Protecting My PC

Thorax_the_Impaler

Thorax_the_Impaler

Minecraft Veteran
Messages
352
Location
127.0.0.1
Hello everyone!

Recently I upgraded to Windows 7 Home Premium from Windows XP Professional (I know, finally) and I have a few concerns I need to sort out. Firstly, I would like to say I currently live with an ******* who is very tech savvy, in a not-to-be-trusted type of way. Moreover I have had "problems" in the past that I feel were caused by him. I want to avoid this as much as possible, and I am taking every measure I can to protect my electronic interests.

But I know it's not enough. I am quite unfamiliar with Windows 7; I have never used it on any of my personal machines. And I've seen a lot of network sharing functions that concern me, primarily because a certain network scanner I have was able to view almost everything on my machine after a quick scan. I'm not too sure what that was about, but that is exactly why I am posting this thread.

Essentially I want to lock down my system (as far as networking is concerned) as much as I possibly can. No shared folders, no absurd amount of free information about the machine just by running a simple scan, et cetera, et cetera. I've already tried to do this by adjusting network settings, but I'm almost completely lost.

So, what can I do to lockdown my PC's running this new system as best as I can? In all honesty, I'm more than likely being paranoid. But I'm not taking any chances. Years of data is too precious to risk. Thank you in advance everyone; I cannot adequately express my appreciation for any and all help.
 
Turn off network discovery, turn off all sharing and remote desktop/assistance options, turn on UAC, and have a strong password. Set a password for your BIOS, as well. Set a short timer for your screen saver and make sure it asks for a password to resume. Make sure you keep up with all updates and patches not only for Windows, but for all your applications. A decent AV suite like Avast, Avira or AVG will suffice (they all have been known to have certain problems, so see which one works for you). If you want to pay for your AV suite, I'm a fan of ESET products. An active scanner like Malwarebytes would be good to have. Make sure you run scans regularly. Create a system image backup and always backup your important files - be prepared to wipe your system and restore if necessary. While you're at it, encrypt your HDD. Just look up "whole drive encryption."

Important documentation and media should be behind a physical lock. Your PC case should also be secured with a physical lock. Never let anyone touch your machine unless it's someone you totally trust (even then, that's not always a good idea).

Create a standard account and use that account instead of the admin account. That way an attacker won't be able to do much if your account gets compromised because the intruder will not have admin privileges.

Bear in mind that security vs. usability is a zero sum game. The more you have of one, the less you have of the other. Your machine can be super secure but that also means that it will be a huge pain in the ass to use. For example, using a standard account is more secure, but you're going to have to enter your admin password every single time you want to install a program or otherwise write something to disk. If it's a strong password, it's going to be a random string at least 12 characters long with special symbols, numbers, and capitalization. If it's not a strong password, then you are just asking for it. I personally could not follow all the steps I've just mentioned. I've tried, and it's not worth the hassle if it's not required and I'm not getting paid big bucks to do it.

If you want to go the extra step, use only a wired connection and put a physical firewall between your PC and the router. You don't have to buy one; you can easily convert an old desktop using open source software. I like pfsense because you can disable NAT which will allow you to use it within the LAN. The only thing about a physical firewall like that is that you're going to have to learn how to use it if it's going to be of any use to you.

Furthermore, you can keep up with security news and bulletins. New vulnerabilities are discovered every day, and there are always some of them that could possibly affect you.

Finally, dig up some dirt on your roommate, or just anything that you can use against him if the need ever arises.
 
Last edited:
Great advice by both.

The biggest issue would be Network discovery - which is why you are seeing those items on the network. You can turn that off in the Network and sharing center. You can also ensure your firewall is turned on and does not accept any incoming connections (IE pings, ect).

Encrypt your hard drive, ensure you have strong passwords for everything (and change them every month if you want to truly be secure).
 
DistraughtSysop said:
Turn off network discovery, turn off all sharing and remote desktop/assistance options, turn on UAC, and have a strong password. Set a password for your BIOS, as well. Set a short timer for your screen saver and make sure it asks for a password to resume. Make sure you keep up with all updates and patches not only for Windows, but for all your applications. A decent AV suite like Avast, Avira or AVG will suffice (they all have been known to have certain problems, so see which one works for you). If you want to pay for your AV suite, I'm a fan of ESET products. An active scanner like Malwarebytes would be good to have. Make sure you run scans regularly. Create a system image backup and always backup your important files - be prepared to wipe your system and restore if necessary. While you're at it, encrypt your HDD. Just look up "whole drive encryption."

Important documentation and media should be behind a physical lock. Your PC case should also be secured with a physical lock. Never let anyone touch your machine unless it's someone you totally trust (even then, that's not always a good idea).

Create a standard account and use that account instead of the admin account. That way an attacker won't be able to do much if your account gets compromised because the intruder will not have admin privileges.

Bear in mind that security vs. usability is a zero sum game. The more you have of one, the less you have of the other. Your machine can be super secure but that also means that it will be a huge pain in the ass to use. For example, using a standard account is more secure, but you're going to have to enter your admin password every single time you want to install a program or otherwise write something to disk. If it's a strong password, it's going to be a random string at least 12 characters long with special symbols, numbers, and capitalization. If it's not a strong password, then you are just asking for it. I personally could not follow all the steps I've just mentioned. I've tried, and it's not worth the hassle if it's not required and I'm not getting paid big bucks to do it.

If you want to go the extra step, use only a wired connection and put a physical firewall between your PC and the router. You don't have to buy one; you can easily convert an old desktop using open source software. I like pfsense because you can disable NAT which will allow you to use it within the LAN. The only thing about a physical firewall like that is that you're going to have to learn how to use it if it's going to be of any use to you.

Furthermore, you can keep up with security news and bulletins. New vulnerabilities are discovered every day, and there are always some of them that could possibly affect you.

Finally, dig up some dirt on your roommate, or just anything that you can use against him if the need ever arises.
Click to expand...

I aggree to his statement....
 
You must log in or register to reply here.

Similar threads

R
Microsoft Endpoint Protection
Replies
0
Views
591
Rachel Gomez
R
M
How to couple Desktop Gaming PC to Laptop for Streaming?
Replies
0
Views
538
motaro38
M
Harper
Previewing my monitor 2 on monitor 1 / Presentation Software
Replies
1
Views
617
Harper
Harper
S
Suspicious wifi location. Seems inside my place.
Replies
1
Views
401
pete.i
P
R
Help for my homelab
Replies
1
Views
588
PP Mguire
PP Mguire
Back
Top Bottom