server (UDP 1434).
Perform OS enumeration (such as scanning for shares and specific OS versions) by using an all-in-one assessment tool, such as LanGuard.
If you need to quickly identify the specific version of Windows that’s running, you can use Nmap with the -O option.
Other OS fingerprinting tools are available, but Nmap seems to be the most accurate.
Determine potential security vulnerabilities.
This is subjective and might vary from system to system, but what you want to look for are interesting services and applications and proceed from there.
Countermeasures against system scanning
You can prevent an external attacker or malicious internal user from gathering certain information about your Windows systems by implementing the proper security settings on your network and on the Windows hosts. You have the following options:
Use a network firewall or web application firewall (WAF).
Use the Windows Firewall or other personal firewall software on each system. You want to block the Windows networking ports for RPC (port 135) and NetBIOS (ports 137–139 and 445).
Disable unnecessary services so that they don’t appear when a connection is made.