© 2024 SkillPoint IT. All rights reserved.
Module 1: Assessing Security Risks in Windows-Based Networks
Assessing security risks is the process of identifying, evaluating, and prioritizing threats and vulnerabilities that could compromise the confidentiality, integrity, or availability of a Windows-based network.
What Is a Security Risk?
A security risk combines:
Threat – potential cause of harm (e.g., malware, phishing)
Vulnerability – a weakness in the system (e.g., unpatched OS)
Impact – damage caused if the threat is successful
Formula:
Risk = Threat × Vulnerability × Impact
2. Types of Security Threats
Malware (viruses, ransomware, spyware)
Insider threats (employee misuse)
Unauthorized access (brute force, credential theft)
Network attacks (MITM, DoS/DDoS)
Social engineering (phishing, baiting)
3. Common Vulnerabilities in Windows Networks
Misconfigured group policies
Weak password policies
Unpatched systems and software
Excessive user permissions
Inadequate monitoring/logging
4. Security Risk Assessment Process
Identify Assets – What are you protecting? (data, systems, services)
Determine Threats – Who/what can exploit weaknesses?
Find Vulnerabilities – Use tools like Nessus, Microsoft Baseline Security Analyzer (MBSA)
Assess Likelihood & Impact – Assign risk levels (e.g., high, medium, low)
Document and Prioritize – Use a risk matrix
Recommend Controls – Technical, physical, administrative safeguards
5. Tools & Frameworks
Microsoft Security Compliance Toolkit
OWASP Risk Rating Methodology
NIST Risk Management Framework (RMF)
CIS Controls
Risk Assessment Example Table:
| Asset | Threat | Vulnerability | Likelihood | Impact | Risk Level |
|---|---|---|---|---|---|
| Domain Controller | Ransomware Attack | Unpatched OS | High | High | Critical |
| File Server | Unauthorized Access | Weak passwords | Medium | High | High |
| HR Database | Insider Threat | Excessive privileges | Medium | Medium | Medium |
Identifying Risks to Data
Identifying Risks to Critical Network Services in Windows Environments
Identifying risks to services involves analyzing potential threats and vulnerabilities that can disrupt or compromise essential IT services such as DNS, DHCP, Active Directory, file sharing, and authentication in a Windows network.
Steps to Identify Risks to Services:
1. Inventory All Running Services
Use PowerShell or built-in tools to audit:
Powershell
Get-Service | Where-Object { $_.Status -eq 'Running' }
2. Analyze Exposure and Dependencies
Is the service internet-facing?
Does it rely on external DNS, LDAP, or SQL?
Are ports open unnecessarily?
3. Evaluate Security Posture
Is access to the service restricted by firewall, IP, or role?
Are latest patches and updates applied?
Are logging/auditing mechanisms in place?
4. Use Tools for Vulnerability Scanning
Microsoft Security Compliance Toolkit
Nessus / OpenVAS
Windows Event Viewer & Sysmon for anomalies
- Denial of Service Attacks:
- Block Access to Resources
- Can Flood Network, Degrade Performance, Cause Server to Fail
- Can Result in Loss of Service, Prestige, Revenue
Identifying Potential Security Threats in Windows Network Environments
Identifying potential threats is the process of recognizing all sources—internal or external—that can exploit vulnerabilities in a Windows-based network and compromise the confidentiality, integrity, or availability of systems and data.
Types of Potential Security Threats
1. External Threats (Originating Outside the Organization)
Malware Attacks – Viruses, Trojans, ransomware, worms
Phishing and Social Engineering – Email-based credential theft
Denial of Service (DoS/DDoS) – Flooding servers to crash services
Man-in-the-Middle (MITM) Attacks – Intercepting communication
Zero-Day Exploits – Attacks on unknown/unpatched vulnerabilities
2. Internal Threats (Originating Within the Organization)
Insider Misuse – Employees abusing access to steal or leak data
Privilege Abuse – Excessive permissions not based on roles
Negligent Behavior – Weak passwords, lost devices, ignoring updates
Shadow IT – Unauthorized tools or apps bypassing security controls
Threat Examples in Windows-Based Networks
| Threat | Vector | Targeted Asset |
|---|---|---|
| Ransomware | Email attachment, drive-by download | File servers, AD, workstations |
| Phishing | Email spoofing or fake login pages | User credentials |
| Pass-the-Hash | Compromised credentials | Domain controllers |
| SQL Injection | Web applications | Databases |
| Credential Stuffing | Reused or weak passwords | RDP, VPN, Microsoft 365 |
- Organizational Attack
- Accidental Security Breach
How to Identify Threats in Practice:
Review Industry Threat Intelligence:
Microsoft Security Response Center (MSRC)
NIST National Vulnerability Database
MITRE ATT&CK Framework
Perform Risk-Based Threat Modeling:
Identify assets
Determine potential attack vectors
Evaluate likelihood and impact
Analyze Logs and Alerts:
Windows Event Viewer
Sysmon + SIEM tools (Azure Sentinel, Splunk, etc.)
Firewall/IDS alerts
- Automated Computer Attack
Introduction to Common Security Standards for Windows Network Security
Security standards are established frameworks, policies, and controls that organizations follow to ensure consistent protection of data, systems, and networks. They define how to implement, monitor, and maintain secure IT environments.
Why Security Standards Matter:
Security standards help:
Establish consistent security practices across an organization
Support regulatory compliance (e.g., GDPR, HIPAA, PCI-DSS)
Align security goals with business objectives
Reduce risk through proven controls and baselines
Enable auditing and verification
- Evaluation and Certification
- Evaluation
- Certification
- ICSA Evaluation
- Firewall Software
- IPSec Software
- Anti-virus Software
- Cryptography Software
- International Standards
- ITSEC
- CSE
- Common Criteria
Microsoft-Specific Standards and Tools:
🔸 Microsoft Security Compliance Toolkit (SCT):
Provides security baselines for Windows Server, Microsoft 365, etc.
Use with Group Policy Objects (GPOs)
Helps enforce CIS/NIST-aligned configurations
🔸 Microsoft Defender for Endpoint
Uses security baselines and threat intelligence to protect endpoints
🔸 Azure Security Benchmark
Azure-native security standard aligned with CIS and NIST
Enforced via Azure Policy and Microsoft Defender for Cloud
Lab A: Configuring Gateway Service for NetWare
Planning Network Security
Implementing Standards in Windows Environments:
1. Start with a Security Framework
Choose NIST, ISO/IEC, or CIS based on industry/regulatory needs
2. Map Controls to Windows Features
Use Group Policy for password policies, audit logs, access control
Configure Windows Firewall, BitLocker, Defender AV
3. Audit Compliance Regularly
Use tools like Security Compliance Toolkit, MBSA, or Azure Security Center
- Local Network
- Administrative Access
- User Accounts
- Windows 2019–based Computers
- File, Folder, Print Resources
- Communication Channels
- Non-Microsoft Clients
- Remote Network
- Remote User Access to Network
- Remote Office Access to Network
- Public Network
- Internet User Access to Network
- Network User Access to Internet
- Partner Access
- Partner Access to Network
- Authenticity of Data
Add comment