Printable View
Hello guys,I have a Windows server, which is not updated regularly. I used GFI LANguard to perform a scan. The results show lots of much vulnerability. First of all, I have no past experience in this field, and can not guess if it is too easy to attack these servers. Are there any simple tools and procedures available that someone can use to access the server, or just a professional can only cause danger to our security.Thanks in advance for any feedback
Hello,actually it is bit difficult to answer the question you asked as its just based on the limited information that you have provided. Actually regarding the difficulty of attacking your systems. Probably, I can say that you need not be a expert to exploit a system. There are lots of tools and scripts available on the net that even a small kid can use and cause harm. So I would like to ask you to be patient before taking further step.
Even I can say that having a fully patched system would not provide a secure system. I would Have to ask you to consider your password policy. Is it sufficient and strong enough. Do you have a data access policy? Is strict lowest required permissions being taken into consideration? Do you have Any web services that are exposed to the Internet? I would ask you to look out for all this things and then reply me further.
There are lots of things to consider at the time of securing a system . I think you should probably look to instigate an information security program. This will also assist you to look at your organization and assist you to create the required policies and procedures to secure your organisation. Actually its a BIG task, so it should not be performed alone or without the guidelines and approval of the senior management .
Actually I advice You to use free vulnerability scanning testing software to test the security. A free tool called “Nessus” will get the job done for you. Do see to it that you do your research on the tools first as some Specific scans could end up crashing your servers. There’s an exploit framework Metasploit which will allow you to exploit vulnerabilities. Please make sure you are performing all scans in a LEGAL environment.