Windows 7 Hardening Guide

windows 7 hardening guide If you’re looking for a detailed, definitive guide to hardening Windows 7, you can’t beat this security guide from Microsoft. It’s called the Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2 and you can download it here.

It’s a massive 387 pages long and it includes specific descriptions and recommendations for every Windows 7 security setting. Here’s an example:

Accounts: Guest account status
This policy setting enables or disables the Guest account.

Possible values:

Enabled

Disabled

Not Defined

Vulnerability
The default Guest account allows unauthenticated network users to log on as Guest with no password. These unauthorized users could access any resources that are accessible to the Guest account over the network. This capability means that any shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group are accessible over the network, which could lead to the exposure or corruption of data.

Countermeasure
Disable the Accounts: Guest account status policy setting so that the built-in Guest account cannot be used.

Potential impact
All network users must be authenticated before they can access shared resources. If you disable the Guest account and the Network Access: Sharing and Security Model option is set to Guest Only, network logons fail, such as those performed by the Microsoft Network Server (SMB Service). This policy setting should have little impact on most organizations because Disabled is the default setting.

If you’re developing your own Windows 7 Hardening Guide or Windows 7 Hardening Standard, use this document as your reference and you won’t go wrong.

Tagged as: windows 7, Windows Hardening Guide, Windows Hardening Standard

Leave a Comment

Previous post: Sample Information Security Policy Template

Next post: Incident Response Plan Template

Recent Data Breaches
- Prevent and Prepare for a Data Breach
  In times of escalating privacy and data breaches, customers expect every business — large or small — that collects their sensitive personal information will protect it. […]
- CORRECTING and REPLACING DriveSavers Highlights Risks of Data Breaches as Healthcare Goes Digital
  Please replace the release with the following corrected version due to multiple revisions. […]
- DriveSavers Highlights Risks of Data Breaches as Healthcare Goes Digital
  NOVATO, Calif.--(BUSINESS WIRE)--DriveSavers Data Recovery Highlights data breach vulnerabilities overlooked when PHI data disclosed to hospital “business associates” […]
- Data Breach at CCSU
  More than 18,000 current and former employees are at risk, according to the University. […]
- In the Cloud, a data breach is only as bad as your contract
  Loss of control is one of the main things that gives people pause when they think about putting their data in the cloud. We've all seen how painful a data breach can be, and it can seem almost like asking for trouble to put your data in the hands of someone else. It's hard enough to prepare for a breach when you're in control. How do you do it […]
- Nortel executives knew of data breach, chose to do nothing
  The data breach into Nortel's data systems was known to company executives, including the CEO, for over a decade, but the company refused to take steps to prevent data loss. […]
- State pays for data breach
  AUSTIN — The taxpayer tab for individual credit monitoring after a data breach in Comptroller Susan Combs' office has topped $600,000, and Combs' campaign is paying extra to resolve routine credit glitches in some cases. […]
- Data breach? Blame your third party's remote access systems
  An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. […]
- IT pros say data breach assessment is more valuable than notification, study says
  IDG News Service - IT professionals believe that assessing the potential harm caused by data breaches is more useful to mitigating the effects of such incidents than notifying affected individuals, according to a survey published on the day the European Union's proposed a 24-hour deadline for data breach disclosures. […]
- IT pros believe data breach harm assessment is more valuable than victim notification, study says
  IT professionals believe that assessing the potential harm caused by data breaches is more useful to mitigating the effects of such incidents than notifying affected individuals, according to a survey published on the day the European Union's proposed a 24-hour deadline for data breach disclosures. […]

Subscribe to Data Security Policies via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Categories
- Security Policies
- Security Standards
Information Security
- IT Security Guy
Security Policies
- Christiansen’s IT Law
Security News Feed
- FCC Chairman calls for increased cybersecurity measures
  The FCC chairman has called for a step-up in the fight against cybercrime. […]
- Many SMB mobile devices unmanaged, presenting security risk
  More than half the Apple iOS mobile devices considered in a newly released study by mobile security vendor Mobilisafe were using outdated firmware. […]
- Boston Acoustics TVee Model 25 (photos)
  The Boston Acoustic TVee Model 25 is a competent, but unexceptional, sound bar with some design flaws that make it not quite worth its premium price tag. […]
- Juniper picks up Mykonos to beef up security
  Specifically, Mykonos' software focuses on Web application attacks and zero-day threats. […]
- Poor ATM PIN codes give the bad guys a 1-in-11 chance at getting your money
  A PIN code based on the victims' birthday will enable a competent thief to gain use of an ATM card once for every 11 - 18 stolen wallets. […]
- Microsoft next in line to file EU complaint against Motorola Mobility
  Microsoft has launched a formal complaint against Motorola Mobility due to Standard Essential Patent 'abuse'. […]
- Microsoft files antitrust patent complaint in EU against Motorola
  In the latest round in the never-ending patent wars, Microsoft has filed an antitrust complaint in the EU over Motorola Mobility's video-patent-licensing terms. […]
- AppSense launches free Dropbox security product
  Virtualization solutions provider AppSense is launching a new security solution for personal cloud services, such as Dropbox.DataLocker is designed to address the gap between convenience and... […]
- BlackBerry PlayBook OS 2.0: Déjà Vu?
  Almost a year after its launch, are the improvements in RIM's tablet OS good enough to fend off the Apple and Amazon juggernauts? […]
- Gallery: Visual tour of the PlayBook 2.0
  The newly released BlackBerry PlayBook 2.0 finally adds email support and other missing functionality. Here's what the new PlayBook software looks like on the screen. […]
Data Security Policy Tags
Acceptable Use Policy Authentication Policy Business Continuity Policy Business Continuity Security Policy cloud cloud computing computer computers Computers and Internet Computers and Technology Corporate Security Policy Data Classification Policy Data Recovery Data Security Policies Data Security Policy Disaster Recovery Policy hard drive data recovery hard drive recovery Incident Response Plan Incident Response Plan Template Incident Response Policy Information Security Policy Internet Internet Security IT laptop laptop computer laptops mozy online backup online backup PC RAID data recovery Record Retention Policy security Security Breach Security Policies Security Policy Security Standards software spyware technology Vulnerability Management Policy Windows Hardening Guide Windows Hardening Standard Wireless Security Standard

tumblr stats