20 Nov 2010
We (justifiably) spend a great deal of time and effort on Corporate Network Security, but what gets very little attention, is Home Network Security. Many of today’s modern home routers, by companies such as Linksys (now Cisco) and D-Link are a snap to connect, and now it is not uncommon to have multiple devices on a home network. Ten years ago a small office would have two or three computers and a T1 internet connection (1.54M down)- now you can see than many devices in many of your neighbors’ houses with ten times the bandwidth. Got an Xbox or a Tivo? You can put those on your home network too. Wireless throughput has increased more than 25 times from it’s introduction, and setting up a laptop where you sit in the backyard and work on the internet is nothing more than a 20 minute project. Although this article is not a comprehensive guide to home network security, I should mention that home wireless security is a HUGE issue- more on that later.
Network security, and computer security in general is always a compromise between convenience and security. Pull that wireless router out of the box, plug it in, and with the default settings you have a working, albeit insecure network. The manufacturers have worked very hard to make it easy- but easy does not protect your personal information. If you work from home, or do your banking online, the threat is multiplied. Take a look at your entire infrastructure (in the trade this refers to servers and desktops, network components, and physical wiring. At home it’s your computers and home router- possibly including switches and other network devices like Tivos, Playstations, wireless printers, etc.) Here’s a brief look at what you should examine.
With corporate infrastructure, it really is amazing how many worms, and intrusions can be prevented using good old patch management. I’ve heard all the excuses on why the machines are patched, most don’t hold water, with the exception of “It breaks my applications I need to do business.” For home users it’s MUCH simpler; I’ve never had an update break a commercial application for any friends or family members’ computer. That doesn’t mean it can’t happen, but it is certainly rare (I do, however, recommend you update your drivers from the manufacturer’s website rather than Windows Update- driver updates are always optional on Windows Update.) What I have seen time after time is a machine compromised by an exploit that is months and sometimes years old. With Microsoft Windows machines, you can easily update your machine automatically using Microsoft Update. It’s fine to apply the updates automatically- although you may want to disable your startup and exit sounds– it’s unsettling to have a computer in the next room reboot at 3am and wake you out of a sound sleep. You can read more on setting up Windows update on my previous post, Travel Tips for Your Laptop. You can also check out Automatic Mac Updates if you have a Macintosh.
If you are running a computer on the internet, you need anti-virus (AV). I’ve seen lab computers that we not connected to the internet become infected with a virus from a USB flash drive- so anti-virus all the time is a good policy. We’ve found Eset to be the fastest and most reliable, and they also offer multiuser packages for a discount. Since I provide technical support for a number of friends and family members, I buy a multi-user license every year and install it on everyone’s machine. The hours I don’t spend fixing virus infections make this small investment more than worth it. As for free solutions, Grisoft puts out a solid product with AVG. If you have the means I recommend purchasing your AV, it’s one piece of software that requires constant updates and care of skilled developers.
So you have AV- why do you need anti-malware? Well unfortunately most AV packages do not catch the variety of malware and adware out there. You can purchase consolidated products, but there is definitely value in having a multi-layered defense. I’ve had particularly good luck with Malwarebytes Anti-Malware (free, or you can purchase the full version, again well worth it.), Spybot Search and Destroy, and Lavasoft Adaware. Bonus Tip: If you’re using Firefox as your browser, Adblock Plus can get rid of ads on websites. Considering turning it off on websites you frequently visit/trust, you may negatively affect the webmaster’s revenue.
One of the nice benefits the home router is the included firewall. Be sure yours is enabled. A quick scan using GRC Shields Up can give you a quick baseline of your level of protection. If you do not have a hardware firewall- please ensure you have some type of software firewall in place- either the Windows Firewall or a third party product such as Zone Alarm prior to connecting to the Internet.
If you’re using wireless with the default SSID, the default password, and WEP or no security, please download this document and update your security. I’ll wait. Really, lock down your wireless now. Just to put it in perspective, if someone manages to get on your wireless, YOU are liable for any civil tort or criminal activities they conduct- makes sharing that connection seem much less attractive, huh?
Backups and Disaster Recovery are an important part of security that many people overlook. For home users, you need a way to get back your data after a virus- or an emergency such as a fire or burglary. Without going into a ton of detail, a regularly scheduled imaging solution, such as Acronis True Image can be a lifesaver. At the very least, use the free backup utilities that come with your operating system, such as Windows Backup. For extra protection, use external storage and don’t have the completed backup right next to the computer. Imagine if you had a fire- you’d lose the data and the backup at the same time, which can be doubly painful.
Home Network Security is important, and unfortunately often overlooked. Spend your free time on your computer doing what you love- not cleaning out viruses or trying to get back lost files.