Harden Windows 7 SP1 6. Our. prevent our Windows 7 machines from being compromised.

Service Pack 2, the latest service pack for both Windows Server 2008 and Windows Vista, supports new types of hardware and emerging hardware standards, includes all.

Harden Windows 7 SP1 6. Our. prevent our Windows 7 machines from being compromised.

We. will harden the. Layers. security will be added to protect our system, private documents. Then, continuing the security process, we will set. And we will setup baselines so that we can regularly compare. And. want to monitor the current threat landscape and be able to react to. Security is all these steps that begins with.

If you have your old version of Windows Vista installed, you should run the activation backup and recovery program to backup the OEM system locked preinstallation files. Windows 7 Professional SP1 64bit (OEM) System Builder DVD 1 Pack (New Packaging. Windows Vista Business Download – Free ISO 32/64bit (Professional) Updated on November 3rd, 2016 · by Softlay Editor.

Know that viruses, trojan horses, botnets and worms are all created by. They are just automated means to attack you. What the hacker. has done is create a program that automates his method of attack and. While you may not have an attacker actively.

PC. Windows. purpose operating system, and as such, has many built in features. As more and more lines of code accumulate, there are. And programmers talk about bugs per 1.

It is unavoidable to have bugs in code, and Windows 7 is. And these could. the low thousands. Then, there are the not- yet- discovered bugs that. A. properly hardened. PC will deny and deter attacker with layers of protection.

Our goal is to prevent our Windows 7 machines from being compromised. We will harden the system to eliminate lots of attack surface and impede hackers.

Sometimes. on the vulnerability, it will be completely mitigated because that. Other times, a zero day vulnerability might enable an attacker. Their ultimate prize is to gain admin/system rights to your PC. With a hardened system, they won't reach. And with security monitoring, even if they obtained admin rights.

Importance. is important to. The ideal candidate of this. PCs in the LAN and SMB.

That is because the more network ports you open, the less secure you become. Testing. Windows 7 Home Premium, Professional, Ultimate & Enterprise 6. Windows 2. 00. 8 R2 Server. There are differences between the. Ultimate has 1. 46 services while Enterprise has 1. Professional has. Home Premium has 1.

Limited. been done after performing the hardening procedures below. For Windows. Professional and above, I test the following. After. control panel items work, with the following exceptions: . You cannot fight. You can. something and they will just disable it.

You best chance of survival is. Windows and then hardening it to prevent. This. for standalone Windows Home Premium systems. There is another version. Professional, Windows Ultimate, Windows Enterprise and Domain joined. Restore file. Items covered are. It. is made for 6.

Windows only. 3. 2 bit machines are not. There are. many more executables in a 3. There. series of Custom View xml files for Event Viewer. There. firewall policy file which can be imported to establish firewall. Service. Pack 1 for Windows 7 6. Windows installation DVD does not come.

You want the . From here: http: //www. Simple. Restriction Policy 1. Surf to http: //sourceforge. Or that you may. compromised when you go online to fetch updates. There. is a free tool called WSUS Offline Update, which can download updates. Windows platforms and create a ISO image file.

Just burn this. image file to DVD and slip it into your PC and it will commence. Note that it will only download KB's that are.

MS Security Bulletins, which are all the critical and important. Windows Update afterwards to. This tool eliminates a. Windows installation. That is when you only have.

The tool is available from here: http: //www. The site is in German and English. So. the plan is to run this tool on another PC to fetch the updates, and. Once you have downloaded and extracted the zip file. Right click on. 'Update. Generator. exe' and select Properties then Compatiblity tab.

Then run the program. On the main screen, select the platforms which you want updates for. Create ISO images 'per selected product and language'. Start button. After it finishes, check the iso sub folder to locate the ISO image. You need to right click on it and. Burn disc image'. Or you can use the free Img.

Burn utility if. you are not on Win 7 or Win 8. Install. should download. We don't want to connect the computer to the. Further down this document, when. ASAP. Do not surf the net while performing any step prior to Windows. Install. Critical and Important Updates.

Use. the updates disc create by WSUS Offline Update and install the patches. Least. concepts underlying hardening is Least Privilege. It means to configure. So, that means that if a feature in Windows is not used, it is to. The. reason behind it. The more features you have, the more potential bugs (some.

Now attackers know a lot about the security bugs in. If you go live on the internet with all. If you disable. features, then he. Only login to the. Because when you are working in a Standard account. So, if you have. level data, it is best to store them in an account which you don't surf. If you have your.

Run. As, ( it is. Seondary Logon service ), then automated attacks and hackers cannot. Display. Panel settings. Control. 'View by: Small Icons'. This shows all the. UAC to the max. When.

Vista, there were some complaints about UAC asking for confirmation to. So MS made a compromise in Windows 7 and allow. Know that turning off UAC. Protected Mode in Internet Explorer, and not too many. UAC pops up. during the setup phase, once you have finished setting up your. Control. Control Panel Items\User Accounts\Change User Account Control Settings. Move. slider to top.

Specifying. hardening on networking components first, without connecting to the. After hardening. you can set up the correct gateway, and we will then connect to the. Windows Updates. Control. Network and Sharing Center, Local Area Connection link, Properties. Internet Protocol Version 4 (TCP/IPv.

Properties button, Default. Gateway. Work and home are similar. The work and home. Windows is allowed to talk to. PCs. The public setting is the most secure and is meant to be used at. If your network contains insecure PCs, then you. The domain setting cannot be chosen.

PC has joined a domain. Since we are. PC, we want the most secure setting, and only allow Windows to talk. So for those that intend to join a domain, choose the work. Control. Network and Sharing Center. Some networking components implement protocols. So unless your environment requires that a. The. only protocol you.

IPv. 4. And most networking equipment requires IPv. IPv. 6 will be increasingly necessary as we have run out of.

IPv. 6 is still not very popular. If. you have a IPv. Some routers do not understand IPv. So MS made several tunnel components that. IPv. 4 to the outside. This in effect bypasses the security. NAT- router and hardware firewall.

Tunneled traffic can't be seen. Net. BIOS. is not required because Net. BIOS is already active without this option. For. users, this is not needed, as there is only one router.

You would only. see a picture depicting your PCs connected to your router. For Domain. this feature is automatically turned off once you join the domain.

File. Sharing should only be enabled if you plan to share some of your. If printer sharing is desired, it is better to get a printer. PC. Disable this feature unless absolutely required. Control. and Sharing Center. Local. Connection\ Properties buttonuncheckmark.

Client. for MS Networks. File. and Printer Sharing for Microsoft. Networks. Qo. SLink. Layer Topology Discovery Mapper IO. Layer Topology Discovery Responder. Internet. protocol version 6.

Select. Protocol version 4 (TCP IPv. Properties, click Advanced, click. DNS' tab, uncheck 'register this.

DNS'click. 'WINS' tab, select 'Disable NETBIOS. TCP/IP'Disable. previously, IPv.

IPv. 4 router. hardware firewall. If you have an IPv.

See. this page: http: //support. There. Fix. It modules. I would choose either .

The TCP/IP Net. BIOS Helper service depends on it. When you. Net. BT driver, there will be no Net. BIOS functionality whatsoever. If. standalone machine, this is what you want. When. features, I like to disable their components too. So even though IPv. I still disable the Wan Miniport IPv.

Teredo. ISATAP driver and IPv. ARP driver. Control. Device Manager, View menu / Show Hidden Devices/Network. Miniport IPv. 6 /Network. Microsoft ISATAP adapter (IPv. Network. Teredo Tunneling Pseudo Interface (IPv.

Non- Plug. Drivers /Remote Access IPv. ARP Driver > Properties >. Driver tab > . Change Startup Type from System to Disable/Non- Plug. Drivers / NETBT > Properties > Driver tab > Stop. Type. from 'System' to 'Disabled'.

When something is unused, least privilege says it. Programs\Accessories\command prompt, right click, select . However, with. each poking holes into your firewall with UPn. P, pretty soon it will be. It is better to configure.

Normally, you would want to close those ports unless you. Windows 7's listening processes and their port numbers are. Wininit. exe ( 4. Schedule. 4. 91. 54 ), services.

That means nobody can touch those listening ports unless the. This has been verified by connecting to them with telnet and. This kind of firewall will. Like. when you surf to. Buy one even if you have only 1 PC. And if you are using. Ethernet port, you definitely need one.

More. hardware firewall routers will have more tools, like configurable. For an example of small/medium size. That means all traffic is. Those rules are your. Window's. default policy is set to inbound deny and outbound allow all.

When outbound blocking. Malware will have a hard time reporting back to their servers.

So. after installing a program that needs to connect to the net, like your. If. you have the Automated Configuration. Control. Panel / Administrative Tools /.

Windows Firewall with Advanced Security / Import Policy, select. Give the rule a name.

Give the rule a name, eg . Click on 'New Rule'. Select 'Custom'. Select 'All. Programs'. For 'Protocol Type' select 'TCP' or 'UDP' as the case may be. For. Port', select 'Specific Ports'. Then type in the port number(s) below.

Select 'Allow the connection'. Give the rule a name, eg. Note that installing a third party firewall will automatically. Windows 7 one, because having 2 firewalls will cause conflicts. For. example, currently, the Comodo firewall is top rated, However, the part.

I prefer my own white list, containing programs that I know. It also has to do with Least.

Privilege, because one doesn't want rules to allow programs connecting. If you do want to use Comodo, then.