General security

Information security at home.

April 29, 2011 by Keatron Evans

There seems to be a large disconnect between what the average home user knows about security and what people are expected to know at work. One of the big threats that’s often overlooked is the security gap that exists when corporate employees are given VPN access and allowed to connect through their home network, which these days is going to almost always include wireless. For that reason, I’ve put together this writing which outlines some of my recommendations for security on your home networks and computers. My goal is to provide you with free no cost solutions.

1. If you’re using wireless use WPA or WPA2. In addition to that, make sure you pick AES as the encryption instead of TKIP. Your WPA2 pass phrase should be more than 20 characters. Also turn off dhcp and use static ip addressing. If you only have a three or four computers connected to your wireless, you don’t need dhcp. Next you’ll want to enable MAC Address filtering on your wireless access point. Only allow your devices MAC addresses. Read your vendor documentation for a step by step on how to do this part. Last, try and place your wireless access point as close to center of your home as possible. Try to stay away from doors and windows. This might require the running of an cat 5 cable, but it’s worth it.

2. Make sure you keep up to date with the latest security patches for your operating system AND other applications that might be running on your operating system.

3. Make sure you have an anti-virus software installed and you keep the signatures up to date.

4. When shopping online, be smart. For one, always verify that the url you THINK you’re looking at is the url you’re supposed to be at. Phishing attacks are rampant. For example, if you’re supposed to be on www.chasebank.com, you can’t just assume you’re there because the page looks like it’s chase. Verify the url!

5. Don’t use REAL credit cards, and certainly not your bank card to shop online. Use a prepaid Visa/Mastercard/American Express to do all your online shopping. You can pre-load these with as much money as you need to do your shopping. Also, they are to say the least very relaxed on verifying who you are when you purchase these cards, so you have a little flexibility in protecting your identify as well.

5. I would like to say don’t use Facebook, etc. But since I know most of you are going to/or already using it, let me make some suggestions. Don’t accept friends you don’t know. Don’t EVER click on links that people post in their status updates. These could easily be links to malicious sites or data. I’ve used this attack as a proof of concept many times in demonstrations. So just don’t do it.

6. Turn on a firewall. If you’re using Windows check here for instructions. If you’re using Linux check here for instructions.

7. Turn on the firewall on your wireless router. Check your router vendor’s website for instructions and documentation on this. Even the cheapest consumer wireless routers have at least some firewall capabilities now. Another often overlook thing here; check with your ISP to verify that the router they provide you DOES NOT have wireless turned on by default. Some very well known ISPs ship routers with the builtin access point turned on and using wep. I’ve seen customers who didn’t even know it was turned on.

8. Keep your firmware up to date on your router. This doesn’t mean install the firmware as soon as it’s released. But give it about a week. During the first week, keep check on the vendor forums and the web in general to see if there are any major user complaints about issues arising from the firmware being applied. When the coast is clear, the update yours.

9. If you have kids, give them a very limited user account and don’t share admin credentials with them. In my house, the only way anyone gets on the internet is via a virtual machine. There are attacks that we’ll be discussing in later articles against virtual machines which allow the attacker to hop from VM to host, but those attacks are few, and at the very least, ascends the technical aptitude of the average script kiddie.

10. Visit this site often. Things change and we at infosec are making a constant effort to try and keep you all informed. Stay tuned, and good luck.

Keatron

Posted: April 29, 2011
Articles Author
Keatron Evans
View Profile

Keatron Evans is regularly engaged in training, consulting, penetration testing and incident response for government, Fortune 50 and small businesses. In addition to being the lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish, you will see Keatron on major news outlets such as CNN, Fox News and others on a regular basis as a featured analyst concerning cybersecurity events and issues. For years, Keatron has worked regularly as both an employee and consultant for several intelligence community organizations on breaches and offensive cybersecurity and attack development. Keatron also provides world-class training for the top training organizations in the industry, including Infosec Skills live boot camps and on-demand training.

7 responses to “Information security at home.”

  1. Alejandra says:

    Hi Keatron, thanks for your help ! It’s a very interesting and usefull post !

  2. Mystery says:

    Is there any particular wireless router you would recommend or just one that supports WPA/WPA2 AES?

  3. max peck says:

    Thanks Keatron – its easy to overlook the basics sometimes…

  4. ‘@Alejandra. Thank you for reading.

    @Mystery. I don’t think it matters that much on the router brand. WPA2 is simply a wireless security 101 recommendation at this point. So pretty much every wireless router (even the cheap ones), support it.

    @max peck. I would guess that 75 to 80% of all major data leaks, penetrations, and security compromises this year have been results of someone overlooking or ignoring the basics. With all the new buzz words and attacks like dll hijacking, APT etc, it’s easy to forget about the basics and get lost in the weeds. Some of the new “dangerous” threats wouldn’t even be effective if we truly implemented and followed the basics.

  5. Jim Davis says:

    This is very good(mandatory) info for the average person to know. You also present it with an unbiased attitude, which is refreshing. I think I am going to print this out and hang it on my fridge! Cheers!

  6. ‘@Jim. Thanks for reading. I’m glad it helps!

  7. Anthony G says:

    Keatron,

    I love reading your posts. You are very informative and detailed. I would like to add one item to yoru list for home users. Install a “sandbox” application to add another layer of defense. I wont personally endorse any single brand but if the user googles “sandbox application for windows”, they will come up with some solutions. I have childrens so I was constantly re-installing my XP operating system at least once a quarter. Then i got smart ( i think) and got them their own computer so I as then re-installing 3 deskstops every quarter. i did say i got smart right? Yes, I did and here is where I got smart, I installed a sandbox application on all 3 and in the last 4 years, not one single virus was able to cause me to re-install.

Leave a Reply

Your email address will not be published. Required fields are marked *