• Home
• Security Tips
• Training
• Downloads

View archived security tips here

Locking down Windows 

Viruses, worms, hackers, spammers, crackers, even people you trust could all mess with your computer in ways you never thought possible. From the hacker who has already figured out how to steal your data, to the friend who innocently exposes your computer by sharing your unsecured wireless router. How can you keep the bad guys out and the good data in? If you’ve got a computer that holds the Windows operating system, you can reduce your risk of exposure to security threats by following some simple guidelines. These tips are certainly not going to protect you 100% …but you’ll get pretty close.

 

Servers and Workstation General Tips:

·        Keep up-to-date on the latest security updates! Patch, patch, patch.

·        Use Microsoft’s Windows Server/XP/VISTA Configuration Checklists

o   http://technet.microsoft.com/en-us/library/cc751488.aspx

·        Use MBSA v.2 to evaluate your computer security and Security Configuration Tools 

o   http://technet.microsoft.com/en-us/security/cc184923.aspx

o   http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx

·        Verify that all disk partitions are formatted with NTFS

·        Use a standard user account for email, applications or browsing –not administrator!

·        Protect file shares  -lock down file and share permissions for authorized use

·        Replace “Everyone” with “Authenticated Users” for all file/share permissions

·        Enable Internet Connection Firewalls  -Secure all routers.

·        Use software restriction policies

·        Disable unnecessary services  -use Microsoft recommended services guides

o   http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true     

·        Disable or delete unnecessary accounts

·        Make sure the Guest account is disabled and rename administrator

·        Set stronger password policies -8-14 characters, expiration, use complexity

·        Set account lockout policy

·        Use strong encryption and never transferring data to unencrypted removable media

·        Install anti-virus software and updates

·        Keep up-to-date on the latest threats –subscribe to security bulletins.

·        Keep your browsers patched and locked down

 

Other Useful sites:

 

Hardening Windows Vista:

 

http://technet.microsoft.com/en-us/magazine/2007.01.securitywatch.aspx

 

Use DISA security guides:

 

http://iase.disa.mil/stigs/checklist/

© 2009 The Center for Infrastructure Assurance and Security