Maintaining effective tiny business security is a current effort, and keeping Windows 7 PCs secure isn't straightforward. using a firewall and anti-virus code area unit smart initial steps, however to make sure higher management over WHO uses your Windows 7 PCs -- and the way they’re used -- examine the subsequent tips.
1. Certify Users Don’t Have Administrator Accounts
2. Enforce password Rules
you’ve most likely told your workers to not use easy-to-guess passwords and to vary them frequently, however area unit they really doing it? Most likely not. If you’re serious concerning it, however, you'll enforce variety of Arcanum rules, as well as their length, complexity, and the way long before they have to be modified.To piece password rules, seek for and run secpol.msc (Local Security Policy) from the beginning menu, then double-click Account Policies so Arcanum policy. Double-click password should meet quality necessities, choose Enabled then click Apply and OK. this may need that passwords not contain a part of the username (Duh!), be a minimum of six characters long and embrace characters from a minimum of 3 of the subsequent four categories:
Uppercase letters
Lowercase letters
Numbers (0-9)
Non-alphabetic characters (e.g. $,%,&)
3. Set PCs to lock when Inactivity
Employees usually get referred to as off from their desks many times throughout the course of the work day. Looking on the period and frequency of those sojourns, they'll leave a computer logged in however unattended for long periods, throughout that passers-by -- e.g. another worker or an workplace visitant --can acquire unauthorized access. (Then there’s the one who logs in on Monday morning and out on weekday afternoon, going away the pc accessible when hours to cleansing personnel and also the like. )You can guard against this type of unauthorized access by configuring computers to mechanically lock when a specific quantity of idle time, making certain the user’s Arcanum are needed to regain access. Notably once utilized in conjunction with the Arcanum quality delineated higher than, requiring individuals to enter their passwords multiple times over the course of every day ought to facilitate them keep in mind them higher.
Here's a way to piece a system to lock: seek for and run gpedit.msc (Local cluster Policy Editor) from the beginning menu. Beneath User Configuration,body Templates, double-click panel, then Personalization. Currently double-click design timeout, selected Enabled, and specify the idle time in seconds (you’ll have to be compelled to do a trifle of maths here; the default setting of 900 is fifteen minutes).
Then realize the Arcanum shield the design setting (it ought to be simply above). Change this one moreover -- there aren't any choices to line -- and you’re set. (Note that this may work whether or not or not the user truly incorporates a design organized.)
4. Preventing Writing information to USB Storage, DVD and CD Discs
USB flash drives and onerous drives (as well as writable DVD/CD drives) area unit a ambiguous sword; they create it staggeringly convenient to store and transport massive amounts of knowledge, that successively makes them a superb method for AN worker to require unauthorized personal copies of company files off-premises.There will actually be legitimate reasons to possess USB storage devices within the work, however if your business doesn’t want them, you'll reduce the percentages of data stealing by making certain that your computers can’t write to USB devices. (You’ll still be ready to browse to them, though).
To prevent a pc from writing information to a USB memory device, open gpedit.msc (Local cluster Policy Editor) from the beginning menu, then double-click pc Configuration, body Templates, System, and eventually, Removable Storage Access. Currently realize the setting tagged Removable Disks: Deny write access and set it to Enabled.
Similarly, to dam the burning of DVD or CD discs, set CD and DVD: Deny write access to change moreover. Note: Denying write access to DVD/CDs can solely stop the utilization of Windows’ inherent burning feature. It won’t stop somebody from mistreatment third-party disc burning code, thus make certain there aren't any such programs on the system already. (And by following step best, you’ll stop anyone from putting in such code on the pc within the future.)
5. carry on with software package and different code Updates
Keeping the Windows software package and different code current with the newest updates isn’t a priority for several tiny businesses, however it ought to be. For starters, all of your Windows PCs ought to be set to mechanically transfer and install necessary updates (those that address security vulnerabilities).You can check this by checking out and running Windows Update from the beginning menu so clicking modification settings. If you actually wish to check the updates initial and apply them manually, use the transfer updates however let Pine Tree State opt for whether or not to put in them possibility, in order that any updates you opt to put in can a minimum of be downloaded prior to.
In addition to Windows, it’s conjointly necessary that you just keep third-party code up-to-date moreover, notably Adobe Flash, Adobe Reader, and Java. These omnipresent items of code area unit huge targets, and new security flaws area unit forever being known and patched, thus once Any of those programs informs you of an out there update, make certain to transfer and install it ASAP.
6. AppLocker
AppLocker is very similar to Software Restriction Policies (SRP). In fact, you may ask yourselves what the difference is. Well, AppLocker has a friendlier user interface, the ability to set restrictions based on application version number or publisher, and is easier to work with for less knowledgeable users.
Now, if you're still wondering what AppLocker is, it's a tool that allows you to restrict the execution of programs, installers and scripts on a machine with Windows 7 installed. Rather than using third-party security tools, Windows 7 has a built-in mechanism that allows tight, per-application execution control. The tool can be used to allow or deny certain programs or files to run, which can be used to make your system very secure against damage, accidents, misuse, or attacks.
Accessing AppLocker is not straightforward, which is why I've kept this software for the second article. You will need to invoke the Group Policy Editor, by running:
7. BitLocker
BitLocker is an encryption software, which lets you encrypt your drive and your files, thus preventing the compromise of data integrity in case your computers get stolen. A similar feature did exist in Windows XP, but it is now easier to use and implement. You can find BitLocker in the Control Panel:
8. Hardware requirements
BitLocker has some rather curious requirements. One is that you have installed Windows 7 on a computer that supports Trusted Platform Module (TPM), which allows BitLocker to store its keys in a special microchip. Failing that, you will need an external USB key on to which you will store the encryption keys. Moreover, BitLocker requires that you have at least two partitions on the system, both formatted with NTFS.
Personally, I find the requirements to be too much, especially considering the fact free, open-source alternatives like PGP and TrueCrypt require no such thing. Furthermore, both these solutions are proven workhorses of the encryption world, whereas BitLocker is a closed-source tool that you cannot use with other operating systems.
While encryption can potentially add to your security, which is why it's listed as an item in this article, BitLocker itself does not have merits that warrant using. In this particular case, knowing which security features not to use is the part of the overall security scheme that I'm trying to teach.
9. Media Player security & privacy
If Windows Media Player (WMP) is your multimedia player of choice, you may want to expand the Options menu and take a look at the Privacy and Security tabs. Some of the default settings may interest you. A few of the checkboxes might need unchecking.
Privacy settings
Under the Privacy tab, you can decide what kind of access your media player will have. For example, do you want WMP to try to retrieve media information from the Internet or update music files? Do you want it send a unique Player ID to content providers?
My recommendations are to disallow media player access to the Web, including media information, music files updates, usage rights, unique Player ID, and the Customer Experience Improvement Program. These definitely have nothing to do with your listening to some music and watching movies. And if you have problems with codecs, please read my Windows cool apps guide.
No comments:
Post a Comment