In order to better meet the needs of enterprise users, Microsoft has introduced a large number of storage, network access, security and other functions in Windows7 Enterprise Edition/Flagship and WindowsServer2008R2. The new weapon of the application, but the security of win7 still needs to be further improved. With the popularity of the Internet, the spread of viruses and Trojans and other malicious programs is getting faster and faster. Once you are recruited, it is easy to cause system collapse or personal privacy disclosure. If the virus or Trojan is aimed at monetary interests, the harm will be even more serious, which may result in the loss of property. This problem exists in Windows 7 (hereafter referred to as Win7). Therefore, in order to ensure system security, it is particularly important to perform targeted security optimization on Windows 7 systems.
turn off the default shared system blocked the back door
Like XP, Vista, Win7 default also opened a network share (Figure 1). Although this makes LAN sharing more convenient, it also creates conditions for virus transmission. Therefore, turning off the default share can greatly reduce the probability of the system being infected by a virus.
open cube, click on the "system optimization → network sharing", will "prohibit the default administrative shares and shared disk partitions" is selected, click "Save settings" to restart the computer after this time will not be able to access the system by default share (as shown in Figure 2). If you don't want to turn off all default shares at once, the cube also provides the ability to turn off a single default share. In the previous interface, select the "default share" point "refresh", you can see the current system's default share list, select the default share that is not needed, click "Clear Share", save the settings to restart the computer, the selected default share will is closed.
In addition, the Cube also provides a "limit remote default share IPC $", "communication IPC $ null connection between the prohibition of process" and so can effectively improve system security, we recommend you enable all.
modify group policies and strengthening the system registry
XP, the same as Vista, Win7 still open in the path of high risk can remotely access the registry. Setting the path to the remotely accessible registry to null can effectively prevent hackers from using the scanner to read Win7 system information and other information through the remote registry.
Open the Control Panel, select "Administrative Tools", double-click "Local Security Policy", open the "Local Policies → Security Options" on the right find "Network access: Remotely accessible registry paths" and "Network access: remote access to the registry path and sub-path", double-click to open, delete the registry path in the window (as shown in Figure 3).
Lock key features prevent virus theft system
some common higher authority functions such as command line program, batch file, Registry Editor, etc. are often viruses and other malicious Software utilization has become an "accomplice" to the intrusion system. These programs are not commonly used as ordinary users. Therefore, disabling these functions can effectively strengthen the system and ensure the security of daily applications.
open cube, select the "Security system optimization → Security Settings", recommended to select "Disable management control units (MMC) plug-in", "prohibit execution of the autoexec.bat file", "prohibit the use of Registry Editor", " It is forbidden to import .reg registry file, "disable command line program and batch file", save the settings and restart the computer to complete the setting.