How to Secure Your Windows 7 System – Part 1

How to Secure Your Windows 7 System – Part 1

I recently purchased a new computer that had Windows 7 installed. With my new computer I figured it would be a new start with both the new operating system and security. Over the past month I have been busy reading, learning, and applying various security measures on my new computer.

I have learned a bit more about security during that time, and feel that I have a fairly secure desktop, and have now decided to write several posts that outline what I have done on my Windows system to make it more secure.

Securing the Access Point

Securing Your System

Before I get into securing the actual Windows system, I thought I would start with securing the Internet connection, more specifically the access point. I am starting with this because I currently have a wireless network installed in my home, so it was there before I setup my new desktop.

Another reason I wanted to start with this is because many of the tools I will be recommending in future posts will require downloading of those tools. To ensure you keep your system safe, you must first make sure your access point to the Internet is secure.

One of the biggest concerns today is the security of wireless routers. Many of the most popular posts on Technically Easy has to do with wireless routers, and they are becoming more popular each year. However, it is very important to make sure you secure them properly to prevent unauthorized access to your Internet connection, and any LAN you have created in your home.

Securing the Wireless Router

Linksys WRT54G Wireless-G Router

A wireless router is usually the middle-man between the modem and your computers. The router will be the access point from the Internet to your local network, so it should be secured.

A few things that will need to be done to secure your router include the following:

  1. Change the administrator password on your router. Make sure the password is something complex, and possibly change the administrator ID, if possible.
  2. Limit the number of IP addresses assigned by your router. Determine the number of systems/devices that will connect to your router and have your router assign that many IP addresses.
  3. Use WPA2/WPA with AES and a long passphrase. The longer the passphrase the better. If you need help, you can use the random Ultra-High Security Password Generator and use either the 64 or 63 character versions.
  4. Enable HTTPS when accessing the administrative pages. I know some routers also allow you to access the administrative pages using the secure HTTPS protocol, which is great, especially if you access the pages using a wireless connection.
  5. Turn on MAC filtering. This is a debatable one, and one that I don’t use. It will provide an additional hoop for a hacker to jump through, but a true hacker can bypass this fairly quickly.

You may have noticed that I don’t include disabling the SSID broadcast. There are a number of reasons. One reason is because I have had trouble connecting certain systems to the network when it is disabled. Another reason is that hackers use tools that can see the SSID regardless of whether it is broadcast or not, so it doesn’t really provide any protection for your network.

Security Through Power Protection

UPS - Uninterruptible Power Supply

One type of security that isn’t mentioned too much is that of providing power protection for your systems. I include this into security because, unlike malware, a power surge can not only prevent your computer from booting, but it can also destroy your entire system. This could potentially lead to a total loss of all your data, and you may not be able to recover it.

To protect you systems you should invest in more than just surge protectors. I would also look at buying an uninterruptible power supply (UPS). These are pieces of hardware that you place under your desk, or anywhere out of the way, that provides a connection between the wall outlet and you system and devices.

A UPS contains one or more batteries that will then provide power to any devices connected to it when there is a power outage. This should give you a few minutes to shutdown any devices connected to it. Why is this important? Lets say you are working on your computer, the hard drive saving and retrieving data, and then there is a power outage. Immediately your system grinds to a halt. The problem is that if you hard drive was reading/writing data, it could possible be damaged during those operations if the power was suddenly cut, causing possible data loss or worse. With a UPS, your system would still be powered for a few more minutes allowing the hard drive to complete what it was doing, and then giving you time to properly shut the system down.

A UPS also provides all the devices connected to it with clean power, so the devices don’t experience the spikes and drops of the power that comes from wall outlets. This feature provides even more protection for your systems.

The points mentioned above are good reasons to invest in a UPS if you want to keep your computer and devices protected from sudden power surges.

To keep my computer protected and secure, I use both a wireless router, with a build-in hardware firewall, and a UPS. The next few parts will focus on the Windows settings and software that I use to secure my Windows system.

9 Responses to “How to Secure Your Windows 7 System – Part 1”

  1. Dave B says:

    Re UPS’s.

    Don’t’ forget to maintain them too. The batteries often need changing every two years at best, often yearly if the thing is running hot. (Give it some ventilation, and keep it’s vents clean.)

    Remember too, to periodically test them. Most have a test function on the front panel, or they can do it automatically themselves. But whatever, try to do that when “nothing delicate” (like a system backup or update etc) is running, just in case…

    Ideally too, if you have a home server (of whatever type) it’s worth investigating if it can be setup to connect to the UPS by some means (not all UPS’s support that though) so as to monitor it’s health etc. Then if the lights do go out when you’re not home, it can do an orderly shutdown, before the batteries run out, saving your precious data.

    Take care.

    Dave B.

    • Paul Salmon says:

      Maintaining is important. I have had my UPS for about 5 years and last year during a power outage my system didn’t stay powered on long enough. After running the self-test on the UPS, it indicated the battery was no longer charging to full capacity. I replaced the battery, and everything is good again. I give batteries about 3 to 5 years in most products with rechargeable batteries – especially laptops.

  2. Robert says:

    It’s unbelievable how little some people care about security. In our company, there are several people who have passwords like 1234, their birthdate or their first name. Also, in the appartment complex where I’m living there are at least 2 wifi networks everyone can access because they are not password protected.

    • Paul Salmon says:

      I used to have a WiFi network near me that was unsecured. Right now, however, all WiFi network have some security. Many people don’t think much about security, such as creating long passwords, or they use the same password for everything. With the number of passwords that we have to memorize these days it is no wonder that they don’t want to create different passwords. I use a password manager to help me with that.

  3. botn says:

    I’m blogwalking, obviously stumble here after reading securing windows 7. You have a clean blog theme mate

  4. Mark says:

    Picasa is a pain in the neck. FIVE suggestions from you now, and NONE of them work.. for instance, you say I’m in a “homegroup” and tell me how to get out of it, my Picasa version is “up to date”, and yet I can’t proceed……….. NOR can I share ONE photo with ONE person.

  5. You wouldn’t believe how many people actually have their wireless internet open (non-passworded) or having the password as “password” 🙁

  6. Alex says:

    excellent tips!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.