There seems to be a large disconnect between what the average home user knows about security and what people are expected to know at work. One of the big threats that’s often overlooked is the security gap that exists when corporate employees are given VPN access and allowed to connect through their home network, which these days is going to almost always include wireless. For that reason, I’ve put together this writing which outlines some of my recommendations for security on your home networks and computers. My goal is to provide you with free no cost solutions.
1. If you’re using wireless use WPA or WPA2. In addition to that, make sure you pick AES as the encryption instead of TKIP. Your WPA2 pass phrase should be more than 20 characters. Also turn off dhcp and use static ip addressing. If you only have a three or four computers connected to your wireless, you don’t need dhcp. Next you’ll want to enable MAC Address filtering on your wireless access point. Only allow your devices MAC addresses. Read your vendor documentation for a step by step on how to do this part. Last, try and place your wireless access point as close to center of your home as possible. Try to stay away from doors and windows. This might require the running of an cat 5 cable, but it’s worth it.
2. Make sure you keep up to date with the latest security patches for your operating system AND other applications that might be running on your operating system.
3. Make sure you have an anti-virus software installed and you keep the signatures up to date.
4. When shopping online, be smart. For one, always verify that the url you THINK you’re looking at is the url you’re supposed to be at. Phishing attacks are rampant. For example, if you’re supposed to be on www.chasebank.com, you can’t just assume you’re there because the page looks like it’s chase. Verify the url!
5. Don’t use REAL credit cards, and certainly not your bank card to shop online. Use a prepaid Visa/Mastercard/American Express to do all your online shopping. You can pre-load these with as much money as you need to do your shopping. Also, they are to say the least very relaxed on verifying who you are when you purchase these cards, so you have a little flexibility in protecting your identify as well.
5. I would like to say don’t use Facebook, etc. But since I know most of you are going to/or already using it, let me make some suggestions. Don’t accept friends you don’t know. Don’t EVER click on links that people post in their status updates. These could easily be links to malicious sites or data. I’ve used this attack as a proof of concept many times in demonstrations. So just don’t do it.
7. Turn on the firewall on your wireless router. Check your router vendor’s website for instructions and documentation on this. Even the cheapest consumer wireless routers have at least some firewall capabilities now. Another often overlook thing here; check with your ISP to verify that the router they provide you DOES NOT have wireless turned on by default. Some very well known ISPs ship routers with the builtin access point turned on and using wep. I’ve seen customers who didn’t even know it was turned on.
8. Keep your firmware up to date on your router. This doesn’t mean install the firmware as soon as it’s released. But give it about a week. During the first week, keep check on the vendor forums and the web in general to see if there are any major user complaints about issues arising from the firmware being applied. When the coast is clear, the update yours.
9. If you have kids, give them a very limited user account and don’t share admin credentials with them. In my house, the only way anyone gets on the internet is via a virtual machine. There are attacks that we’ll be discussing in later articles against virtual machines which allow the attacker to hop from VM to host, but those attacks are few, and at the very least, ascends the technical aptitude of the average script kiddie.
This post was originally written by Keatron Evans, a contributor to InfoSec Resources. InfoSec Institute is the best source for high quality information security training.