How To 

Home Cybersecurity Recommendations

While it is impossible to ensure your home network is 100% protected at all times, there are several easy steps you can undertake to minimize your exposure and risks.

Operating System and Applications:

- Keep Windows/OS X/Linux up to date: Updates are free and should be applied, when available, to prevent potential security issues while maintaining optimal stability and system performance.
- Applications updates: The same goes for keeping your applications and programs up to date. Often, developers provide updates to address security issues and to increase functionality.
- Driver updates: Drivers are the applications that are used to allow your hardware devices to communicate with your operating system. Keeping these up to date will ensure both security and performance remain optimal. Pay close attention to the drivers for these devices, in particular: video adapter, audio/sound adapter, network adapter, motherboard chipset, Input/Output adapters (i.e. USB, Firewire, Thunderbolt, etc ports), and printers.
- Don’t give kids the keys to the car: Don’t allow kids to have administrator access to your devices, and not even their devices when possible! This way you control what gets installed, and when. Only give them “normal user” access to devices, when possible. You should also use “normal access” accounts when conducting day-to-day activities and only use admin access when required.
- Don’t allow kids to use your account: Configure accounts, with appropriate permissions, for each child. When they have access to your account, they have access to your files.

Anti-Virus and Anti-Malware Applications:

- Protection is crucial: Consider the use of anti-virus applications as your system’s immune system protecting it from illness. If you don’t use and keep current, it is only a matter of time before you contract an illness. You MUST use, and keep up to date, an anti-virus program. Period.
- Not just viruses: There are lots of little “nasties” that can be deposited onto your system through interaction with various websites. Anti-malware applications help to remove and protect you from these threats. There are stand-alone products and security suites (combine both anti-virus and anti-malware applications) to deal with these threats. While not as critical as the use of anti-virus tools, anti-malware applications are highly recommended.

Browsers:

- Your window to the World: Your choice of a browser can be just as crucial to on-line protection as the use of an anti-virus program. Some browsers are more secure than others. Whatever one you choose to use, keep it updated! Also, below are a few tips to make it more secure
- Use HTTPS sites whenever possible, the “S” means the link is secure (encrypted)
- Don’t save passwords in your browser. If compromised, others will have access to your accounts
- Clear history upon exit
- Enable the “Do Not Track” function in your browser
- Use ad-blocking add-ons to minimize intrusive advertisements and to reduce the remnants they leave behind on your system (possible source of malware). Free tools like Ad-Block Plus are used to manage this.
- If you visit questionable sites, use private sessions (in cognito modes, etc) to reduce what gets saved to your computer or boot from a “live disk” to prevent anything being written to your system. You can also use a “sandbox” to isolate sessions from having direct access to your system (i.e., http://www.sandboxie.com/).

Routers/Firewalls:

The Moat and Walls to the Castle: You must use a router. Connecting a device directly to the Internet (via your cable modem for example) is just looking for trouble. A router will allow multiple devices to access your home network, establish a wireless internal network, and protect your internal devices from external threats. But you must ensure your moat and walls are secure
- Update your router: Routers can receive updates to the code that the devices use to manage and secure your network. Keep your firmware up to date, even if you choose to use a 3rd party firmware
- Disable external access: It is very rare that you’ll ever need to access your router from outside of your internal network. To prevent outsiders from accessing your router, simply disable this function
- Always change your admin password and default network name: This can’t be stressed enough, always, ALWAYS, and let me say again always, change your admin password to something only you know (and don’t give this info to anyone not trusted, especially the kids if you have them). Changing your default wireless network name is a good idea as well. If you leave as “linksys”, for example, and you haven’t changed the admin credentials, it is easy for an intruder to determine the default information for a Linksys device.
- Use the strongest possible encryption supported by your devices: There are multiple encryption methods available to most devices. Use the strongest possible type. WPA2 is preferred, when available. Also, make sure you use a complex password (Uppercase, lowercase, numbers, special characters) to secure your wireless password and change this password often (every 30 days for example). Do not share this password with others outside of your family members and make sure they don’t share as well.
- Security over convenience: Don't be fooled by the convenience of "push button" ease of use or short numerical passwords via WPS. It sounds good, but it is too easy to bypass and makes your network and devices vulnerable.Just say "NO" to WPS.
- Give Guests their own network: If you have visitors and your router supports it, set up a guest network. Use the same rules as above to secure it. Only enable this network when needed, disable otherwise. This will protect your home systems from the foreign systems connecting to your network.
- Disable SSID broadcast: You can tell your router not to broadcast your wireless network name. While this won’t deter an advanced intrusion attempt, it will help to keep an “honest person, honest” and make it more difficult for the occasional intruder to detect your network.
- White/Black Lists: You can enable (white list) users/devices or disable (black list) the same as desired. You can also limit the time certain devices can access the Internet with these controls, to include enabling Parental Controls when appropriate with many routers.

Recommended Applications:

These are the applications I use to protect my Windows systems:

Anti-Virus: Windows Defender. Free. Comes with Windows 10 and gets the job done. Using Microsoft Security Essentials on the remaining Windows 7 system I have. Integrates well with rest of Windows/Microsoft tools, like Windows Update. Minimal resources in terms of storage and computing power. Not as feature rich as other products, but if you practice safe computer use, you don’t need more.
Windows 7 and Vista: http://windows.microsoft.com/en-us/windows/security-essentials-download
Windows 8.x/10: https://www.microsoft.com/en-us/safety/pc-security/windows-defender.aspx

Anti-Malware: Malwarebytes (Free Version). Great tool for scanning and monitoring malware infestations. Excellent tool for removing nasties as well. Updates are provided daily (actually multiple times a day). Paid versions offer more features.
https://www.malwarebytes.org/

Anti-Telemetry : Spybot Anti-Beacon. Free. One of the greatest criticisms associated with Windows 10 is in terms of privacy and the amount of data sent to Microsoft when Win does 10 “phones home”. This telemetry data can affect data use rates and could be used (potentially) as a marketing tool to target products to individuals. Spybot’s Anti-Beacon lets you minimize/stop this traffic.
https://www.safer-networking.org/spybot-anti-beacon/

Cookie Cleaner: CCleaner (Free version). The first C stands for a different word that rhymes with trap. This application lets you clean up the cookies and temporary files left behind from your browsing sessions and system updates. You can also use to clean up registry “orphans” when programs leave behind remnants due to poor update/uninstall routines.
https://www.piriform.com/ccleaner

Monitoring Kids: In addition to enabling Parental Controls with your router, you can also use applications like K9 Web Protection. Free. Prevents kids from accessing sites you would rather they stay away from. The barking dog alert is a nice feature to alert you to Junior’s activities.
http://www1.k9webprotection.com/

This is not intended to be an all-inclusive list of tools, applications, and settings.There are alternatives to all of the previously mentioned applications. Use what you prefer and make sure to update whatever tool you are using to ensure the best possible security for your network and devices.

You don't have to spend a lot of money and time to secure your network and devices. However, if you don't take precautions, you will regret the amount of time and effort it can take to recover from an intrusion or attack. The bottom line, be smart and you'll be safer.
 
Status
Not open for further replies.
I would like put in a small recommendation for the BitDefender Box 2 and pfSense open source here.

Bit Defender Box 2 will defend all the devices on your network, not just your phone, tablet, and PC. It protects IOT and other devices like printers, IP cameras, NEST, Roku, Alexa, etc... It is a Deep packet inspection firewall with built in anti virus.

Mine scanned my network to see what was attached and identified the OS or hardware manufacturer. Mine successfully identified my network printer and scanned it and told me it had a backdoor on it that is an easy admin password. Logging in I didn't see it anywhere. However after googling the problem, it's a known issue.

A nice side benefit is it comes with unlimited licenses of bit defender for one year. For someone like me with a lot of devices, that saves me a lot of money and allows me to protect more devices.

Not only that, but I can remotely monitor and shut down any of my childrens devices any time I want or on a schedule.

Combined with Google Family Link, it's a good way to keep your family safe.

pfSense is for more advanced users obviously. But it works well and with optional plug ins is pretty darn secure as far as I can tell from security websites I read.
 
  • Like
Reactions: fim and COLGeek
Status
Not open for further replies.