Security for Windows

Security for Windows

Ben Williams
09/11/16
IT140-1603B-02
Individual Project Unit IV

1
 Security for Windows

In the world of computers, security is probably the most important aspect of setting up a

network or computer system. For my company, I have decided to use Windows 7 with Windows

2012 server. I initially decided to switch from Windows XP to Linux with Ubuntu, but I have

decided to stick with Windows because of the fact that I am somewhat familiar with Microsoft

systems and know nothing about Ubuntu, and running a new network server will be

overwhelming if I am not familiar with the system.

The main areas to secure are with files, users, and software. The files on any machine

must be protected at all costs. The absolute most important thing to do is to configure a firewall

for the operating systems on the network (“Secure Windows”, 2011). Windows 7 conveniently

comes with its own built-in firewall called Windows Firewall and you can easily manage firewall

settings on the main server hub by using Active Directory, which allows the user to centrally

configure the settings and apply them all to the client computers using Group Policy. While

logged in as an admin on the Domain group, you can set the option for “program exceptions”

from remote assistance only (“Configure windows firewall”, 2006). By doing this, any computer

or program that tries to connect to the network will need specific exception from the

administrator to do so. This will keep the network and files within secure.

Yet another piece to secure is the users on the network. The firewall will provide some

protection, but not all. This is completed by installing antivirus and antispyware programs.

Ultimately it is up to the administrator to decide which ones to use, but I have had much success

in blocking viruses and spy programs by using a combination of Microsoft Security Essentials

(MSE), Spybot: Search and Destroy (S&D), and WinPatrol. MSE will auto update every day and

look for new definitions of spyware and malware and can be programmed to scan the machine

however the user chooses. For best results, I tend to let it scan each and every night while I am

2
 Security for Windows

sleeping. For the business, this will be perfect, as after business hours there aren’t as many

processes being run on the computer. Anything that MSE catches or flags as questionable can be

removed immediately by the program. S&D also auto updates every day and also offers the

programmed scan, but has better definitions when it comes to spyware and malware, so a

combination of both programs works best. As long as the programs are kept up to date and the

scans are run uninterrupted, they will catch intrusion programs and viruses. For one final security

blanket, I always have WinPatrol running on my machine as well. It does not scan the computer,

but instead monitors each and every program and service that is open on the computer. When a

program begins to run, it will bring up a prompt that must be answered “yes” in order to run.

This way, if a Trojan virus does get past the firewall and virus/malware scans, it cannot continue

to run unless the user allows it. It also works as a task manager by listing all programs and

services running at the moment, as well as a list of all startup programs. Windows does come

with a built in task manager that can work for day-to-day tasks, but if a machine is under attack,

it can be compromised. By scanning regularly for viruses and malware and keeping a close eye

on tasks running on a machine, user computers can be kept secure.

A final thing to remember is that when updating programs, remember to do so with

caution. Problems have arisen with Windows before about there being issues with a certain

update and it causing problems on the computer. Ignoring updates is out of the question – this

will in fact put your computer and network at risk of attack. The best thing to do is to wait about

a week, at most two, and update the system if no recalls have been made (Shnider, 2015).

Another technique that businesses have used is to have a “guinea pig” machine – one that they

will have on its own network and test updates for Windows on. This is a good solution for the

fact that you can see the issues that come up on this machine and it will not affect the business.

3
 Security for Windows

In short, keeping the network secure is a vital and important part of business practice.

Make sure that each machine has its own firewalls, virus and malware protection, and task

managers. Making sure that users keep their passwords confidential and complex (this should be

a no-brainer) and that they do not install programs willy-nilly is also key. By doing these tasks,

you will be an excellent system administrator and your business will run smoothly.

4
 Security for Windows

References:

“How to configure Windows firewall in a small business environment using group policy.”

(July 21, 2006). Online. Available at https://msdn.microsoft.com/

Shnider, Deb. (January 14, 2015). “Patch or not? Weighing the risks of immediate updating.”

Online. Available at http://www.windowsecurity.com/

“Secure Windows server” (2011). Online. Available at https://technet.microsoft.com