Understanding Windows 7 system security secrets

Windows 7 is Microsoft's latest Desktop client operating system. It is a new system developed based on the advantages and disadvantages of Windows XP and Vista. All services are enhanced, the new security features make it more reliable. In addition to basic system improvements and new services, Windows 7 provides more security functions, enhanced audit and monitoring functions, and enhanced remote communication and data encryption functions, windows 7 has also developed an internal protection mechanism to enhance the internal security performance of the system, such as kernel repair protection, service enhancement, Data Execution defense, address space layout randomization, and mandatory Integrity Level.

All improvements to Windows 7 are security-centric. First, the system is used to develop Microsoft's security development lifecycle (SDL) framework and to support general standard requirements, allowing it to reach the assessment validation level (EAL) 4 certificate, this level complies with the federal information processing standard (FIPS) #140-2. In addition, you can use other security tools (such as group policies) to control every aspect of Desktop Security. If Windows 7 is mainly used for Home Office or personal use, it can also prevent hacker attacks and intrusion. You can also think that Windows 7 is safe, but this does not mean that you can rely on the default configuration. You need to adjust it according to your own security requirements.

In this article, we will introduce how to ensure the security of windows 7, security configuration, and some little-known windows 7 security functions, we will also explore how to protect data, back up data, and quickly run data in the event of an attack or system failure. This article also introduces the concept of security, how to enhance Windows 7, how to provide security assurance for running programs, how to manage the security of windows 7 systems, and how to handle problems caused by malware, data Protection, backup and recovery of the operating system, how to restore the status before the operating system, and how to restore the data and system when the system fails. The purpose of this article is to familiarize you with the security functions and enhancements of windows 7 and to gain an in-depth understanding of how to correctly deploy these security functions.

Note:

If you work in an enterprise or other professional environment, do not set up your computer. If you are not familiar with security issues or Microsoft products, read related documents carefully when modifying the system.

Basic security considerations

The management of security mechanisms needs to adjust the existing security architecture through analysis and discover potential attacks. In most cases, security mechanisms will be tested by attacks or malicious programs, if potential attacks can be detected in a timely manner, they can actively resist attacks. Through logs and audits, you can find out if someone tries to log on to the vro or try to log on to the administrator account.

Logs and alarm information are very helpful, so that you can quickly respond to problems. Responding to a thorough attack is called "attack response". The key to correctly responding to the attack lies in a positive plan. A disaster recovery plan (sometimes used together with a business continuity plan) can help recover from an attack accident.

Therefore, for home users and independent system users, you should follow the same policy. You need to protect data and respond to disasters, the well-planned deployment can keep you undefeated. If your system is infected with malware (such as Trojans) and all other recovery techniques are ineffective, you may need to reinstall the system. In this case, you should specify team members before a disaster occurs and clarify their respective work to minimize the impact of the disaster on the system.

Note:

You should review your plans on a regular basis, especially to add necessary projects after the biggest problem or failure occurs.

TIPS:

Security measures should be taken into account and deployed for any system or service to reduce the risks caused by attacks. If the deployment method of security measures enables you to actively defend against attacks or disasters, it will save you a lot of trouble.

At the same time, we should also consider the use of in-depth defense technology to deploy security measures in terms of concept and technology. For all systems, services, applications and network devices, we must consider and deploy security measures. To prevent leakage in the security architecture, we can consider using a security model that utilizes the concept of longitudinal breeding. Figure 1 shows a very basic in-depth defense application, of course, you can also add more layers of protection, depending on the way the network is established.

 

Figure 1: in-depth defense concept and deployment

As you can see, the defense in depth technology can be customized according to your needs. In this example, the security policy aims to provide security direction and communication with user systems and networks. In addition, enhancements to systems, mobile phones, desktops, services, applications, servers, routers, switches, and PBX should also be taken into account to ensure that all interfaces are secure. If you use wireless networks, you should also use filters, scanners, and other tools to check and record any information.

Windows 7 is very flexible. It contains many options to configure a fully functional system (minimum security), or to configure only the operating programs you need (maximum security ), correct use of Windows 2008 and Windows 7 will increase the security performance by 10 times.

Note:

It is important to remember that denial of problems (potential problems) cannot be achieved. If you ignore the problem or leave it to be resolved later, it will complicate the problem, which will only waste time. Fully deployed security measures can be inferior to most penetration attacks and provide multi-level protection. Of course, they cannot completely prevent attacks. You need to understand the basis of the security mechanism and how to actively or passively prevent attacks.

You can find many templates and detailed instructions on how to configure windows 7 security settings on the Microsoft official website to help you deploy and use windows security measures step by step.

When deploying security measures, we also need a certain level of flexibility to maintain a high level of security while meeting business goals and requirements. For example, we can use the User Account Control Tool (UAC) to provide high-level security after proper debugging.

 

Figure 2: Adjust the security level through UAC settings

UAC is used to prevent processes or applications from modifying computers to manipulate the system. It is implemented by limiting access permissions in the operating system kernel, it also provides you with detailed information about programs that attempt to install or further configure the operating system. This is very helpful and allows us to confirm the activities of the program and take appropriate measures. UAC first appeared in the Vista system, but because it cannot be closed, the user is bored with the pop-up messages. Windows developers also encounter coding problems due to UAC restrictions. However, Windows 7 can now completely disable UAC, providing more flexibility and choice.

Warning:

To ensure system security, we recommend that you do not completely disable UAC or enable UAC after certain operations.

Windows 7 installation and Hardening

When deploying Windows 7, we always recommend that you install the operating system on a completely new compatible hardware and then strengthen it. System hardening is a necessary process for improving the security level. It mainly deletes unnecessary software and adjusts advanced policy settings by configuring necessary security settings.

Note:

When selecting hardware for windows 7, you need to make a plan, because if you want to use virtualization, windows Trusted Platform Module (TPM) management and other features (such as BitLocker, you must purchase the right hardware to implement these functions.

After the operating system is installed, what steps should be taken to strengthen it? Is there a specific order? The system hardening procedure is the same as the basic installation procedure. It removes all unnecessary things, updates the system, applies basic security technologies, and then backs up the system to restore the system as soon as necessary, perform the following steps:

Step 1-install the operating system. During the installation process, select all options that enhance security, and do not select unnecessary services, options, and programs.

Step 2-install the Administrator toolkit, security tools, and required programs

Step 3: delete unnecessary services, programs, and software, and disable or delete unnecessary user accounts or groups.

Step 4: update all security programs in a timely manner

Step 5: run the security audit (scanner, template, MBSA, etc.) to evaluate the current security level

Step 6: Run System Restore and create Restore Point, and run the backup and recovery applications for disaster recovery.

Step 7: Back up the operating system and quickly restore the system after a disaster

The above steps are just a simple example. You can add more steps. After windows 7 is installed, the next step is to delete unnecessary software, services, protocols, and programs, which can be performed on the control panel. Disable or delete unnecessary user accounts or groups.

TIPS:

In Server 2008, you can install the "core" function, which is applicable to the enhancement process of the actual installation. After the installation, the Server only runs the necessary functions, this reduces the risks caused by security vulnerabilities. Windows 7 does not have such a feature. We need to use policies, templates, or manually configure security settings to enhance the system.

So how do I start to lock and protect Windows 7? The simplest way is to use the Start menu to search for security-related content in the system, and enter "security" in the search program and file of the Start Menu ", the result of searching for "security" is displayed.

 

Figure 3: search for security-related files and programs in the Start Menu

The Local Security Policy in is a Policy Editor that allows you to view and configure system Security policies, as shown in figure 4.

 

Figure 4: View and configure security in the Local Security Policy

Tip: for comprehensive policy control, you can use Windows 7 and Server products, such as Server 2008 R2, so that you can use Active Directory and group policies.

If you want to set audit for a specific event (such as system logon and shutdown) locally, you can create the event in the Local Security Policy Control Panel (figure 4. In the control panel, you can find the Local Security Policy Editor in the Administrative Tools program, or simply search in the Start Menu. In Windows 7 with Active Directory, you can use powerful group policies to help you customize, manage, and deploy software. This is the simplest way to configure policy security. You can also find many security configuration tools in the control panel.

 

Figure 5: Configure security operations and control panel Program Options

TIPS:

Figure 5 shows the security options that can be operated on in the control panel. If you click the Start Menu, enter security, and click control panel, you will also get a security configuration list for customization.

The following are the security options that can be configured in Action Center:

The operation center-the operation center replaces the original security center. In the operation center, you can create activities that can be performed by the operating system. Only with your permission can you perform an operation. We will also remind you to update the virus database and other information.

Internet option-browsing any form of web page brings risks to the computer, even if you use a proxy server, web page filter and keep the system