Today, access to information is almost always controlled by a password. Users, even technical experts and senior staff, frequently use incredibly easy-to-guess words, such as ‘password,’ ‘holiday,’ or even their own name.
The use of trivial passwords to secure “service accounts” – highly privileged accounts used by backup programs, network control software and anti-virus tools – is so common that gaining control of an entire network frequently takes take no more than a few minutes.
Plug in a Windows laptop anywhere on the corporate network - this can be in head office, at a branch office or store, anywhere in any trusted third-party premises or perhaps through a dial-up connection. Browse the network using Windows Explorer and you will see all the Windows machines on the network – there is no need to logon or join a domain for this to happen.
Select a server (they are usually named in a obvious fashion) and attempt a "null session" connection. The null session is a standard feature of Windows which enables you to list users, groups, group memberships, etc. without any form of authentication whatsoever. Naturally there is plenty of free software on the Internet which will help you to establish a null session and then interrogate this information.
This blog post is an excerpt of an opinion piece called “Identity Theft in The Corporate World” written by Peter Wood from First Base Technologies. You can find more about this security outfit at http://www.fbtechies.co.uk