In this post I want to highlight the risks to the firm's network because of an auto login enabled Windows system on the network.
Sometimes, there are requirements for auto login enabled Windows systems. The reason for this system may be because of some critical application needs to be started without any human interaction after a reboot. A very common reason for the reboot is the weekly patching of the system by the automated patch management system.
Risks:
Sometimes, there are requirements for auto login enabled Windows systems. The reason for this system may be because of some critical application needs to be started without any human interaction after a reboot. A very common reason for the reboot is the weekly patching of the system by the automated patch management system.
Risks:
- Any one having physical access to this system may compromise the confidentiality, integrity and availability of the data and services running on the auto login enabled system.
- If the resources are proected on the network by Kerberized infrastructure, then the bad guy would have access to all the resources on the network that are accessable to this auto login user id and protected by the Kerberized infrastructure.
- This auto login enabled system could be exploited for data leakage or for doing the malicious activities by the bad guy on behalf of the user whose id is used for the auto login.
Controls to reduce the risk:
- Keep the screen lockout to as low as possible. This control would not be enough because the bad guy could take over this user accout by just doing the power reset of the system.
- The system should be physically secured like keeping it in locked cabinate.
No comments:
Post a Comment