When security is critical you normally block all network. Everything is allow deny.
The only holes are the ones you make. Though in the worst case your firewall can be vulnerable as well. I tend to have systems that there's no network possible except VPN out and then everything else rides over that.
There's no such thing as perfect security though unless you can attend the machine at all times and not have any of your kids kidnapped and held hostage for you to use your access. Two man systems become ridiculous though a bipartisan system like that, pair ballot counting or two people lifting a weight only two can lift as the key so to speak might not be a bad idea for some insane literally biparty system. There are also one party two party systems you can make where the use of a blind fold makes it hard for them to cheat because they won't cheat in concert and it wont match.
Autorun should definitely not be left on. That kind of lack of being thorough on its own isn't the sickening thing. It's that you know if they didn't do stuff like that then there's probably a lot of other things they didn't do either.
Poorly setup SMB could easily be trivially exploited by anyone who can access the network and especially anyone who has control over the network. Though it's easier to exploit it should be easier to detect as well if they put in proper measures. You should at least be able to take a read out on the screen that can confirm what you have on file even if it's just a summary of the critical overalls.
When security is critical you normally block all network. Everything is allow deny.
The only holes are the ones you make. Though in the worst case your firewall can be vulnerable as well. I tend to have systems that there's no network possible except VPN out and then everything else rides over that.
There's no such thing as perfect security though unless you can attend the machine at all times and not have any of your kids kidnapped and held hostage for you to use your access. Two man systems become ridiculous though a bipartisan system like that, pair ballot counting or two people lifting a weight only two can lift as the key so to speak might not be a bad idea for some insane literally biparty system. There are also one party two party systems you can make where the use of a blind fold makes it hard for them to cheat because they won't cheat in concert and it wont match.
Autorun should definitely not be left on. That kind of lack of being thorough on its own isn't the sickening thing. It's that you know if they didn't do stuff like that then there's probably a lot of other things they didn't do either.
Poorly setup SMB could easily be trivially exploited by anyone who can access the network and especially anyone who has control over the network. Though it's easier to exploit it should be easier to detect as well if they put in proper measures. You should at least be able to take a read out on the screen that can confirm what you have on file even if it's just a summary of the critical overalls.