|
Windows 7 Security - When Win7 was introduced it took a hacker just under 4
hours to hack into the Operating System... |
Windows 7 Security Tweaks to stop the security leaks!
These steps takes the same steps as other Windows Operating
Systems. It just takes more time to find all the holes because MS in it's
infinite wisdom has increase them by over 700 new Group Policies from XP and
Vista.
As with any Operating Systems there are things you can do to keep your
data safe from thieves. You primary defense against intrusion is a router with
firewall capability, then a proxy server, and lastly Windows Firewall. However
if you are behind a router with a firewall the Windows Firewall will interfere
with your ability to communicate with the internet. If you have time and
inclination you could write or enable all the rules for Windows Firewall and
leave it enabled. If on the other hand you don't want to mess with the tedious
task of setting up all the rules then use a router.
I have tested these Windows Seven Security settings in both 32 bit and 64 bit
Operating Systems.
As always you would start with your installation of the Anit-Virus,
Anti-Trojan, and Anti-Spyware. I have tested Grissoft AVG, Trojan Remover by
Simply Super Software, but haven't found a spyware
tool as of yet, the one I use with XP is to old for Vista or Windows 7.
Windows 7 Security Tweaks Instructions:
Your next step would be to turn off the services that the hacker would use to
gain control of your computer the main ones are -
|
The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
|
|
Display Name |
Option |
|
Diagnostic Policy Service |
Disabled |
|
Diagnostic Policy Service |
Disabled |
|
Diagnostic Service Host |
Disabled |
|
Internet Connection Sharing (ICS) |
Disabled |
|
IP Helper |
Disabled |
|
Media Center Extender Service ** **** |
Disabled |
|
Microsoft iSCSI Initiator Service |
Disabled |
|
Net.Tcp Port Sharing Service **** |
Disabled |
|
Peer Name Resolution Protocol |
Disabled |
|
Peer Networking Grouping |
Disabled |
|
Portable Device Enumerator Service |
Disabled |
|
Problem Reports and Solutions Control Panel Support |
Disabled |
|
Program Compatibility Assistant Service |
Disabled |
|
Remote Desktop Configuration ** |
Disabled |
|
Remote Desktop Services |
Disabled |
|
Remote Desktop Services UserMode Port Redirector |
Disabled |
|
Routing and Remote Access |
Disabled |
|
WebClient |
Disabled |
|
WinHTTP Web Proxy Auto-Discovery Service |
Disabled |
|
If you think you have seen this list before you have if you have done the
services page, these are listed
there also.
Troubleshoot, repair, maintain, upgrade & secure...
With this! |
Why go through the trouble of disabling the GPO's? The hackers are getting
sophisticated in their ability to find security holes in your OS. One way to
keep them from turning on a service you have disabled is to also set the
corresponding GPO. If the GPO is disabled attempting to start a disabled service
will result in failure, this adds another layer of security to your computer.
Next you could turn off GPO's (Group Policy Options) as follows -
Machine Settings
|
The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
|
|
Setting |
State |
|
Disable remote Desktop Sharing |
Enabled |
|
Offer Remote Assistance |
Disabled |
|
RPC Endpoint Mapper Client Authentication |
Disabled |
|
RPC Troubleshooting State Information |
Disabled |
|
Turn off Autoplay |
Enabled |
|
Turn off Autoplay for non-volume devices |
Enabled |
|
Windows Firewall: Allow authenticated IPsec bypass |
Disabled |
|
Windows Firewall: Allow ICMP exceptions |
Disabled |
|
Windows Firewall: Allow inbound remote administration exception |
Disabled |
|
Windows Firewall: Allow inbound Remote Desktop exceptions |
Disabled |
|
Windows Firewall: Allow inbound UPnP framework exceptions |
Disabled |
|
Windows Firewall: Allow local port exceptions |
Disabled |
|
Windows Firewall: Allow logging |
Disabled |
|
Windows Firewall: Define inbound port exceptions |
Disabled |
|
Windows Firewall: Do not allow exceptions |
Disabled |
|
Windows Firewall: Prohibit notifications |
Disabled |
|
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests |
Disabled |
|
Windows Firewall: Protect all network connections |
Disabled |
User Settings
|
The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
|
|
Setting |
State |
|
Do not allow Windows Messenger to be run |
Enabled |
|
Do not automatically start Windows Messenger initially |
Enabled |
|
Do not save encrypted pages to disk |
Enabled |
|
Prevent CD and DVD Media Information Retrieval |
Enabled |
|
Remote Access |
Disabled |
|
Remote Desktop Services Configuration |
Disabled |
|
Remote Installation Services |
Disabled |
|
Turn off Autoplay |
Enabled |
|
Turn off the Windows Messenger Customer Experience Improvement Program |
Enabled |
|
Turn on Automatic Signup |
Disabled |
|
Windows Firewall with Advanced Security |
Disabled |
(These Windows 7 Security tweaks came from the Windows 7 Ultimate Guide,
there are over 150 different GPO's tested and listed to increase your security)
If you think you have seen this list before you have if you have done the GPO
settings page,
these are listed there also. (Did you turn off the wrong GP and now the
Control Panel doesn't open when you need to change a setting?)
Be aware that some GPO's will cause your OS to hang, crash, or lock you out,
so use care when modifying the GPO's. Always use a reliable source for your
information when researching the use of the GPO's.
|
|
Proudly Made in The U. S. A.
www.diy-computer-repair.net