Commonly Identified Risks

  • Inappropriate SSL Certificate (expired, not properly configured, self-signed, etc.);
  • Unknown or unnecessarily open shares;
  • Dormant user accounts that have not expired;
  • Unnecessary open ports;
  • Rogue devices connected to your systems;
  • Dangerous script configurations;
  • Servers allowing use of dangerous protocols;
  • Incorrect permissions on important system files;
  • Running of unnecessary, potentially dangerous services;
  • Default passwords in use; and
  • Unpatched services / applications.