Layering Your Home Network Security

Layering Your Home Network SecurityOn our Gnomies.com TeamSpeak server the other day, Gnomie Phil Horton said that he’d like to share some more of his knowledge with the overall LockerGnome community; we were thrilled! So here’s what he’s come up with. Enjoy!

You may remember a LockerGnome article from a few days ago in which I suggested my top five tools a technician shouldn’t do without. Well, that was a guide for dealing with a computer after it gets infected with malicious software. This is a guide to successfully securing your home network using a layered defense strategy for the best performance and reliability in mind.

Step 1: Start at the networking level. The most important area to secure on your network is the network itself! Everyone should be connected behind a router, which is a device that enables you to share your Internet connection with multiple sources by wired or wireless access. What some people might not realize is that a router is your best consumer firewall. Every consumer grade router includes a stateful packet inspection (IPS) firewall, which blocks or ignores most incoming attacks toward your connection. For this very reason, you should run behind a router even if you don’t use wireless and only one computer is connected to the Internet.

If you plan to use the wireless capability most routers give you, be sure to follow these steps to ensure your wireless is secure:

  • Disable Wi-Fi Protective Setup (WPS) and enable WPA2 Personal security using AES encryption.
  • Make sure the key you provide when setting up wireless security is a good password.
  • Change the default administrator password for the router. Every Wi-Fi parasite out there knows the default usernames and password combination according to the brand of your router, so don’t give them an easy hint! Change the UUID to include something unrelated to your personal life or router model, again making it difficult for people to gain information about your equipment. Don’t be that person who has “Linksys-184721″ on the wireless list.
  • Disable remote management for your router, unless you need access to it from outside your network. It is never a good idea to give the whole Internet an easy opportunity to get into your network; keeping it within your home makes it magnitudes more difficult for attacks to be successful.
  • Look into a service like OpenDNS to give you control over the content on your network. OpenDNS is an excellent DNS provider that blocks phishing, adware, and other malicious websites from resolving by using crowdsourced community support to identify sites quicker. It also enables parents to block inappropriate websites on the networking level, making it more difficult to circumvent as it applies to all computers, smartphones, etc. OpenDNS can also speed up your browsing experience and it requires no resources from your router to work, so there is no trade off.

Step 2: Now that we have locked down your home network, we can begin to focus on computer side security. Whether you’re running Windows, Mac OS X, or Linux, it is critical that you keep the operating system and its third-party applications up to date. Software companies are constantly battling vulnerabilities in their programs that adversaries poke holes into. They fix these problems in the form of updates; some are automatic while others require you to routinely check on the Web. No amount of security will protect you from outdated software, so be vigilant.

Follow basic security habits despite your operating system environment. You’ve heard people say it before: “Don’t open email attachments, or download files on the Web you were not looking for, and stay away from adult content.” Well, your brain is the first line of defense for anything, so use it! Sometimes we forget or think that it only applies to Windows — think again. OS X has, on average, a new exploit or piece of malware out every week. Even Linux has problems; keep in mind that many websites rely on Linux and hackers love tearing them up.

This one is important for Windows users and more and more for OS X users by the day: Run a trustworthy anti-malware application like ESET , which is both Windows and OS X compatible. For those of us looking for a free Windows solution, Microsoft Security Essentials works great.

Most operating systems have a built-in software firewall to protect you from network-bound worms. Beyond your router, be sure that firewall is enabled just in case one of your computer gets infected — you wouldn’t want malware to spread to all of your connected systems. If you would like an additional layer of protection, check out the MVPHOSTS file. This community-built HOSTS file contains a list of most of the major attack vectors on the Web. The HOSTS file allows you to control where a domain name directs — like your personal DNS system. MVPHOSTS works by directing all the listed sites to the IP 127.0.0.1 (localhost), which basically terminates the connection before it even attempts connecting to a malicious site. Like OpenDNS, this method of security requires no additional computer or networking resources, involving zero overhead.

Step 3: Always keep yourself educated on the latest security news so you can stay safe and educate others, like we do here at LockerGnome. I recommend staying tuned into Steve Gibson’s Security Now podcast, which not only alerts you to new threats but also brings you into the world of fundamental principles about technology.

Article Written by

Guest Blogger is from all sorts of different times and places. Guest Blogger is usually less mysterious than James Bond, but often more mysterious than Austin Powers. Guest Blogger has a knowledge base that is as vast as space, and as timeless as infinity. Guest Blogger is sometimes me, and Guest Blogger is sometimes you.

  • http://www.andrewerhardt.com/ Andrew Erhardt

    Some awesome tips! I have already implemented some of these on the computer in my house, some i haven’t and need to work on. Thanks for taking the time to share your tips, Phil! 

  • Matthew Cheung

    I really think that securing your network is very crucial if you want to stay safe and away from unwanted users.

  • Raimist

    Wonderful article thank you for the tips

  • http://www.facebook.com/profile.php?id=1813155844 Antim Evtimov Batchev

    I think security is one of the most important things in these days… Love the tips! they are really helpful ! i don’t have my firewall on because i do allot of game hosting so its kinda easier for me  

  • frozen_dude

    I agree, I love Linux, and I run Gentoo, and Gentoo is known as the most secure Linux distribution by many, but, the main reason for that legend/rumor/statement is because people who serve large Gentoo installations know how to secure it. Gentoo helps you by being transparent, forcing you to do stuff yourself, and has some tools that check for bad programming automatically and warns you about it. But if you blast through the install procedure and ignore all warnings, you will not end up with a secure box by any means.

    Linux makes it easy for you by volunteers giving you a lot of documentation on how to secure different aspects of the system, and gives you a mostly (learning the command line is probably the hardest transition) steady learning curb as you secure your system more and more.
    Unlike Windows Server where everything is easy to secure, until you smack into a few near vertical walls, which you have to get over to reach the most secure levels of a system… :-/

    If you need a secure by default OS, install OpenBSD, and then make sure to never install anything in it… not great if you need to use more then SSH, FTP or a text editor, but it is secure by default.