Securing your Home Network – the least you need to know

Posted by: Rea Maor In: Security and Prevention - Wednesday, April 11th, 2007

Regardless of what operating system you use, security professionals will tell you that there is no such thing as a crack-proof system. As long as a computer is turned on and connected to the net, it is possible to break into it. Here are the steps to check your setup – at the very least.

  • Virus protection software – a given. While exploits for Apple and Unix-based systems are rare, virus protection software exists for these systems, too.
  • Use a firewall. A firewall is simply a device, either hardware or software, which handles allowing, denying, or proxying incoming (and sometimes outgoing) access requests. Kind of like a security guard who checks all visitors to make sure they have the company ID badge. Another given.
  • Disable hidden file-name extensions. On Windows especially, viruses and trojans exploit this feature to keep their parts hidden. Turn this feature off by default. You can handle seeing the guts of the system, but more importantly you and your security software will be able to see everything that’s going on.
  • Keep your system and all software on it patched. This is a pain to do, admittedly, but when patches come out to address ‘critical’ exploits, the ‘critical’ part is that an exploit was just discovered for the software that now needs the patch. An example is the recent animated cursor exploit – it just goes to show that the most innocent program can be an avenue of attack.
  • Wherever possible, change default passwords, change default settings, and do things in a non-obvious way. Think like a thief, here – studies show that most users don’t bother to change the default password on their home routers, for instance, so that’s obviously the first one they’d try. And if you wanted to find out someone’s personal data, you’d head for the “My Documents” folder, wouldn’t you? So keep your sensitive data somewhere else.
  • Take an online test of your system security. Here’s one. Any service which tells you what ports you have open and what information about your system is available will help to show you what needs to be done.

And then there’s the “people problems”, which unfortunately are harder to solve. Make sure everybody who uses your system knows and follows these rules:

  • Don’t open email attachments unless you were already expecting to receive a file through email. Even if it’s someone you know, that person’s system could have been compromised by a virus which is now scanning their address book and mailing itself out.
  • Don’t run programs of unknown origin. A while back, this site covered auditing your file system. If at all possible, start with a fresh install with all drivers configured, then before you connect to the Internet, do a full file system dump and keep a record. Now install whatever software you need. At any given time, you should be able to identify every folder on your system and why it is there. Google the name of anything strange.
  • Turn off things you don’t need. Particularly, Java, Javascript, and ActiveX are possible avenues for exploits. You can easily turn these on and off from the preferences dialog. Only turn them on when you are on a page that needs these features, such as submitting a web form or playing a game. The same goes for scripting in email and Word interfaces. You can turn them on on an as-needed basis.
  • This may sound novel these days, but computers still come with an “off” button! Contrary to what many believe, there is no harm in shutting off your computer if you won’t be using it for a while. Viruses can’t infect a computer that isn’t running!

Now, all of the above applies to all users. But there are some extra things for wireless users to know as well:

  • Wireless routers also use a default password that should be changed. You know how easy these are to discover? Try a Google search for “linksys default password”. That’s how easy. Change it! Ask your ISP for help if need be.
  • Turn off “remote management” features, if you have one physically connected computer on the network, and use that machine to administer the router.
  • Enable filtering and encryption. All modern wireless systems have one or the other. Filtering is the process of “whitelisting” machines on a network, so that only those machines are allowed in. Encryption will involve setup on both the client and server side, so that the two devices share a common password between them to understand each other’s signal. Check with your router’s manufacturer for instructions.
  • Finally, assign your own static IP addresses instead of using the default DHCP. A simple tutorial on doing this can be found here.

And after all that – you won’t be invulnerable (NO system is!) but you will be less vulnerable than about 75% of the computers out there.

If you’ve enjoyed this post, consider subscribing to my blog feed for free updates

Related Posts:

2 Responses to “Securing your Home Network – the least you need to know”

  1. » Blog Archive » I can hack your computer in less then 4 minutes. Says:

    […] other troublemakers, read and understand the weaklinks on your computer. dont say i didnt warn more | digg […]

  2. Thinkbox Web » Blog Archive » Time for an Internet License? Says:

    […] them, users are still getting hit with malware, viruses, and scams. Despite the simple matter of securing a network, attackers still manage to break in. Despite knowing how to make a strong password, net users still […]

Leave a Reply