The Windows XP operating system has a developed security system, which, however, needs to be configured. We hope you understand that Windows XP must be installed on NTFS partitions, which is why file system FAT32 is not recommended for security reasons (built-in security simply cannot be implemented using FAT32).

If you are using the FAT 32 file system, almost all of the statements in this section will be meaningless to you. The only way enable all file system permissions - convert the disk to NTFS format.

After a clean installation of Windows XP, the default security settings act as on-off switches. This interface is called Simple File Sharing by default. This configuration has a low level of security, almost identical to the standard one. Windows configuration 95/98/Me.

If you're not happy with this configuration, you can take advantage of the full power of Windows 2000-style file permissions. To do this, open a random folder in Explorer and select Tools -> Folder options. Go to the View tab, find the Use File Sharing (recommended) checkbox in the list and uncheck it.

When you turn off simple sharing, a Security tab appears in any folder's properties dialog box. The same is true for issuing file permissions. All permissions are stored in Access Control Lists (ACLs).

When setting and removing permissions, follow these basic principles:

1. Work from top to bottom.
2. Keep shared data files together.
3. Work with groups wherever possible.
4. Don't use special permissions.
5. Do not give users more permissions than are absolutely necessary (principle of least permissions).

Setting permission from the command line

The cacls.exe command line utility available in Windows XP Professional allows you to view and change the permissions of files and folders. Cacls is short for Control ACLs - access control list management.

Command line switches for the cacls utility:

• /T - Change access permissions specified files in the current folder and all subfolders
• /E - Change the access control list (not completely replace it)
• /C - Continue if an "access denied" error occurs
• /G - user:permission Allocates the specified permission to the user. Keyless
• /E - completely replaces current permissions
• /R - user Revokes access rights for the current user (only used with the /E switch)
• /P - user:permission Overrides the specified user permissions
• /D - user Denies the user access to the object

With the /G and /P keys, you must use one of the letters listed below (instead of the word permission):

• F (Full Control) – Equivalent to checking the Full Control checkbox on the Security tab.
• C (modify) – identical to checking the Allow Modify checkbox
• R (read) – equivalent to checking the Allow Read & Execute checkbox
• W (write) – equivalent to checking the Allow writing (Write) checkbox

Microsoft Windows XP helps prevent sensitive data from falling into the wrong hands. Encrypting file system File System- EFS) encrypts files on disk. However, please be aware that if you lose the decryption key, the data may be considered lost. Therefore, if you decide to take advantage of the benefits of EFS, you must create account recovery agent, a backup copy of its own certificate and the recovery agent certificate. If you prefer to work with the command line, you can use the cipher.exe program.

The cipher command without parameters displays information about the current folder and the files located in it (whether they are encrypted or not). Below is a list of the most commonly used cipher command options:

• /E - Encrypt specified folders
• /D - Decryption of the specified folders
• /S:folder - The operation applies to the folder and all nested subfolders (but not files)
• /A - The operation is applied to the specified files and files in specified folders
• /K - Creates a new encryption key for the user who launched the program. If this key is specified, all others are ignored
• /R - Create a file recovery agent key and certificate. The key and certificate are placed in the .CFX file, and a copy of the certificate is placed in the .CER file
• /U - Update the user encryption key or recovery agent for all files on all local disks
• /U /N - List all encrypted files on local drives without any other action

Troubleshooting Permission Issues (Data Recovery Agent)

The administrator is usually appointed as the Data Recovery Agent. To create a recovery agent, you must first create a data recovery certificate and then designate one of your users as such an agent.
To create a certificate you need to do the following:

1. You must log in as Administrator
2. Enter cipher /R at the command line: file name
3. Enter the password for newly created files

The certificate files have the extension .PFX and .CER and the name you specify.

ATTENTION! These files allow any user on the system to become a recovery agent. Be sure to copy them to a floppy disk and store them in a secure place. After copying, delete the certificate files from your hard drive.

To assign a recovery agent:

1. Log in with the account that should become the data recovery agent
2. In the Certificates console, go to the Certificates section – Current user-> Personal (Current User -> Personal)
3. Action -> All Tasks -> Import (Actions -> All Tasks -> Import) to launch the Certificate Import Wizard
4. Import the recovery certificate

If you use encryption tools incorrectly, you can end up doing more harm than good.

1. Encrypt all folders where you store documents
2. Encrypt the %Temp% and %Tmp% folders. This will ensure that all temporary files are encrypted
3. Always enable encryption for folders, not files. Then all files subsequently created in it are encrypted, which turns out to be important when working with programs that create their own copies of files when editing, and then overwrite the copies on top of the original
4. Export and protect your recovery agent account's private keys, and then remove them from your computer
5. Export personal encryption certificates of all accounts
6. Do not delete recovery certificates when changing recovery agent policies. Keep them until you are sure that all files protected by these certificates will not be updated.
7. When printing, do not create temporary files or encrypt the folder in which they will be created
8. Protect your page file. It should be automatically removed when you exit Windows

Security Template Builder

Security templates are ordinary ASCII files, so in theory they can be created using a regular text editor. However, it is better to use the Security Templates snap-in in the Microsoft Management Console (MMC). To do this, in the command line you need to enter mmc /a in this console, select the File – Add/Remove menu. In the Add Standalone Snap-in dialog box, select Security Templates – Add.
Equipment management

Security templates are located in the \%systemroot%\security\templates folder. The number of built-in templates varies depending on the version operating system and installed service packs.

If you expand any folder in Security Templates, the right pane will show folders that correspond to controlled elements:

• Account Policies – manage passwords, locks and Kerberos policies
• Local Policies – manage audit settings, user rights and security settings
• Event Log – managing system log parameters
• Restricted Groups – defining elements of various local groups
• System Services – enable and disable services and assign the right to modify system services
• Registry – assigning permissions to change and view registry keys
• File System – manage NTFS permissions for folders and files

Internet connection protection

To ensure security when connecting to the Internet, you must:

• Enable Internet Connection Firewall or install a third party firewall
• Disable File and Printer Sharing for Microsoft Networks

An Internet connection firewall is a software component that blocks unwanted traffic.

• Activating Internet Connection Firewall.
• Open Control Panel – Network Connections
• Right-click on the connection you want to protect and select Properties from the menu
• Go to the Advanced tab, check the Secure my Internet connection checkbox

Conclusion

Introduction

If your computer is connected to computer network(no matter whether it is the Internet or an Intranet), then it is vulnerable to viruses, malicious attacks and other intrusions. To protect your computer from these dangers, you must keep it running at all times. firewall(firewall) and antivirus software (with latest updates). In addition, it is necessary that all the latest updates are also installed on your computer.

Not every user can constantly monitor this. Not every user knows how to do this. And even if the user is competent in these matters, he simply may not have enough time for such checks. Microsoft took care of all these users by including such a tool in SP2 for Windows XP. It's called "" (Windows Security Center) (Fig. 1).

Rice. 1. Provision Center Windows security

The main purpose of this tool is to inform and guide the user in the right direction. Firstly, it constantly monitors the states of the three main OS components (firewall, antivirus, automatic update system). If the settings of any of these components do not meet the computer's security requirements, the user will receive a notification. For example, in Fig. Figure 2 shows one of these notifications.

Rice. 2. Alert

Secondly, when opening the Windows Security Center, the user can not only receive specific recommendations on how to fix the current situation, but also find out where other settings related to computer security are located, and where on the Microsoft website you can read additional information to ensure safety.

It should be noted right away that when you connect a computer to a domain, the Windows Security Center does not display information about the computer's security status (Fig. 3) and does not send security messages. In this case, it is believed that security settings should be managed by a domain administrator.

To enable Windows Security Center for a computer that is part of a domain, you must enable the Computer Configuration, Administrative Templates, Windows Components, Security Center, Enable Security Center setting in the domain's Group Policy (for computers in the domain only). )".

Rice. 3. Windows Security Center

Windows Security Settings

To open the Windows Security Center, click the Start button, select Control Panel, then double-click the Security Center icon (Figure 4).

Rice. 4. Icon

The Windows Security Center window can be divided into three parts (Fig. 5):

Rice. 5. Security Center

1. Resources. Here are links to go to Internet resources, to the built-in Windows help service, and to the window for configuring alert settings.
2. Security components. This is where the information elements of the three main security components are located: firewall, automatic update, antivirus protection.
3. Security settings. Here are buttons for accessing the security settings of the following components: browser Internet Explorer, automatic update, Windows firewall.

Let's look at these parts in more detail.

Resources

In Fig. 5, the number 1 indicates links, the first three of them are intended to go to the corresponding pages on the Microsoft website. The penultimate link is for opening help desk Windows on page " General information about Windows Security Center." The last link is intended to open the "Alert Settings" window (Fig. 6).

Rice. 6. Alert Settings

If your computer has a firewall and antivirus software that is not detected by the Security Center, you can disable the corresponding alerts (see Figure 6).

Security Components

In Fig. 5, number 2 - each information board reports the status of the corresponding component. Figure 7 shows possible states.

Rice. 7. Information board states

States A-C understandable without comment. State D - "Not Found" - corresponds to the inability to determine the presence of the corresponding software (for example, an antivirus or firewall). State E - "Expired" - possible for antivirus protection when updates antivirus databases outdated. State F - "Not Observed" - corresponds to disabled control over the corresponding component.

Security Center takes a two-tier approach to determining the state of components:

1. Checking the contents of the registry and files with information about the status of the software (Microsoft receives a list of files and registry settings from software manufacturers).

2. Information about the software status is transmitted from installed programs using WMI (Windows Management Instrumentation) tools.

Figure 8 shows one of the possible states of the Firewall component. By clicking the "Recommendations..." button, you will have the opportunity to either enable the firewall (Fig. 9, "Enable Now" button) or disable monitoring the state of this component (Fig. 9, the "I install and monitor the firewall myself" option).

Rice. 8. Firewall status

After clicking the "Enable now" button (see Fig. 9), if the Windows firewall is successfully launched, a corresponding message will appear on the screen (Fig. 10).

Rice. 10. Message

Figure 11 shows one of the possible states of the "Automatic Update" component. By clicking the "Enable Automatic Updates" button, you will enable the "Automatic Updates" operating mode recommended by Microsoft (Fig. 12).

Rice. eleven."Automatic update" status

Rice. 12. Automatic update

Please note that depending on the set operating mode of "Automatic update" (see Fig. 12) in the "Security Center" window it is indicated short description this mode.

Figure 13 shows one of the possible states of the “Virus Protection” component. By clicking the “Recommendations…” button, you will receive laconic instructions (Fig. 14): “turn on the anti-virus program” (if it is disabled), “install another anti-virus program”. In this window, you can disable monitoring the status of this component (the “I install and monitor the antivirus myself” option).

Rice. 13. Virus protection status

Security Settings

In Fig. 5, under number 3, there are buttons for going to the security settings of the following components: Internet Explorer, automatic updates, Windows Firewall.

By pressing the button , you will be taken to the “Security” tab in the Internet Explorer settings window (Fig. 15).

Fig. 15. Internet Explorer Settings

By clicking the button, you will open the “Automatic Update” settings window (see Fig. 12).

By clicking the button, you will be taken to the corresponding settings window (Fig. 16).

Rice. 16.

In Windows XP SP2, the following icons are used to indicate security-related settings (see, for example, Fig. 16), as well as for notifications about the computer’s security status (see, for example, Fig. 2):

1. - Indicates important information and safety settings.

2. - Notifies you of a potential security risk.

3. - The situation is safer. Your computer is using recommended security settings.

4. - Warning: the situation is potentially dangerous. Change your security settings to make your computer more secure.

5. - It is not recommended to use the current security settings.

Internet Options

As stated earlier, by clicking the button in the "Windows Security Center", you will be taken to the Internet Explorer settings window on the "Security" tab (Fig. 17).

Rice. 17.

Let's look at the options available on this tab. At the top there are four zones: Internet, Local Intranet, Trusted Sites, Restricted Sites. Table 1 provides a description for each zone.

Table 1. Description of zones

For all zones except the Internet zone, you can define the hosts included in the zone. To do this, you need to select the desired zone (see Fig. 17) and click the “Nodes...” button. In this case, for the “Local intranet” zone, the window shown in Fig. 18 will open. If you want to specify specific nodes, click the "Advanced..." button. As a result, the window shown in Fig. 19 will appear. A similar window will open if you define nodes included in the "Trusted Sites" and "Restricted Sites" zones. Only the "Restricted Sites" zone will not have the "All sites in this zone require server verification (https:)" option.

Rice. 18. Local intranet

Rice. 19. Specifying specific nodes

Each zone can be assigned the desired security level: high, medium, below average, low. Low security level represents minimal security and is used for sites that you fully trust.

Select the desired zone (see Fig. 17) and click the "Default" button. The "Security" tab will change its appearance (Fig. 20). At the bottom of the window you can determine the desired security level. If you do not want to use the proposed security levels, you can click the “Other…” button and define all the security parameters yourself (Fig. 21).

Rice. 20. Internet Explorer Security Settings

Rice. 21. Security Settings

The Internet Explorer security settings described above are also available through Group Policy (Computer Configuration, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Security Page).

Automatic update

As mentioned earlier, by clicking the button in the “Windows Security Center”, you will open the “Automatic Updates” settings window (Fig. 22).

Rice. 22. Automatic update options

The built-in help system in Windows XP describes the automatic update system in great detail. To access this help, click on "How does automatic updating work?" (see Fig. 22). Let's just dwell on a few points.

First, it is necessary to distinguish between the concepts of “downloading” and “installing” updates. Download refers to the process of transferring update files from a Microsoft server (or from an internal update server within an organization) to a user's computer. Installation refers to the actual process of installing updates on the user’s computer. It is possible that updates have been downloaded to a user's computer, but have not yet been installed.

Secondly, if you selected the “Automatic” option (see Fig. 22), then updates will be downloaded and installed at the time you specified. If the computer is always turned off at the specified time, the updates will never be installed. When you log on to your computer, a user with local administrator rights can run the installation manually without waiting for the scheduled time. When the scheduled time arrives, the user will be notified that the updates will begin installation. If an administrator is working on the system at this time, they will have the option to defer installation until the next scheduled time. Other users (without administrator rights) will not have the opportunity to cancel the scheduled installation of updates.

In all other cases (except for the "turn off automatic updates" option), notifications about existing updates for your computer (ready to download or install) will only appear when a user with local administrator rights is registered on your computer. Thus, if you constantly work on your computer with an account that is not a member of the local administrators group, the updates will never be installed.

The automatic update settings described above are also available for configuration through Group Policy (Computer Configuration, Administrative Templates, Windows Components, Windows Update). In addition, only through Group Policy can you set additional settings. For example, you can specify the address of the internal update server, which centrally receives updates from Microsoft servers and sends them to internal computers organizations. An example of such a server is Microsoft® Windows Server™ Update Services (WSUS).

Windows Firewall

As mentioned earlier, by clicking the button in the “Windows Security Center”, you will open the “Windows Firewall” settings window (Fig. 23).

Rice. 23. Windows Firewall Settings

If you click on the inscription “More about Windows Firewall” (see Fig. 23), you can read brief information about the capabilities of the firewall (firewall) included in Windows XP SP2.

Let us only note that, unlike products from other manufacturers, the built-in Windows firewall is intended only to control incoming traffic, i.e. it protects your computer only from external intrusions. He doesn't control outgoing traffic your computer. Thus, if your computer has already been infected by a Trojan horse or virus that itself establishes connections with other computers, Windows Firewall will not block their network activity.

Additionally, by default the firewall protects everything network connections, and incoming ICMP echo request is disabled. This means that if Windows Firewall is enabled on your computer, then checking the presence of such a computer on the network using the PING command is a pointless exercise.

Very often in organizations that use software that requires allowing incoming connections to user computers, it becomes necessary to open some ports on computers with installed Windows XP SP2. To solve this problem, you need to set exceptions in the Windows Firewall settings. There are two ways to solve this problem:

1. You can set an exception by specifying a program that requires incoming connections. In this case, the firewall itself will determine which ports need to be opened and will open them only for the duration of execution the specified program(more precisely, for the time when the program will listen to this port).

2. You can set an exception by specifying specific port, by which the program listens for incoming connections. In this case, the port will always be open, even when this program is not running. From a security point of view, this option is less preferable.

There are several ways to set an exception in Windows Firewall settings. You can use the graphical interface (Fig. 24). This option is covered in some detail in the Help Center and Windows support XP SP2. You can use domain group policy. This option is preferable if there are a large number of computers in an organization. Let's look at it in more detail.

Rice. 24. Exceptions tab

Windows Firewall settings in Group Policy are located in the Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall node.

When configuring via Group Policy, you need to configure two profiles:

1. Domain profile. The settings in this profile are used when the computer is connected to a network that contains an organization's domain controller.

2. Standard profile. The settings in this profile apply when the computer is not connected to a network that contains an organization's domain controller. For example, if the organization's laptop is used on a business trip and is connected to the Internet through an Internet service provider. In this case, the firewall settings must be more restrictive than the domain profile settings, since the computer is connecting to the public network, bypassing its organization's firewalls.

Let's look at how to set exceptions for a program and for a given port. As a specific example, let's take the Kaspersky Administration Kit Administration Server accessing the computer on which Network Agent is installed to obtain information about the status of anti-virus protection. In this case, it is necessary that UDP port 15000 is open on the client computer or that the program “C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe” is allowed to receive incoming messages.

Related information.

Windows 7 is the latest desktop client OS from Microsoft that is built with the strengths and weaknesses its predecessors, Windows XP and Windows Vista. Every aspect of the underlying operating system, as well as the services it runs and how it manages the applications loaded on it, has been reviewed, and measures have been taken to improve its security where possible. All services have been improved and new security options make this OS more reliable. In addition to some major improvements and new services, Windows 7 provides more features security, improved auditing and monitoring capabilities, and connection and data encryption capabilities. In Windows 7, there are some improvements to internal security to ensure the security of such internal system components as Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization. randomness in the layout of the address space) and Mandatory Integrity Levels (mandatory integrity levels).

Windows 7 is designed to be reliable. On the one hand, it was developed as part of Microsoft's Security Development Lifecycle (SDL) and designed to support the requirements of the Common Criteria, which allowed it to receive Evaluation Assurance Level (EAL) 4 certification, which meets the requirements of the Federal Information Processing Standard – FIPS) #140-2. When using Windows 7 as a separate system, it can be protected by personal security equipment. Windows 7 contains many different security tools, but it is in combination with Windows Server 2008 (R2) and Active Directory this OS becomes a body armor. By using advanced security techniques from tools like Group Policy, you can control every aspect of your computers' security. If Windows 7 is used in a home office or personal environment, it can also be protected to avoid many of today's hacking techniques, and the system can be quickly recovered from a crash, so while pairing it with Windows 2008 is more secure, it is not necessary to enjoy high performance. level of security in Windows 7. You should also consider the fact that although Windows 7 is secure by nature, this does not mean that you need to rely entirely on the standard configuration and that there is no need to make changes to improve security. Also, do not forget that over time you will be at risk of infection by some kind of malicious code or Internet attack when the computer is used on any public network. If the computer is used for any type public access to the Internet, your system and the network to which it is connected become open to possible attacks.

In this article, we'll cover the basics you need to know about correct setting Windows 7 security, achieving the desired level of security, and also talk about advanced security options and look at some of the lesser-known security features that Windows 7 offers to prevent and protect against possible attacks. We'll also look at the many ways you can protect your data and recover if you do suffer an attack or a critical system failure. This article introduces security concepts, how to harden Windows 7, how to install and secure running applications, how to manage security on a Windows 7 system, and how to prevent problems caused by malicious code. This article will also cover the process of protecting data, system backup and recovery functions, the process of restoring the operating system to a previous state, and how to restore data and system state in the event of a critical system failure. We'll also look at strategies to do this quickly. Topics will also be covered safe work on the network and the Internet, biometric control settings for advanced access control, and how Windows 7, when working with Windows Server 2008 (and Active Directory), can use some integrated control, management and monitoring options. The purpose of this article is to introduce you to Windows 7 security features, enhancements, and applications, and to provide a more detailed picture of how to plan for and implement these security features properly. All the topics we have touched upon here will be broken down and organized into separate blocks.

Note: When working in a corporate or other production environment, do not make changes to your company's computers. Ensure that you work within the company's issued safety plan or policy and adhere to all company practices, policies and guidelines. If you are unfamiliar with security topics and Microsoft products, read the product documentation before making changes to your system.

Basic safety points

Before we dive into the specifics of Windows 7, it's important to first introduce some basic security concepts and how to plan for them. We will also need to know why monitoring is critical to maintaining security and how to properly monitor security teams for problems. It is also important to know how to monitor your security and detect your possible exposure to potential attacks. Security is not something that can be done in haste. It must be carefully prepared for and applied to every technical aspect of the installation, and must always be present. It also needs to be carefully considered before installation and continuously monitored and audited after installation. Security management requires analysis to fine-tune the current security architecture as well as detect potential attacks. In most cases, your security will be tested by an attacker or malicious code to look for access, you can potentially protect yourself with preventive measures if you see hacking attempts or infections. By keeping logs and subsequently auditing them, you can find information about attempts to log into your router, attempts to log in as an administrator, etc.

Logs and alerts are very useful because if something goes wrong, you can quickly and correctly respond to it by analyzing the source IP addresses or login attempts recorded by the auditing application. Responding to an attack with a detailed plan is called "incident response." Preparedness is key to responding to an incident, so having a pre- and post-event plan is critical to safety. The Disaster Recovery Plan [sometimes used in conjunction with the Business Continuity Plan (BCP)] will contain the disaster recovery strategy. Some IT teams also dedicate staff to form an Incident Response Team, which is responsible for developing a plan to troubleshoot and resolve critical issues resulting from system failure, data loss, network or system attacks, and etc.

So, home users should use the same strategy, just at a simplified level. You also need to protect your systems and respond to failures, so a good plan created in advance can be of great benefit to you in the future. A good example simple plan will be, for example, the following: if your system is infected with malicious code (for example, Trojan), you will need to reinstall your OS if all other measures and attempts at repair have failed. If this is the case, then you need team members with assigned responsibilities, detailed steps (or a list) and procedures before the incident so that you can respond appropriately, and you need to conduct a review to ensure that everything done correctly after restoration. Availability of access or copy installation files or any other programs and applications before they are needed can save you time, and a thoughtful plan can show you where to look for all the necessary tools when time can be of the essence.

Note: To help you with your planning and become more familiar with safety, you can find lists and plans in the additional links section of this article.

You should also review your plans as often as possible, especially after critical problems or failures, and add specific actions to them if necessary. Once your plan is ready, you should consider building it on the basics with big amount security functions and services.

Advice: Security should be considered and applied to each system or service used to reduce the risk associated with attacks that come from any of them during operation. And if security is applied in such a way that you can proactively prevent (or recover from) an attack, you will have less work to do to respond to and account for such attacks. Security, even at the most basic level, should be applied in a way that protects your data later, so that even if you have to install Windows from scratch, you can use your data later for later use. Security cannot be ignored.

You should also consider applying security conceptually and technically, using a security concept called Defense in Depth. Security must be thought through and applied to all systems, services, applications and network equipment, keeping your system running and connected to the Internet. Published policies and well-thought-out plans ensure the productivity of system users and familiarize them with general usage policies. Continuous maintenance will ensure your investment grows. To prevent holes from appearing in the security architecture, it is necessary to use planning and apply a security model that uses the concept of "Defense in Depth". Figure 1 shows this concept at a simplified level; you can (and of course should) add additional layers depending on how your home or business network is built.

Figure 1: Conceptualizations and implementation of Defense in Depth

Defense in Depth protection, as can be seen from the figure, can be adjusted to suit your needs. In this example, a security policy is needed to ensure secure interactions among system and network users. Also, hardening your systems, phones, desktops, services, applications, servers, routers, switches and PBXs should be taken into account to ensure that all access points are covered. It's also a good idea to have a public network security tool like a firewall, but you should always push those boundaries and add things like filters and scanners to provide more comprehensive support. You will also need to be able to monitor and keep logs of all information for later use.

Windows 7 was also designed to be integrated and used in environments that must meet high-security requirements, such as government and military environments. When considering basic Windows security principles, it is important to remember that any production-grade system must be certified to Level C2 security from the Orange Book. Microsoft Windows must also meet the Common Criteria Certification requirements. For additional information For these topics, see the articles linked in the additional references section at the end of this article. Windows 7 is a very flexible system and its many options allow you to configure it to use all its features (minimal security), or use only basic capabilities, and those operations that you have configured to use (maximum security level). Windows 2008 and Windows 7 have tenfold improved security when the two operating systems are properly configured together.

Note: It is important to remember that denying the problem (or potential problem) is not an option. Problems left for later or ignored altogether only complicate the situation. Laziness will only buy you some time. There is no such thing as security in the unknown. Non-compliance only adds to the problems later when compliance is needed. Careful deployment of security on your home PC or enterprise (equally important) will prevent intrusions and attacks, and provide multiple layers of protection to make your systems more reliable. You need to know the basics of security and how to act before and after attacks occur if you need protection.

So, now that you are familiar with the basic concepts of security, let's apply what we have learned when configuring the security settings of Windows 7. Given that we have the knowledge of why security should be applied, when to apply it, and we also know the reasons management, monitoring and updating, we just need to apply these security concepts when setting up Windows systems 7. It's quite easy if you know what to do. If you're new to Windows or having trouble getting used to 7 (perhaps you haven't used Vista), it's important to take some time to familiarize yourself with these tools through online resources like TechNet or Microsoft Support. For example, many templates and checklists can be found online at Microsoft.com that will walk you step-by-step through applying and using security on your Windows system. You can also find useful tools in the additional links section at the end of this article.

Templates are not a panacea and can sometimes backfire if used incorrectly (or configured incorrectly), so always be careful even if you download these templates directly from Microsoft.com. It is very important to always read the documentation that comes with the template so that you can apply it correctly. It would also be correct to say that without certain knowledge of the basics of the OS itself, or knowledge of the basic principles of the OS, you will not be able to provide a high level of security for a long time. A clear understanding of the OS kernel and its services is necessary if you want to be able to provide a high degree of security even after setting up a basic level of security. The reason this is important for anyone implementing OS security is knowing that your system is being actively scanned and tested for vulnerabilities. Keeping event logs is extremely useful because you can set up auditing (as an example) and receive detailed information about what is happening to and within your system. Most (if not all) logs are by nature not very clear and can create problems by using very general terms or machine language. You need to go online and unravel the mystery of these magazines, which with some experience becomes easier and easier. You'll read a lot of things you didn't know before, and you'll also find a lot of tools that you'll want to add to your toolbox once you've tested them.

You also need a certain level of flexibility in how you apply security, a level that will allow you to meet enterprise goals and requirements (such as Internet access) seamlessly while maintaining a high level of security. A great example is the User Account Control (UAC) tool, which, when configured correctly, can provide a high level of security or can be disabled entirely. You will need to restart your computer if you disable UAC.

The UAC tool is used to prevent programs or applications from making changes to the computer's operating system. It works by restricting access in the OS kernel, and then providing detailed information to users about the program that tried to install itself or make changes to the OS. This is useful because it gives you the opportunity to check what the program is doing and take action if you do not want the program to make changes. UAC was first introduced in Windows Vista, but since it couldn't be turned off, it was considered "annoying" to say the least. It annoyed users who couldn't get around it. Windows developers also had a lot of difficulty writing code due to UAC limitations and needed workarounds. Now that Windows 7 is out, UAC can be turned off, removing the security layer entirely and allowing for more flexibility and choice.

Attention! To protect your system, it is not recommended to completely disable UAC, or if for some reason you need to do this, do not forget to enable it again.

Installing and strengthening Windows 7

Windows 7 is secure by nature. During OS installation, it is always recommended to perform a fresh OS installation on newly purchased (or upgraded) compatible hardware and then harden it. System hardening is the process of improving the security level of a newly installed base operating system by adjusting necessary security settings, removing unnecessary software, and configuring additional policy settings.

Note A: There's a little bit of planning work to be done when it comes to choosing hardware for Windows 7, because if you want to use virtualization, Windows Trusted Platform Module (TPM) Management, and other features like BitLocker, you'll need to purchase the appropriate hardware to these functions worked.

After correct installation of the OS and its basic settings there is a process of strengthening it. Should I always do a fresh installation or can I harden my existing Windows OS? Technically, you can harden a system you're already using, but before you do that, you first need to familiarize yourself with it, analyze it, inspect it, and, of course, audit the level of security configured and used in that system. There is no point in strengthening a system that has already been hacked. You also don't always know how a security application will affect a production system, whether it's used at home or in a corporate environment. Sometimes duplicate systems are created so that everything can be tested, but this takes time and resources, but it is worth it because it helps to find and avoid problems that may arise when building and deploying the environment. You can do more harm than good if you don't know how security configuration changes or patterns will affect services on the production system. For example, you could apply a security model to a system and, through overly strict filtering rules on the firewall, prevent a particular application from functioning normally "for example, an application uses a specific port that is blocked by the firewall, which would block the application's access. This could cause Negative consequences, if the application is used in an enterprise and was necessary for productivity, and fixing the problem may require some time and effort. That's why it's easier to install new Windows 7 and then strengthen it, as this will not take much time and will allow you to ensure that security remains as high as possible. You can also speed up the process, especially if you use virtual machine(VM) or VHD file that gives you the ability to have multiple instances of your computers running in a virtual environment and also allows for quick recovery if no redundancy is used. Since virtualization simplifies the installation process while creating clone images for the backup process, you can restore your computers very easily and quickly. We'll touch on the virtualization process later in this article. If failover is enabled and configured, the computer user may not even notice that the virtual machine fails.

You can harden the system and then access protected data via storage with shared access, databases and repositories on high speed using failover and redundancy options that will not only keep the information safe, but separate from the data you access. If you plan everything correctly, you will be able to produce images that are fully prepared, configured, protected and updated versions Windows and in the event of a disaster, restore system images back to your hardware in 1/3 of the time it takes without using image cloning and virtualization. Then, after restoring the base OS, you can connect to the shared storage to get the data you need.

So, what are the actual steps to harden the OS after installing it? And is there a specific order for these steps? If there were a clearly defined set of steps to install and harden, they would go in the following basic order: install, remove anything not used, update the system, apply basic security, and then back up for quick recovery if necessary, as shown in the following list:

• Step 1- Installing the base OS with selecting the necessary options to increase security during installation and disabling unnecessary services, options and programs.
• Step 2- Installation of all working administrator kits, security tools and necessary programs.
• Step 3- Removing unnecessary services, programs and applications. Disable or delete unused user and group accounts.
• Step 4- Installation of Service Pack, patches and updates. Update all installed programs.
• Step 5- Run a security audit (scanner, templates, MBSA, etc.) to obtain information about the current security level
• Step 6- Run System Restore and create a restore point. Backup and recovery applications for recovering from system crashes.
• Step 7 - Backup systems with the ability to quickly recover after a crash.

This list is quite simple. You can add additional steps and expand it. This list is not complete, but is a good start in getting an idea of ​​where to start when applying security to Windows 7 after a basic installation. If completed new installation Windows 7, then the next step is to remove unwanted software, services, protocols and programs that you do not need. This can be done using the control panel.

You can then go to Control Panel and control who will be allowed to use the computer using the User Accounts app. Here you need to delete all accounts that you do not need, or simply disable them. Of course you need to be careful with standard users and groups, since some of them are related to services running in the OS, they can also affect how data is accessed on your system, etc. You can also easily disable accounts if you're not sure they can be deleted. Another technique used by most IT security professionals is to leave the local administrator account in place and audit it for attempts to exploit this account, or the domain administrator account, which needs to be further protected and fully audited. . As a common practice, professionals avoid using built-in accounts when managing large networks of Microsoft systems and create new administrator accounts whose activity can be easily monitored if necessary. By auditing these accounts and using new accounts with administrative rights, you double your security level. First, you have the ability to find out if someone is trying to log into your system using standard accounts, although this should not happen. With auditing, you can track such attempts if they occur. This application of security to accounts is known as a honeypot and is useful when looking for possible unauthorized attempts to access a system. Secondly, you remove half of the equation when someone tries to hack an account through basic credentials like username and password. If you eliminate the easy-to-crack credentials, all you're left with is setting up the complex and strong password, which will be difficult to hack. If you set up built-in accounts as a decoy, you can create a very hard-to-crack password and limit that account so much that if it gets compromised, an attacker can't do anything on your system. You also need to change all built-in account passwords to more complex ones. Use the best selection techniques secure passwords to protect these accounts and fully audit them. You should also set up a policy that forces end users who want to change their password to go through a process where they are only allowed to use a password that is strong and strong enough. This is just one hardening tip that provides benefits such as the ability to find intruders through logs and audits.

Clue Note: Windows Server 2008 allows you to install "core" functionality, which is a hardening process applied to the system during installation. Once installed, the server will run with only the minimum set of features you choose, reducing the risk of exposure to attack tools. Windows 7 can be hardened, but it doesn't have the same installation option as 2008, which simply limits the system during installation. To harden Windows 7, you need to apply policies, templates, and manually configure security settings properly.

Considering all of the above, how to use the limit function and Windows protection 7? The most in a simple way To begin the system restriction process is to use the Start menu to search for anything security-related stored on the system and indexed. To do this, simply press the Start button to open the menu. Then enter the keyword “security” in the “Search programs and files” field. Figure 3 shows the Start menu options returned by searching for keyword"Security".

Figure 3: Search and view security options found using the Start menu

This shows Programs, Control Panel applications (or actions), Documents, and Files selected and organized for easy viewing and access. In short, Local Security Policy (if selected) is a policy editor that allows you to view and customize your system's security policies. The Local Security Policy editor is shown in Figure 4. Here you can make the necessary changes to any policy based on the OS settings.

Tip: For full control over policies, you need to use Windows 7 with Windows Server products such as Windows Server 2008 R2. In this case, you can take advantage of Active Directory (AD) and Group Policy.

If you want to locally configure auditing of a specific event (for example, logon and logout), then you can specify this action in the Local Security Policy console (Figure 4). In Control Panel, you can go to the Administrative Tools app to find the Local Security Policy editor, or simply search for it in the Start menu. When Windows 7 is used with Active Directory, you can use Group Policy, which is a robust service that allows you to configure, manage, and deploy settings and settings. software applications, but you'll need to join Windows 7 to a valid domain and manage it accordingly to take advantage of all these features.

If you need to set up policy-based security, this is the easiest way. You can find many of the tools you need for configuration in the Control Panel and/or in the custom MMC that you configure and install. Microsoft Security Center (Windows Vista, XP) has been used to centralize most security features in the past. It has been replaced by the Action Center, and now security actions are very easy to find, view, and execute with specific permissions. For example, as shown in the Start menu (Figure 3), the "Check security status" action, when selected, provides a list of security settings that Windows 7 recommends, such as updating the system, or programs such as like antivirus (AV). If you select an action, the system will send you to the action center to fix the existing problems.

Figure 5: Configuring Security Actions and Control Panel Application Options

Advice: Figure 5 shows the security actions you can perform in Control Panel. If you go to the Start menu, type "security" and click on Control Panel, you'll be given a list of actions and security settings that you can immediately configure in an easy-to-understand list.

In the Action Center (or when viewing Action Lists), you can simply navigate down the list and customize each item accordingly. This short review Security options that can be configured in the Action Center list:

• Action Center" Action Center replaces Security Center. In Action Center, you can specify actions that the OS will perform. With your permission, actions can be performed. This will tell you if your antivirus program is not up to date. You can go to Action Center to perform actions related to safety.
• Internet Options" Web browsing of any type opens the door to potential risks associated with the Internet. If you use a proxy server, use web filtering (and monitoring), and constantly update your OS with the latest updates, you may find yourself in a situation where security can be compromised. In the Internet Options Control Panel application, you can specify security zones, allow access only to certain URLs, expand advanced security settings in the Advanced tab, and much more.The browser itself is equipped with a phishing filter that prevents attacks phishing, and also has other customizable options such as InPrivate Browsing, which does not allow you to store your personal information, which is especially useful when using a computer in public Internet cafes.
• Windows Firewall"like any other software or hardware firewall, firewall Windows Firewall can prevent basic attacks by default, and can be configured in many ways for a high level of control over what can enter and exit your computer system when it is connected to a public or private network. By going to Control Panel and selecting Windows Firewall, you will have access to most of the firewall configuration options. You can click the Advanced button in the dialog to access additional parameters and configuration options. In Windows 7, you can deploy multiple firewall policies at once and use Domain designation to more easily configure and manage Windows Firewall.
• Personalization" Personalization options are where you can change appearance Windows, but here you can configure passwords for your screen saver. If Windows 7 is used in an enterprise, users need to be taught how to lock their workstations whenever they leave their premises. workplace, or create policy settings that would do this automatically after a certain period of system inactivity; The screen saver, if configured to prompt you to log in again after such a period, can be very useful. At home, this can be your best line of defense if you leave your computer and forget to lock it.
• Windows Updates"all versions software require a certain level of correction. You can prepare, test and try to develop the perfect product, but it is impossible to take into account everything. Also, updates and new software releases are required to keep your system up to date while you use it. As there are system improvements, requirements for other development technologies, new security vulnerabilities, and driver updates for better performance and functionality, there will always be a need to use Windows Update. Windows (and Microsoft) Upd ate or production versions of patch management (such as WSUS) are used to centrally manage and install updates. These tools are used to control, track and monitor your current and future update needs. Set up automatic updates, or make it a habit to do it manually, because it simply needs to be done. If you don't update your system as recommended (and sometimes required), you are putting yourself at risk of attack.
• Programs and Features"besides Windows updates Updates You also need to frequently check what is installed on your system, especially if you work on the Internet and/or download software products from Internet servers. For example, installing a simple Java update, if you did not carefully read the information about it during installation, may also install a toolbar on your system that integrates into your web browser. This is now more tightly controlled, but in any case, you should check what is installed on your system from time to time.
• Windows Defender " spyware are apps that were originally used for illegal trading activities and that do things like boost your load, redirect your browser, and send information about your activities. Although antivirus programs block some of these applications, Windows Defender (or other spyware removal software) should be used to clean out the remaining spyware. Cookies, although harmless in nature, can sometimes be manipulated for illegal purposes. Make sure Windows Defender is updated frequently with new definition files and patches to ensure it can detect the latest spyware. SpyNet is the community Microsoft experts turn to to monitor, study, and repair spyware damage.
• User Accounts"User account control is the basis for protecting access to your computer, as well as everything that runs on it. For example, if you create a new user account and add it to the Administrators group, you will have full access to the computer system. If you set up an account as a standard user, its permissions will be very limited and will only allow you to perform some basic user functions.You can also set up passwords that, when created according to password policy requirements, force users to create difficult-to-crack passwords, which prevents most basic attacks.If Windows Server 2008 and Active Directory are installed, you can access a domain, which (if you are a member of it) will allow you more flexibility in configuring NTFS file system permissions for folders and files, as well as other shared resources , such as printers.
• Power Options"The Power Options Control Panel application is where you configure the default behavior of the operating system when it is turned off, closed, or in sleep mode. For greater security, it is recommended to set the option to require a password when the machine wakes from sleep mode. Whenever the option to enable user access control appears, you should use it.

So, if you need to implement security measures in Windows 7, the Start menu can serve well as a starting point for strengthening the system and opens the door to many available tools. There are many options you can use to harden your Windows 7 system, especially the Control Panel. Using the Start menu is also an easy way to provide a primary line of defense for your system after the initial installation. It is recommended that you create a security baseline after the initial installation and configuration of your system, which will require you to configure all security settings, applications, and download patches and updates and then create backup copy entire system using the System Restore utility. This will give you a snapshot of the system in a fresh state in case you need to return the system to that state. It is possible to create a restore point that can be used if the system has been compromised, and this will allow you to return the system to a baseline state with security settings applied. We'll look at the System Restore options in the Disaster Recovery section of this article.

Thank you for your interest in our site. The IT specialist company has existed since 2006 and provides IT outsourcing services. Outsourcing is the transfer of necessary, but non-core work for the company to another organization. In our case, this is: creation, support and maintenance of sites, promotion of sites in search engines, support and administration of servers running Debian GNU/Linux.

Joomla sites

In the current age of information, a de facto website becomes at least a business card of an organization, and often one of the business tools. Already now, websites are being created not only for organizations and individuals, but also for individual goods, services and even events. Today, a website is not only a source of advertising to a huge audience, but also a tool for sales and making new contacts. We create websites using CMS Joomla! This content management system is simple and intuitive. It is very widespread and therefore there is a lot of information about it on the Internet. Finding a specialist who works with Joomla is also easy. And you don't have to go far! Our company IT specialist is engaged in the maintenance and support of sites on Joomla! We will spend everything engineering works, we will take care of all correspondence with the hoster and domain registrar, fill the site and update the information on it. And although Joomla is easy to use, it is intuitive. But will you regularly perform the necessary work on the site yourself? How long will they take you? If you want to concentrate on your business, then entrust the support of your website to us. We will do everything in our power to keep the site alive and useful to its owner.
If you are a commercial organization that advertises or sells its goods and services on the Internet, then you simply need website promotion in search engines. After all, in order to sell something you need, at a minimum, for it to be seen, for people to know about it. And we will help you with this, we will promote your Joomla site in search engines. Depending on the competition and the budget allocated for promotion, your site will occupy decent positions in search results. The site will increase your profits!

Debian Servers

Sooner or later, striving for openness and transparency of their business, many companies are faced with the need to ensure the licensing purity of the software they use. However, the cost of licensing fees is not always acceptable, especially for small and medium-sized businesses. The way out of this difficult situation is to decide to switch to Open Source technologies. One of the areas of Open Source is operating Linux system(Linux). Our company's employees specialize in Debian Linux. This is the oldest and most stable distribution of the Linux operating system. We offer you services for the implementation of Debian Linux in your enterprise, configuration, maintenance and support of servers.

Information and advertising

A security policy is a set of parameters for regulating PC security by applying them to a specific object or to a group of objects of the same class. Most users rarely make changes to these settings, but there are situations when it needs to be done. Let's figure out how to perform these steps on computers running Windows 7.

First of all, it should be noted that by default the security policy is configured optimally to perform the everyday tasks of an ordinary user. It is necessary to manipulate it only if there is a need to resolve a specific issue that requires adjustment of these parameters.

The security settings we're looking at are controlled using GPOs. In Windows 7 you can do this using the tools or "Local Group Policy Editor". A prerequisite is to log into the system profile with administrator rights. Next we will look at both of these options.

Method 1: Using the Local Security Policy tool

First of all, let's study how to solve the problem using the tool "Local Security Policy".

1. To launch the specified snap-in, click "Start" and go to "Control Panel".



2. Next, open the section "System and Security".



3. Click "Administration".



4. From the proposed set of system tools, select an option "Local Security Policy".

   

   You can also launch the snap-in through a window "Run". To do this, dial Win+R and enter the following command:

   Then click "OK".



5. The above steps will launch GUI the desired tool. In the vast majority of cases, it becomes necessary to adjust the parameters in the folder "Local Politicians". Then you need to click on the element with this name.



6. This directory contains three folders.

   In the directory the powers of individual users or groups of users are determined. For example, you can specify whether individuals or categories of users are prohibited or allowed to perform specific tasks; determine who is allowed local access to the PC, and who only via the network, etc.

   In the catalog "Audit Policy" The events to be recorded in the security log are specified.

   In folder "Security Settings" various administrative settings are specified that determine the behavior of the OS when entering it both locally and via the network, as well as interaction with various devices. These parameters should not be changed unless absolutely necessary, since most of the relevant problems can be solved through standard setting accounts, parental control and NTFS permissions.

   

7. For further actions for the problem we are solving, click on the name of one of the above directories.



8. A list of policies for the selected directory will open. Click on the one you want to change.



9. After this, the policy editing window will open. Its type and the actions that need to be performed differ significantly from which category it belongs to. For example, for objects from the folder "Assigning user rights" in the window that opens, you need to add or delete the name of a specific user or group of users. Adding is done by pressing the button “Add user or group...”.

   

   If you need to remove an element from the selected policy, select it and click "Delete".



10. After completing the manipulations in the policy editing window, do not forget to click the buttons to save the adjustments made "Apply" And "OK", otherwise the changes will not take effect.

We described changing security settings using the example of actions in the folder "Local Politicians", but by the same analogy you can perform actions in other equipment directories, for example in the directory "Account Policies".

Method 2: Using the Local Group Policy Editor tool

Tune local politics it is also possible using the equipment "Local editor" group policy» . However, this option is not available in all editions of Windows 7, but only in Ultimate, Professional and Enterprise.

1. Unlike the previous equipment, this tool cannot be launched via "Control Panel". It can only be activated by entering a command into the window "Run" or in « Command line» . Dial Win+R and enter the following expression in the field:

   Then click "OK".