Run Authenticated Scans Against Windows Systems

By Kevin Beaver

One security test you can run against your Windows systems is an “authenticated” scan — essentially looking for vulnerabilities as a trusted user. These types of tests to be very beneficial because they often highlight system problems and even operational security weaknesses (such as poor change management processes, weak patch management, and lack of information classification) that would never be discovered otherwise.

A trusted insider who has physical access to your network and the right tools can exploit vulnerabilities even more easily. This is especially true if no internal access control lists or IPS is in place and/or a malware infection occurs.

A way to look for Windows weaknesses while you’re logged in (that is, through the eyes of a malicious insider) is by using some vulnerability scanning tools, such as LanGuard and Nexpose. This figure shows the nice (and rare) feature that Nexpose has to test your login credentials before getting vulnerability scans started. Being able to validate login credentials before you start your scans can save an amazing amount of time, hassle, and money.

Testing login credentials before running an authenticated scan with Nexpose to see what trusted ins
Testing login credentials before running an authenticated scan with Nexpose to see what trusted insiders can see and exploit.

Run authenticated scans as a domain or local administrator. This will show you the greatest amount of security flaws as well as who has access to what in the event that a vulnerability is present. You’ll likely be surprised to find out that a large portion of vulnerabilities, such as those listed, are accessible via a standard user account. You don’t necessarily need to run authenticated scans every time you test for security flaws, but doing so at least once or twice per year is not a bad idea.

You can also use Microsoft Baseline Security Analyzer (MBSA) to check for basic vulnerabilities and missing patches. MBSA is a free utility from Microsoft. MBSA checks all Windows XP and later (Windows 10 is not yet supported) operating systems for missing patches. It also tests Windows, SQL Server, Office, and IIS for basic security settings, such as weak passwords. You can use these tests to identify security weaknesses in your systems.

With MBSA, you can scan either the local system you’re logged in to or computers across the network. One caveat: MBSA requires an administrator account on the local machines you’re scanning.