Windows 7 brings several security enhancements that don't sacrifice usability. We look at the five best features that businesses should definitely be using.
Multiple active firewall profiles
Windows 7 offers a small but incredibly important improvement over Vista in its handling of firewall profiles. Vista allowed users to set up different firewall profiles for public, private and domain connections. A private network might be your home Wi-Fi network; aside from having the right WEP or WPA key, you don't need any credentials to log in, but you trust it more than a public network like a coffee shop hot spot. A domain network requires authentication -- a password, fingerprint, smart card or some combination of factors - to log in.
Each profile type has its own selection of applications and connections allowed through the firewall. For instance, in a home or small-business network marked Private, you might allow file and printer sharing, while on a network marked Public, you would likely disallow access to your files.
Vista's firewall profiles worked well except when a computer was connected to multiple networks simultaneously, such as an Ethernet and a wireless network. In those cases, the system would default to the most restrictive profile. This could cause problems when, for example, connecting to a corporate VPN through a public Wi-Fi hot spot; Vista would recognize simultaneous connections to both a public and domain network and apply the public profile to both.
All versions of Windows 7 allow computers to keep several firewall profiles active at the same time, maintaining the access and functionality of the more trusted network while blocking access via the less trusted network. Since many remote access functions require less restrictive firewall settings, users can now work securely while remaining protected from threats outside of the corporate network.
Windows Biometric Framework
With fingerprint readers becoming more and more common on laptops, establishing a standard for the handling of biometric data has become important. Enter Windows Biometric Framework, a standardised method for storing fingerprint data and accessing it through a common API. Although most of the features of this subsystem are of interest only to developers, there are two important things that businesses should know.
First, while fingerprint scanners could formerly be used to log onto a computer but not to log onto a corporate domain (a corporate network or network subsection), the Windows Biometric Framework allows domain log-in.
Second, users can store up to 10 unique fingerprints, one for each finger. While most of us probably don't expect to lose a finger anytime soon, having all 10 fingers enrolled in the system is a good precaution in case of lesser injuries. A cooking accident or a hand caught in a door can easily modify a finger enough that it won't register correctly with a fingerprint reader, and you don't want a user to be barred access to his computer while he heals.
Fingerprints are added using the Biometric Device applet, which appears in the Control Panel of any Windows 7 computer with a fingerprint scanner attached and from which you can enable computer and domain log-in. You must be logged in as an administrator to add or manage fingerprints on Windows 7.
NEXT PAGE: BitLocker To Go
- The security enhancements that don't sacrifice usability
- Multiple active firewall profiles
- BitLocker To Go