There seems to be a large disconnect between what the average home user knows about security and what people are expected to know at work. One of the big threats that’s often overlooked is the security gap that exists when corporate employees are given VPN access and allowed to connect through their home network, which these days is going to almost always include wireless. For that reason, I’ve put together this writing which outlines some of my recommendations for security on your home networks and computers. My goal is to provide you with free no cost solutions.

1. If you’re using wireless use WPA or WPA2. In addition to that, make sure you pick AES as the encryption instead of TKIP. Your WPA2 pass phrase should be more than 20 characters. Also turn off dhcp and use static ip addressing. If you only have a three or four computers connected to your wireless, you don’t need dhcp. Next you’ll want to enable MAC Address filtering on your wireless access point. Only allow your devices MAC addresses. Read your vendor documentation for a step by step on how to do this part. Last, try and place your wireless access point as close to center of your home as possible. Try to stay away from doors and windows. This might require the running of an cat 5 cable, but it’s worth it.

2. Make sure you keep up to date with the latest security patches for your operating system AND other applications that might be running on your operating system.

3. Make sure you have an anti-virus software installed and you keep the signatures up to date.

4. When shopping online, be smart. For one, always verify that the url you THINK you’re looking at is the url you’re supposed to be at. Phishing attacks are rampant. For example, if you’re supposed to be on www.chasebank.com, you can’t just assume you’re there because the page looks like it’s chase. Verify the url!

5. Don’t use REAL credit cards, and certainly not your bank card to shop online. Use a prepaid Visa/Mastercard/American Express to do all your online shopping. You can pre-load these with as much money as you need to do your shopping. Also, they are to say the least very relaxed on verifying who you are when you purchase these cards, so you have a little flexibility in protecting your identify as well.

5. I would like to say don’t use Facebook, etc. But since I know most of you are going to/or already using it, let me make some suggestions. Don’t accept friends you don’t know. Don’t EVER click on links that people post in their status updates. These could easily be links to malicious sites or data. I’ve used this attack as a proof of concept many times in demonstrations. So just don’t do it.

6. Turn on a firewall. If you’re using Windows check here for instructions. If you’re using Linux check here for instructions.

7. Turn on the firewall on your wireless router. Check your router vendor’s website for instructions and documentation on this. Even the cheapest consumer wireless routers have at least some firewall capabilities now. Another often overlook thing here; check with your ISP to verify that the router they provide you DOES NOT have wireless turned on by default. Some very well known ISPs ship routers with the builtin access point turned on and using wep. I’ve seen customers who didn’t even know it was turned on.

8. Keep your firmware up to date on your router. This doesn’t mean install the firmware as soon as it’s released. But give it about a week. During the first week, keep check on the vendor forums and the web in general to see if there are any major user complaints about issues arising from the firmware being applied. When the coast is clear, the update yours.

9. If you have kids, give them a very limited user account and don’t share admin credentials with them. In my house, the only way anyone gets on the internet is via a virtual machine. There are attacks that we’ll be discussing in later articles against virtual machines which allow the attacker to hop from VM to host, but those attacks are few, and at the very least, ascends the technical aptitude of the average script kiddie.

10. Visit this site often. Things change and we at infosec are making a constant effort to try and keep you all informed. Stay tuned, and good luck.

Keatron

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.