Commonly Identified Risks
- Inappropriate SSL Certificate (expired, not properly configured, self-signed, etc.);
- Unknown or unnecessarily open shares;
- Dormant user accounts that have not expired;
- Unnecessary open ports;
- Rogue devices connected to your systems;
- Dangerous script configurations;
- Servers allowing use of dangerous protocols;
- Incorrect permissions on important system files;
- Running of unnecessary, potentially dangerous services;
- Default passwords in use; and
- Unpatched services / applications.