See how the Windows server is attacked?

Hackers, perhaps because of the "black" word, make us feel mysterious and fearful, but this behavior is not high-tech, not just a few people can do, so there is a hacker pandemic today.

In fact, server intrusions are less complicated. Hackers may show off their "crazy skills," but these people are not what we really need to worry about. On the contrary, it is usually those who are poorly skilled and make misjudgments that cause the most problems. In fact, these people are now in many networks looking for exploitable vulnerabilities.

When it comes to protecting Windows servers from intrusions, I strongly agree to focus first on the goals that are easy to achieve. Remember, this is the most basic security weakness that every time you stump. In the previous article, I introduced some of the reasons for Windows security vulnerabilities. Now let's look at two common weaknesses in Windows servers and describe how they are implemented.

Missing patches lead to remote command prompts

Patching is very cumbersome, and you want most Windows servers to be able to update on patches. But usually it is not the case. Inconsistent patch management is the biggest cause of weakness in Windows servers.

Here are the steps for a "hacker" to exploit an unpatched Windows server:

An attacker runs a free vulnerability scan tool from the outside or (more commonly) on the network. Found missing patches. The attacker confirmed that this weakness can be exploited using the free Metasploit tool. The attacker launches Metasploit and gets a remote command prompt. The attacker sets up a backdoor user account and adds themselves to the local administrators group. The attacker has full access to the system, such as local login, remote desktop, VPN, and so on. No one else will notice their existence. Insecure network sharing leads to unauthorized file access

Sharing files on the network is one of the basic functions of a Windows server. However, this is also an Achilles heel, enabling so-called "trusted" users to gain unauthorized access. Sometimes employees click on Windows Explorer for boring, curious, or revenge, and they stumble upon sensitive information that they should not be able to access.

Here are the steps for a "hacker" to exploit an unsecured Windows share:

An attacker runs a free shared scanning tool (such as GFI LANguard) on the network and finds it on a Windows server. Numerous shared information, most of which happens to have full control of authorization for everyone. The attacker finds the information they need by clicking on these shares. An attacker could stumble upon some sensitive information or can download and install a free search tool such as FileLocator Pro. The attacker inserts some keywords into the search tool of this article, such as "password", "SSN" or "confidential" which can represent sensitive information. The attacker found Microsoft Excel spreadsheets, Word documents, PDF files, and databases, all of which were sensitive employee information and customer information that could be used for illegal purposes. Again, no one may find these behaviors. With enough "sticktuitiveness", an attacker can find missing or simple passwords on Windows servers, weak SQL Server configurations, and IIS-based servers, sharing the entire driver via anonymous FTP. If the physical server is accessible, an attacker can restart the Windows server using a CD containing Ophcrack or Elcomsoft System Recovery. They then get full access to all user accounts and passwords, including Active Directory file ntdis.dit. The entire Windows environment is exposed and no one will find it.

There are many weaknesses on the Windows server for external hackers or malicious insiders. As long as there is enough time, they can become hackers. Your task is to find these weaknesses and take precautions before others attack.