Oseiga Tech

The TECH Column | Steps to Hardening the Security of Your Windows OS – By @JoelOseiga

As far as your windows computer is connected to the internet, there is absolutely no way you are totally safe from intrusion or other kinds of attacks. However, in this article, I provide a ground up approach to harden the security configuration of your windows system. It is advisable to do this to both your personal computer and computers in your organization that run windows operating system. This configuration will at least make you safe from viruses you don’t install on your computer by yourself and it will prevent your computer from various forms of malicious intrusion.

STEP ONE: Install Windows 10 and Update your BIOS.

The very first step is to update your system’s BIOS. A BIOS (basic input/output system) is the program that the computer’s microprocessor uses to get the computer system started after it is turned on.  Usually, the BIOS runs at the same time as your windows system. Updating your BIOS delivers some really awesome fixes and features you probably wouldn’t hear about ordinarily. Even if your computer is brand new, it is advisable that you update the BIOS before installing your operating system.  Updating your BIOS is quite straightforward. Simply visit your computer manufacturer’s drivers page.

CONFIGURING THE BIOS:

Before the system boots up immediately after you press the power button, press the setup hotkey. In HP computers, it is usually F10 but it could be F anything on your computer.

While in the BIOS option, set the following configuration:

  • Set a BIOS password: This doesn’t have to be complicated. Once set, your computer cannot even boot up without it not to talk of getting modified by a malicious user or some programs. The BIOS password protects your computer from malicious modification by someone sitting in front of it.
  • ENABLE TPM (Trusted Platform Module) and SecureBoot if the options are available.
  • Disable 1394/FireWire and ExpressCard/PCMCIA if you use a laptop.
  • Change the boot to UEFI and disable everything else except UEFI DVD, UEFI HDD and USB UEFI.

INSTALL YOUR WINDOWS 10

Although installing or reinstalling your windows operating system can be both stressful and ridiculously annoying, we just have to install or reinstall the operating system once in a while.  I have insisted on Windows 10 because that is the most secure windows ever. Windows 10 has built-in antimalware tools, introduced virtualization to contain attacks, etc. Windows 10 is simply the safest version of Windows operating system ever produced by Microsoft, so install windows 10(please go and buy it, don’t install anything ‘free’ from the internet).

  • Simply insert your DVD/USB and use the boot menu hotkey to boot from it. This is usually F9 or F12. It might be something else on your device.
  • Follow the instructions and install Windows. Delete any partition that is already available if the option comes up during installation.
  • Set a Windows user account password that obeys the following rules while installing your new Operating System:
  1. Must be a minimum of nine characters.
  2. Must be a combination of lowercase letters, numbers and symbols
  3. Must not be the same for other accounts
  4. Should be changed every 30 days.

STEP TWO: LET’S BLOCK THE POSSIBLE LOOPHOLES 

  • UPDATE WINDOWS 10

It is very important to ensure you have the latest security updates and patches available on your windows operating system at all times.

  1. Click the start button and type update then click on Windows Update.
  2. Select Change Settings
  3. Click Install updates automatically
  4. Return to the Windows Update page, click on Search for Updates/Install Windows Updates

This is a very important step in other to install the latest security and stability fixes on your Operating system.

  • SET User Account Control (UAC) to FULL.
  1. Click the Start button and click Control Panel.
  2. In Control Panel, click User Accounts
  3. In the User Accounts window, click User Accounts.
  4. Set User Account Control to ON and confirm it.
  5. In the Security section of the Windows Solutions Centre page, click Adjust UAC Settings. In the User Account Control Settings page, move the slider to the highest option. Anything else may allow malware to easily elevate to administrator level permissions.

Let’s Encrypt the Hard Drive

Installing Windows 10 makes hard drive encryption really easy and way better. Unlike before, you do not need to install any third party software to do this.

  1. Click the Start button and click on Settings
  2. Click on System and click About
  3. Click on Device Encryption.

If you do not find Device Encryption in your About page, then your computer does not support the free encryption (Bitlocker) that Windows Home supports. You should upgrade to Windows 10 Pro or simply go back to the BIOS setup and set a HDD password.

If you are on a Windows 10 Pro however, simply open Control Panel and click Bitlocker Drive Encryption and Turn on BitLocker. 

STEP THREE : YOUR BROWSER CAN GIVE YOU AWAY.

Google Chrome is the safest browser available at the moment. It prevents malware escape it is very fast to update and fix problems. Simply go to Chrome’s website (here) and install the “Chrome 64-bit MSI Package”. Enjoy Chrome!

Next is to set the Adobe Flash Player to click-to-play.

Adobe Flash is still used by many websites to play videos and games. It is however fading out gradually because it contains a massive exploitable security hole and it slows browsing down. To do this, do the following:

  1. Click Chrome’s menu button and select Settings
  2. Click Show advanced Settings
  3. Under Privacy, click Content settings
  4. Scroll down to Plug-ins and select Click to Play.

It is usually a bit similar in other browsers, just check here

Install uBlock Origin

Very many web attacks come through malicious advertisements displayed on popular and unpopular websites. uBlock origin is the fastest and most reputable ad blocking software available.

Install HTTPS Everywhere

This is a browser extension produced by the Electronic Frontier Foundation (EFF). It automatically switches websites to HTTPS, which prevents malicious users from messing with what appears on your page. This is very important for Laptop Users. You can get it here

Apart from google chrome which I have recommended, it is good practice to always choose the latest version of your browser and to make sure your web browsers can block pop-ups since malicious code are usually embedded in most popup windows. Also, try not to allow storage of cookies in websites you are not sure about.

STEP FOUR: BE WISE and  DON’T EVER DOWNLOAD FREE SOFTWARE                                   

NO SOFTWARE THAT IS PAID FOR COMES FOR FREE! That is how people get all forms of malware on their systems. Especially antivirus. Don’t download free antivirus or free ‘laptop trackers’. By downloading them, you are simply bringing all sorts of malicious software into your computer.

Following the step-by-step instructions provided above will make your system very safe. However, if you are willing to spend some money on securing your system, you might as well get the OpenDNS Umbrella, an Anti-Logger and a VPN (that is paid for). Also, in other to ensure you do not lose data, it is very advisable to back up your system either in the cloud or in an external hard drive

Since there are so many other solutions to protect your system after installing windows, I would love to know your opinions and methods. How do you increase your computer security after installing Windows? Please feel free to share in the comment box.

[The following resources were useful while writing this article:  This and This]

Joel Oseiga Aleburu is a Cyber Security Analyst and currently a researcher on Self Adaptive Privacy and Security . He is interested in encryption and vulnerabilities in general. Please feel free to send your questions to [email protected] or contact him on Twitter: @joeloseiga

 

 

__________

Follow us on Twitter at @thesignalng

Copyright 2017 SIGNAL. Permission to use portions of this article is granted provided appropriate credits are given to www.signalng.com and other relevant sources.




There are no comments

Add yours