Monday, February 7, 2011

A home network security primer

I just gave a career-day talk on computer security to the 1st grade class at my kids' elementary school.  If you think public speaking in front of adults is hard, try talking to 75 six- and seven-year-olds!  While they seemed to love the various hacking and countermeasure stories, for some reason they latched on to the idea of hacking cars, and for the rest of the talk kept asking questions about air bags...

During my talk, one of the adults asked how I recommend securing a home network, and what I do at home.  The answer would have been over the heads of 1st-graders, and taken longer than the time I was alotted, so I thought I'd address it in the form of a blog. There are four things I see as the foundation to a secure home network: always installing the latest patches, a firewall to keep bad stuff from coming in, a web filter to keep you from accidentally getting to bad stuff, and an antivirus program to catch and remove the bad stuff that will inevitably fall through the cracks.

Windows and Mac OS both have an auto-update feature that will automatically install any patches and software updates for the operating system (and in the case of Windows, for Microsoft products such as Internet Explorer and Office).  Other products have similar features - just make sure they are turned on.  Some of the more common products you may have that need to be updated regularly are Firefox, iTunes, Adobe Reader, Adobe Flash, and Java.  Patches frequently fix bugs that attackers exploit to do things with a computer that you did not intend.  Some of the more famous virus and worm events could have been prevented by simply installing patches already available from the vendors.

If you have a wireless network (also known as a wireless router or wireless access point), it almost certainly has a built-in firewall.  If not, Windows has a built-in firewall that you can turn on by going to the control panel and opening the "Windows Security Center" panel.  More and more entertainment devices are becoming Internet-aware, though (game consoles such as the Wii or Playstation; set-top boxes such as Roku or Tivo; Blu-Ray players, and now even televisions themselves).  If these devices are connected straight to the Internet, they can become targets for hackers.  If at all possible, they should be connected through either a wireless router, or through a hard-wired router that has a built-in firewall.  Oh, and on the topic of wireless networks, make sure the wireless access itself is secure! (basics, advanced). 

A web filter is commonly found on library and school computers, and frequently on corporate networks as well.  It is intended to prevent access to inappropriate content, but in many cases will also prevent access to sites known to host malware.  http://www.k9webprotection.com/ offers a free web filter for use on personal computers - I run it on every system in my home.  It prevents me and my family from accidentally stumbling into things we don't want to see, but it has also dramatically cut the amount of malware we see on our computers.

Lastly, run an antivirus program on your computer (even a Mac - Apple has a reputation for not having malware problems, but it is not necessarily true.  There are viruses and worms on Macs, and they are gaining popularity among hackers).  Microsoft's free Security Essentials (http://www.microsoft.com/security_essentials/) is pretty good, and you can't beat free.  On the subject, pay attention to the antivirus program you have installed, and know what it looks like - a common malware theme the past few years is to pretend to be a new antivirus program that has detected malicious software on your PC.

These are only the the bare minimums, but are a solid foundation for a secure home network.  Some places to go for more education:

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.