Windows Login Controls Holes


Came across a great article that points out how there are eight major holes within the Windows native login controls and how it prevents two things: complying with some major regulatory constraints and efficient mitigation of insider threats. 

Windows has more security features than any other operating system but is strangely lacking the fundamental and classic login session controls found in other environment like mainframe and midrange systems, UNIX and Netware.
Windows indeed lacks:

These are although important security controls that are required for an Information System to comply with major regulatory constraints (HIPAA, SOX, PCI, NISPOM, DCID 6/3, GLBA, US Patriot Act, FISMA…) and can efficiently mitigate insider threats.

And the threat of attack from insiders is real and substantial. The 2007 E-Crime Watch SurveyTM conducted with the U.S. Secret Service, Carnegie Mellon University Software Engineering Institute’s CERT® Program and Microsoft Corp., found that in cases where respondents could identify the perpetrator of an electronic crime, 34% were committed by insiders (outsiders 37%, unknown 29%).

39% of these rogue insiders used compromised accounts to commit e-crimes, like unauthorized access to/use of corporate information, systems or networks, theft of intellectual property, theft of other information (including financial and customer records) and fraud (credit card, etc.).

Go read the whole thing.  Especially if you are a network administrator or IT security person.

Advertisements

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on June 1, 2009, in Network Administration, Security, Server, Windows. Bookmark the permalink. Comments Off on Windows Login Controls Holes.

Comments are closed.

%d bloggers like this: