Library Technology – Reviews, Tips, Giveaways, Freeware

10 tips to secure Windows

Posted In Security, Windows - By Jack on Thursday, September 22nd, 2011 With No Comments »
1. Minimize ground attack whenever possible

One of the first steps to be done to “reinforcement” for a computer is to minimize the attack surface of it. The more code running on the machine, being able to exploit the higher code. So you should remove all the unimportant parts of the operating system and applications not in use.

2. Only use the prestigious
Applications for today’s market, users tend to use free software, which lowered prices or open source applications. Despite the undeniable importance and utility of these applications in the office, personal use, but made a little research before using these applications is very important. Some applications are free or low price is designed to serve users, other applications are designed for the purpose of stealing personal information of users or track their browsing habits.
3. Make the Security Configuration Wizard

Security Configuration Wizard allows you to create XML-based security policy, can apply for your server. The policy is used to activate the service, install and configure the firewall rule set. However, remember that the policy created by the Security Configuration Wizard is not the same as the policy is created from the security template (using the file. INF). Also, you can not use group policy to deploy the Security Configuration Wizard policy.

4. Use a regular user account if possible
As a good practice, the administrator should use normal user accounts whenever possible. If infection occurs malware, malware usually have the same rights as people who are logged. So, make sure that malware can cause greater damage if the user has admin rights.

5. Review the firewall configuration
You should use fiewall in the outer reaches of the network and on each machine in the network. But such is not enough. You should also review the list of firewall port exceptions to ensure that only the important ports are still open. The focus is normally on the port used by the Windows operating system. However, you should also check any firewall rule to accept any of the open ports 1433 and 1434. These ports are used to monitor and remotely connect to SQL server. They are a favorite target of hackers.
6. Do not write too much audit
Although the creation of the audit policy to record the daily events can be very useful, but there is a problem you should remember: something too much is not good. When you do a lot of audit logs, audit files will occupy a large space. This leads to the difficult situation you can find items you want one. So, instead of recording all events, rather than just focusing on important events.

7. Creating multiple Administrator accounts

In the previous section, we discussed the importance of using a normal user accounts whenever possible and only use the Admin account when you need to perform a certain action should have the right manager. However, this does not mean you should use the Administrator account.
8. Take advantage of local security policy
Use Active Directory group policy settings based on not nullify the need to install the local security policy. Remember that the group policy settings are used only when someone login with a domain account. We will not do if someone logged onto the computer using a local account. The local security policy can help protect your computer against the use of local accounts.
9. Separate services
Whenever possible, you should configure our server to perform a specific task. In this way, if a server is attacked, the hacker can only gain access to a set of certain services. We realize that financial pressures are often arrested organizations to run multiple roles on their server. In such cases, you can upgrade security without having to spend money by using virtualization. In a virtualized environment that, Microsoft allows you to deploy multiple virtual machines running Windows Server 2008 R2 with a license server.
10. Apply the security patches according to time table
You should always test patches before applying them to the server. However, some organizations still have a habit of ignoring the inspection process. Surely we can not deny the importance of ensuring the stability of the server, but you still have to balance the need to check with security needs. Every time Microsoft released a security patch, this patch is designed to target a certain vulnerability. This certainly means that the hacker known vulnerabilities and will look for the deployment plan, while the patch for the vulnerability has not been applied.

About -