RSS

Discover news, guides, and products for your business

  • Recommend:
  • 0 Comments
  • Print
Security

Windows 7 Security: What You Need to Know, Part One

By Roger Grimes, Infoworld

Windows 7 has enjoyed favorable adoption, yet many IT admins are now struggling with the platform's new security features. I've received plenty of e-mails to that effect with readers asking about the security changes (or deltas) between Windows Vista and Windows 7, as well as for my configuration recommendations.

[See Windows 7 Security: What You Need to Know, Part Two]

[See Windows 7 Security: What You Need to Know, Part Three]

I typically avoid Microsoft-only columns, as I'm a full-time employee of the company. However, because security is my area of expertise, and given the overwhelming number of requests from readers, I've decided to do a three-part series on Windows 7 security. This week, I'll take a look at some of the aforementioned security deltas, and I'll share my recommendations.

User Account Control
 UAC is one of the most notable updated features in Windows 7. It prompts less frequently for low-risk administrative actions by default, but it allows admins to modify the prompt sensitivity using a slider bar.

Recommendation: Your domain environment should already be at the highest and most secure level. If it isn't, make it so. That way, users will be prompted to input their passwords to perform high-risk administrative actions. No matter what else, UAC should be enabled.

BitLocker
In Windows 7, BitLocker Drive Encryption technology is extended from OS drives and fixed data drives to include removable storage devices such as portable hard drives and USB flash drives. This expansion is called BitLocker to Go.

In Windows Vista SP1, Microsoft added official support for encrypting fixed data drives, but it could only be done using command-line tools. Now you can encrypt operating system volumes, fixed data drives, and USB flash drives via the Windows Explorer GUI. Moreover, you can use smart cards to protect data volumes, and you can set up data recovery agents to automatically back up BitLocker keys.

If you're using a Trusted Platform Module (TPM) chip, you can enforce a minimum PIN length; five characters should suffice for most environments.

Was this article useful? Yes 0 No 0

Read more like this: , ,

Comments

Follow us on:

  • Speed Up Everything!

    PCWorld shows you the secrets to improve performance on all your hardware.

    Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PCWorld

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.