Security Basics

By the time someone reads this article tomorrow, it may be out of date.  I also want to preface this by saying I’m no security professional and if someone truly wants to break into your system there’s probably not a lot you can do about it.  BUT, since most people bent on nefarious tasks take the path of least resistance, a few roadblocks are always good.  Input from ‘real’ security professionals is welcome.

This article will try to identify the largest avenues for trouble and how to easily handle them.

The areas of security we will be handling are:

1. Home firewall and routers

2. Home wireless

3. Personal computer (hardware and software)

4. Browser and web surfing

5. Anti-virus

6. Anti-malware

7. Data

Buckle in and lets go.

1. Home Firewall. Every single person connected to the internet should be protected by a hardware firewall.  You may have it and not even know it.  If your computer connects directly into a router, then you’re probably protected.  If your computer connects directly into your cable or DSL modem, then you might not be protected depending on the type of modem you have.  You may have to do a little research to see if you have a simple modem or if you have one of the newer ones that also acts as a firewall.

If you are connected to a router, you then need to log into your router and change the administrative password.  Change it to something hard with upper/lower case and numbers, but something you will remember.  Variations of an old street address, license plate or some other sequence you will easily remember.  It is important that you change this password.  Every hacker knows the default passwords to every single router out there.

2. Home Wireless. Wireless is wonderful, but if you don’t lock it down it’s like broadcasting your computer data across your neighborhood.  Most newer wireless routers come with a configuration CD that allows the novice to set up wireless security.  The easiest way I’ve found is to log into your wireless device through a web browser and configure the security yourself.  The first time may be difficult, but I’ll try to give you the keywords to look out for.

A.  Change your SSID.  That’s the broadcast name of your router.  Change it to something you know but nobody else will.  Do not put your last name or street number as your SSID.

B.  Enable Wireless security.  Do NOT use WEP, as that is akin to locking your front doors but leaving the key under the mat.  Always use WPA2.  If you have older wireless devices, they may have troubles with this, but those are becoming the rare exception.  Give yourself a passphrase that’s easy to remember but hard to guess.  That is the key you will give other wireless devices when they want to get on your network.

C.  Don’t forget to change the admin password of your wireless router.

3. Personal Computer (hardware).  Included in Windows Vista and Windows 7 is the ability to encrypt portions of your hard drive.  This is an absolute must if you want to protect your personal data in the event of a stolen laptop.  Encrypting makes it virtually impossible for someone to take out the hard drive and access your data from another devices.  If you have nothing of value on your laptop, then don’t bother with encryption.  Power fluctuations can destroy delicate computer equipment.  Spend $100 or so and get a UPS (Uninterruptable power supply).  It’s a big, smart battery that will keep your computer equipment better protected than with a surge suppressor alone.

3. Personal Computer (software).  One of the BIGGEST vulnerabilities is old software on our computer.  Hackers may find a vulnerability in an old version of Flash or adobe and use that to hack into machines that have not upgraded their software.  Download and install secunia to keep a close watch on out of date software and easily upgrade it.

4.  Browser and Web surfing.  First off, stop using Internet Explorer.  Unless your bank mandates it or some other site only allows it, never use it.  It stinks.  It’s full of security problems and it’s just best to stay away from it.  Download and use Firefox instead.  The beauty of firefox is that there are a ton of addons that make browsing a true pleasure.  Download Adblock to stop every ad on every website.  Download noscript to stop nefarious 3rd party scripts from running on your computer.  Download lazarus if you would like the ability to retrieve data you entered into a website before it crashed on you, wiping out an hour’s worth of work.

As far as websurfing goes, download the firefox addon HTTPS Everywhere to make your browser point to secure websites automatically.  If you type in facebook.com, it redirects you to https://www.facebook.com/.  This is a beautiful thing when surfing on public wireless connections.  Secure connections are always where you want to be when out and about.  This goes for surfing on corporate LAN’s too!  Since many viruses come from just visiting websites, make sure noscript is running and your anti-virus is up to date.  Just clicking a link on Facebook can take you to some place that can screw up your entire computer.

5.  Anti-virus.  Get one!  Some are heavier and weightier than others, some do tons of things while others do only one.  I like AVG Free for personal use if you’re averse to paying for software, or Vipre total home security if you have many machines on your home network and you value their safety.  I tend to stay away from heavier suites like McAfee and Norton because they do too much and take too many resources.  Make sure that no matter what anti-virus you get, that you run a weekly scan at least (I run nightly), and your virus definitions are updated as often as possible!  You can also use online virus scanners to do a quick scan of your PC if you think your personal anti-virus has been compromised.  I use Housecall by Trend Micro for this.

6.  Anti-Malware.  Malware wants to infiltrate your computer, loading software that can do any number of harmful things.  Download and install malwarebytes if you think you have a case of malware.

7.  Data.  For heaven’s sake back up your data…nightly if you can, weekly at least.  Get an external hard drive from Sam’s club, or a nicer NAS (network addressed storage) device from newegg.  Install a stupidly-simple piece of software like Microsoft’s Synctoy 2.1 to back up your profile to an external device.  Do it.  Stop talking about it and get it done.

I may have missed some stuff, but these 7 points will make hackers think twice about going after you.  Some of the software mentioned above can be found ninite and some of it will have to be googled.  Addons for firefox can be found right on firefox.com.

Spend a little time and lock things down.  The amount of time you spend protecting yourself will pay off in the end when you don’t have to keep reloading your computer, or you don’t have to try and protect your identity.

This article is a reprint from Gartland Technologies’ Facebook page.  You can ‘like’ this page here.

Advertisements

5 Responses

  1. Google Chrome is the only browser that was unhackable in the Pwn2Own competition two years running. One of the main reasons for this is that Google implemented a sandbox feature.

    Microsoft also offers free antivirus called Microsoft Security Essentials.

  2. Excellent article, Jeff.
    One more thing about home wireless. Even cheap wireless routers can have a further security measure by restricting the MAC addresses they’ll allow. List only the ones you’ll need for your own computers, and restrict access to that list.
    While it is possible to spoof a physical address, most hackers and wardrivers won’t bother, they’ll just move on to the next house.

  3. Al. Good points and I used to do MAC restricting years ago when only WEP security was available. You can also disable the SSID transmission so others can’t even see you. But the best security right now is WPA2. MAC addressing can be spoofed, but WPA2 has yet to be cracked. (WPA was cracked earlier this year).

  4. (I’m a full-time security professional)

    KIDS seem to be one of the biggest threats to security out there. They love downloading music, videos, and software, and aren’t generally yet aware of good practices to follow (like not clicking on pop-up ads).

    I don’t have kids yet, but if I had one, I would create a heavily locked-down account for them to use on my home computer, with web filtering software running in the background. Web filtering can prevent visits not just to inappropriate websites, but to infected ones, and can provide reporting on what websites they visit if you choose to go that route.

    I would also add that setting your SSID to not broadcast publically is an additional security measure (though not foolproof, it will prevent most people from knowing about your network). I did register MACs on my network for a while, but I found friends & relatives staying at my house expected to quickly connect using their own computers, and I didn’t have time to add their MACs while doing other activities, so I just implemented all the other security controls I could think of.

  5. Courtney, it’s good to see you online.

    Kids are indeed a huge problem for computer security. I’ve solved that in my home (with 3 kids age 17, 15, and 8 ) by switching my DNS on my router to opendns.com. This service allows me complete control of web filtering while not having to load anything on the computers. There’s nothing they can do to get around it once it’s set up properly and when any new computer comes on my network there’s no configuration needed; they are immediately under my rules.

    As for wireless security, MAC registry and not broadcasting the SSID were very needed during the WEP days, but since WPA2 has never been cracked, those tricks are no longer needed. As long as your wireless is WPA2 encrypted, there’s no reason to saddle yourself with other inconveniences.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: