Managing Internet Communication and Privacy
Published: August 15, 2012
Updated: October 17, 2013
Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2
This document provides information about the communication that flows between features in Windows and Internet sites, and it describes steps to take to limit, control, or prevent that communication in an organization with many users. This document is designed to assist you, the administrator, in planning strategies for deploying and maintaining Windows in a way that helps provide an appropriate level of security and privacy for your organization’s networked assets.
This document is organized around individual features so that you can find detailed information for any feature you are interested in managing. This information extends the information that is available in the Windows 8 and Windows Server 2012 Privacy Statement.
In this section
Software with Internet-enabled features sends information about users’ computers ("standard computer information") to the websites that they visit and the online services they use. Microsoft uses standard computer information to provide Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as the IP address of the computer, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include a hardware ID, which indicates the device manufacturer, device name, and version. The purpose of this document is not to describe standard computer information that is sent by Internet-enabled features. Instead this document describes the additional information that can be sent or received by these features and how to manage this information.
This document provides the following:
Information about features that in the normal course of operation send information to or receive information from Internet sites. An example of this type of feature is Windows Error Reporting. If you choose to use this feature, it sends information to a site on the Internet.
For more information, see Manage Privacy: Windows Error Reporting and Resulting Internet Communication.
Information about features that routinely display buttons or links that make it easy to initiate communication with Internet sites.
Brief descriptions of features designed to communicate with the Internet.
It is beyond the scope of this document to describe all aspects of maintaining appropriate levels of security and privacy in an organization running servers that communicate across the Internet. This document does, however, provide basic information about how components such as Internet Information Services work. It provides sources of information about balancing your organization’s requirements for Internet communication with requirements for protecting networked assets.
This document does not provide the following:
Information about managing or working with applications, scripts, utilities, web interfaces, Microsoft ActiveX controls, extensible user interfaces, Microsoft .NET Framework, or application programming interfaces (APIs). These are applications or layers that support applications, and they provide extensions that go beyond the operating system.
Information about Windows Installer—although Windows Installer includes some technology that you can choose to use for installing drivers or other software from the Internet. Windows Installer packages are not described here because they involve scripts or utilities that are created specifically for communicating across the Internet.
Note Web-based and server-based applications such as databases, email, and instant messaging. You must work with your software provider to learn how to mitigate risks that are related to using particular applications (including web-based or server-based applications), scripts, utilities, and other software.
Information about features that store local logs that could potentially be made available to support personnel or other users. You may want to treat this information like other sensitive information by providing internal guidelines for your support staff about handling logs and other information that you want to protect.
This document is designed to assist you, the administrator, in planning strategies for deploying and maintaining Windows in a way that provides an appropriate level of security and privacy for your organization’s networked assets. This document does not describe security and privacy basics—that is, strategies and risk-management methods that provide a foundation for security and privacy across your organization. It is assumed that you are actively evaluating and studying these security and privacy basics as a standard part of network administration.
Some security basics that are a standard part of network administration include:
Monitoring, which includes using a variety of software tools, including tools to assess which ports are open on servers and clients.
The principle of least privilege (for example, not signing in as an administrator if signing in as a user is just as effective).
The principle of running only the services and software that are necessary—that is, stopping unnecessary services and keeping computers (especially servers) free of unnecessary software.
Strong passwords—that is, requiring all users and administrators to choose passwords that are not easily broken.
Risk assessment as a basic element for creating and implementing security plans.
Software deployment and maintenance routines to help ensure that your organization’s software is running with the latest security updates and patches.
Defense-in-depth (also referred to as in-depth defense), which means creating redundancy in security systems. An example is using firewall settings together with Group Policy to control a particular type of communication with the Internet.
The following websites are a few of the many sources of information about the security basics described previously: