Auditing intrusion threats targeting Windows-based workstations

Abstract

Unknowledgeable computer users are, more often than not, prone to malicious software created by hackers who seek to gain control of the users' computers for some sort of gain, mainly financial. These computer experts take advantage of their targets' weak spots to create attacks which exploit these frail areas, potentially resulting in information stealing, or even total control of the targeted computer systems. While operating systems and anti-virus software work in unison to mitigate this problem, hackers are still bound to discover new ingresses to their targets. Mitigation strategies need to be thoroughly assessed and enforced accordingly to significantly minimize the attack surface area. Operating System vendors, such as Microsoft, work steadily to ensure that their products are equipped with the latest security mechanisms, which are promoted as being very effective for keeping hackers at bay. On the other hand, hackers are constantly thriving to bypass these same security mechanisms and publish several attack techniques which do so, albeit some might work on specific configurations of the operating system whilst others might have a high rate of unsuccessfulness. Focusing solely on the operating systems' vendor's claims might give a false sense of security while concentrating only on published attack techniques might give a false sense of insecurity. This thesis carries out a risk assessment on typical Windows workstations by using three carefully-chosen, realistic attacks in order to evaluate the effectiveness of the security features present in both Windows XP and Windows 7 machines and assess the impact of the successfulness of these attacks. By a typical Windows workstation configuration it is meant that the machine is only equipped with software present in the majority of current Windows machines and everything was set to default settings to minimize the attack surface by eliminating attack techniques which only work in certain rare situations. The attack techniques were carried out in tandem by first attacking the Windows XP machine and then repeating the attack on the Windows 7 machine. On the former, all of the attacks worked, highlighting the fact that it is not as secure as Microsoft claim. In Windows 7, the newly implemented security mechanisms posed a serious problem to two out of the three techniques.. A small attempt at bypassing these mechanisms was made, albeit being partially unsuccessful. When successful, these attack techniques also posed a serious threat as total control of the compromised machine was attained. Results also show that Windows is becoming more secure and that hackers are having a harder time exploiting newer versions of this operating system. With each iteration of Windows, Microsoft are each time raising the bar for hackers.