Let Me Post This On My Blog!

It is surprising that even with the amount of information out there about malware, identity theft and cyber-terrorism, that most home users still don’t protect their home networks. Hopefully by the end of this article, you will walk away a bit more educated with home network security and why you should practice it.

According to the latest McAfee Threat and Vulnerability Risk Assessment, there are over 150,000 virus, trojans and other malicious code in circulation. They state that the figure increases by 2500 to 4000 each month. Many home users are not properly protected against these growing threats. They either do not keep their AV product updated, or they don’t have any protection at all. Some folks out there believe they do not need AV, or that it uses too many system resources to be useful. Some of these concerns are valid. Some of the more popular products tend to run a little bloated. The main reason products from vendors such as McAfee or Symantec (Norton) tend to use a large amount of resources is because they are not just guarding against viruses. They also run internet security such as software based firewalls or anti-spyware programs that monitor internet sites while you browse them. Unfortunately for most users, this is a requirement to keep the real bad stuff off their computers. There are products out there that just supply virus protection. ESET’s NOD32 tends to run with limited resource requirements. This would be recommended for someone who is a bit more savvy and pays attention to sites they go to. If you would rather run Symantec or McAfee products, they do provide the ability to turn off features which can speed things up. So first and foremost to keeping your home network secure, make sure you run a current version of anti-virus software. Remember you get what you pay for, so don’t be afraid to spend a little money on the product, even though a free AV is better than no AV.

The next step to securing your home network computers is to run your main user account with limited privileges. By default most Windows Operating Systems (XP to Win 7) have you do two things when they get installed. They have you set an administrator password and then have you create a user account for the first user. They also grant this user account administrative rights. These elevated privileges allow the user to install programs and access sensitive areas of the system. You are probably thinking “well I like to install applications, shouldn’t I be allowed to do this at home??” The answer is “of course you should!” But this is a double edge sword. Many of the major vulnerabilities as well as outside attackers love to have an account that has elevated privileges. This saves them lots of work of having to create an account and hope you don’t notice it. “OK so how do I run with limited rights but still be able to install applications? I don’t want to have to continually switch to the administrator account.” That is a valid point, before answering that question, I will introduce Vista and 7′s UAC (User Account Control). This is that box that appears when you try to install an application or change a major setting. This even prompts admin users for the “OK” to install a application. So you can still run as an admin but be somewhat protected. “But ask yourself this, do you actually read that pop-up box when it appears?” If you said yes, then try to recall what it said the last time it appeared. You probably can’t, which means you probably didn’t read it. Which brings us back to running with an account with limited access. This pop-up (only in Vista and 7) appears to normal users with the option to enter an admin account/password in order to install a program or change a setting. XP does not have the UAC, but you can use SHIFT+Right Click to run a program as a different user. Some newer applications have this option as part of the default right-click menu. Along with privileged use, all accounts should have a password. This is more important for accounts that have admin rights. Any password is better than no password. Try to make it something that does not contain your’s or other family members’ (including pets) names. If you add some complexity that is a bonus. This includes mixed case words with a number or even a symbol. You can still make an easy password even if its complex. For instant don’t use “password” use “P@ssW0rd!” But don’t use anything resembling the word “password” since that is one of the most common passwords. Also avoid these as well: 123456, 12345, 12356789 and iloveyou.

“But I use a Mac, I’m immune to viruses and attackers!” Why this statement may seem true, it is incredibly ignorant. Macs are as open to attack as any windows system. Their main source of their protection is the fact that Apple does not hold as much market share as Microsoft does with it’s Windows OS. So the incentive for an attacker to gain access to a Mac is not quite as high. Another factor with the Macs are that a large majority of the systems are laptops. Many malware creators want to attack a system that will remain on at all times. Laptops tend to be turned off on a regular basis. Desktops tend to be left on. But don’t be surprised if this situation changes. As more of Apple’s mobile products make their way into more and more homes, it is possible that the attackers will change how they do things to take advantage of these devices.

“So now I think my computer is as secure as it could be! What else do I need to worry about!?”

Well the next item that is commonly overlooked is securing your wireless connectivity. Most major home broadband routers come with a wireless access point built in. This wireless access should be secured properly. Many of the 2WIRE devices that come with your DSL service are secured by default. This is a great feature, too bad I personally don’t like the 2WIRE routers. There are, however, some older model routers that do not secure wireless by default.

There are a couple things to remember about your wireless connection: Do not use the default SSID. The SSID is the name of your wireless network. If you have a Linksys router the default is “linksys.” If you have a 2WIRE, the default SSID begins with “2WIREXXX.” When you do change the default SSID, try to not make it identify your network, “The Smiths” is not a good name. As far as securing the connection, make sure you are using “WPA2 Personal” for the encryption. If you don’t see WPA2 option then your router/AP probably needs a firmware update, consult your manual on how to perform this update. If there is no update available, your device is probably old and you should replace it soon. Another layer of security is not broadcasting your SSID. By not broadcasting this, you hide your wireless network from being found by standard wireless card scanning. This requires a bit more work on your end when configuring your wireless devices, but it can prevent a neighbor from trying to connect to your network. This won’t make you completely hidden, an outside attacker can still find you but it will keep the neighbors’ kids from trying to be “hackers.” If you are wondering how someone can get to your network if they are not in your living room, well take your laptop or netbook out to the yard and walk around. Note how far you get before you lose the signal. Now that is with your default wireless card. If you had a more powerful wireless card and special antennae you can probably reach your wireless from a few houses down or the street behind your house. So if someone REALLY wants what’s on your network, they don’t need to be sitting in your front yard.

“OK, so I have AV on my computers, my wireless is secure and I even switched over to using an account with little rights! I’m done right!?”

Just about! Just a few more items to remember to keep your home network running. All those items will keep other people from harming your network, but that doesn’t mean you still can’t harm it. When surfing the internet, use your head! Don’t click on links unless you really know where they go. If you hover your cursor over the link the browser’s status bar (bottom of the window) will display the full path. If you don’t recognize it, don’t go to it! If you are still unsure, use a tool such as McAfee’s SiteAdvisor. This will allow you to submit a website and they will tell you if it is a safe site or not. Be weary of sites that you may visit regularly. The more popular a website, the tastier it looks to an attacker who wants to spread a virus or other malware. Last year The New York Times website was infected with malware and it was dumping it on the computers of many regular readers. It took them a week to notice it and clean it. Another item to be aware of is the fake AV products, those will typically try to fool or scare you into installing them. If the error is not from your main AV product, then it is most likely false. Further more DO NOT CLICK ANYTHING from this supposed AV. Use windows task manager to end the browser task. Then run a good AV scan and a Malwarebytes scan to get rid of any files that managed to get on the system. And finally, one of the most common problems I found with home users is they lack the software to adequately reinstall windows and their applications. Try to keep the media that came with your system in a safe place that you can easily access if you need to reinstall or repair your system. If your computer did not come with the actual media then you probably need to create the discs so make sure you do that the first day you get the computer out of the box.

So to recap…

1. User an anti-virus program and keep it updated!
2. Try to use separate accounts for regular operation and application installs.
3. Secure your wirless network. Use encryption and don’t broadcast the SSID.
4. Be weary of unknown websites, don’t click a link from an unknown source.

Hopefully you have reached the end of this and now have a better understanding of how to properly secure your home network. The more people that practice this, the cleaner the internet will be. If you happen to have any questions or need advice, please feel free to leave a comment. Also feel free to add any additional helpful facts that I may have missed.