If you work in IT and your organization works from home, you have more responsibility. In recent times, teleworking has become normal in the population, and has transformed in a certain way how many people work, at the same time, we are exposing them to many risks and security threats. Consequently, we have to be more than aware of the safety of the home-based workforce. And that higher level of awareness implies that we must carry out an intensive scan for vulnerabilities. This guide will tell you what you should do to examine your Windows network in detail, and find out what vulnerabilities it might have.
As we will explain below, these actions can be applied as part of the routine. Remember that the security of our networks must be present at all times, and not only when we are facing a scenario of possible cyber attack. Or if we have already been victims of an attack in question, better to prevent than to solve or mitigate the cyber attack.
Port scanning
The first thing we should do is perform a port scan. This lets you know what ports are open. We must keep in mind that one or more open ports allow anyone on the Internet to try to “communicate” with our network. Such communication attempt can mean an attack that will violate the security and integrity of the network itself. We should only keep the ports we are actually using open, and properly protect the applications that are “listening” on those ports, and not leave them open.
Considering the policies of your organization, you can use the tool you have available or request authorization to use one that is not covered by internal regulations. In the event that you have a network of smaller size and capabilities, you can choose tools such as TCPing , a highly recommended program that is completely free and runs directly from the Windows command line. This application will let us know if another Windows computer has open ports or not, so we can check how its firewall settings are.
The Windows firewall should always block any external access that we have not previously made to the outside, in this way, we will reduce the exposure of our services, whether within the home or professional local network.
Now, if you want to have tools with more functionalities and a higher level of detail, we suggest opting for Nmap or Zenmap . The difference between the two is that Zenmap has a graphical interface, which is not the case with Nmap, but Zenmap is based on Nmap so we will have exactly the same functionalities. These two programs will allow us to carry out different highly advanced port scans, using different techniques for this.
If the network infrastructure is under Windows, it is recommended to be certain about the ports that should respond only under Network Level Authentication . We must bear in mind that this type of authentication is a network policy, which can be activated at any time. By default, it is disabled. In the following video we share a reference tutorial that demonstrates step by step how to do it. The demonstrated case is Windows Server 2016, but the steps are relatively the same between the latest existing versions.
Attention with the logs of DNS servers and firewall
It is in the logs where we can find very valuable information that will support us in hunting for possible vulnerabilities. Above all, pay attention to the outgoing traffic on your network. Make sure that those who connect to it are using only remote access tools authorized by your organization. In the event that you detect an activity related to an unauthorized program, analyze what tool and host it was.
On this aspect, something that will help to avoid the use of any unauthorized program is, not allowing the installation of programs other than what the user might need. In other words, always request access from the administrator user. However, this varies according to the policies of each organization and whether the user uses their own equipment or not.
It is important to have a well defined type of programs or applications in general that a person can use, according to their functions. And according to the case, limit the permissions to allow changes on your computer. Remember that if we do not apply the appropriate security measures in our networks, a simple installation of the program could cause problems. Examples: spread of malware, ransomware, malicious code for creating botnets, etc.
With mention of firewalls, we can use traffic analysis tools. This, to have visibility of the traffic generated by them. If you detect any irregular peak of bandwidth usage, check if the situation occurs through some suspicious program or that it is not allowed to use within the internal network.
Monitor general configuration changes
A good practice is to carry out internal controls and / or audits in search of irregular activity in the firewall configuration. In addition, we can detect opportunities to implement best practices in relation to the configuration of the firewalls in question. It is important to keep in mind that a monitoring or auditing action should not be considered as a mere control mechanism. Rather, it can serve as a bridge to adopting practices that ultimately benefit network end users.
In any case, the support team of your provider should assist you in the event that you have questions, queries or problems.
Something that is customary to leave aside is the aspect of the permissions . We must bear in mind that it is not the same that the employees of an organization work “under control” of the internal network of the company, that they do it remotely. It is important to do a review of the permits, especially if the practice of working from home will be for a few months or something definitive.
It never hurts to limit permissions and accesses. The multiple cyberattacks that put thousands of people around the world in check are more prepared than ever to act. This is so because many more people work from home and many of them do not have the necessary security measures to connect to their resources. Do not forget, any type of attack is mainly due to laziness, ignorance, ignorance and even innocence on the part of users and IT professionals.
