04 Jan Protecting network security at home
Typically professionals work in an environment that has thoughtful IT professionals safeguarding the network. In many cases the network health is audited to standards for medical, financial or government security.
At home much of network security is left to the homeowner without much help from the team at work.
Our work with computer forensics and network defense gives us opportunities see first hand what goes wrong. Surprisingly some preventative measures are quite simple and painless. Here are some ideas that we have found to be effective. Give them a try.
Segregate duties. In any business the person handling cash is not the person accounting for it. Make your home the same by getting a computer whose only job is to connect to your bank and investments, no surfing or email. Avoid the temptation to use that old XP machine that is no longer getting security updates. Buy a new netbook for only $200. No other computer or smartphone should be allowed to connect to financial web sites. This will break the chain of
opening a bad email attachment → getting infected → keylogger is installed → crooks get into your bank account login.
Clean up WiFi. Make a new year’s resolution to set all of your WiFi access points to WPA2. That’s the only level of security that should be used. If you don’t know how to do this look it up online or get a relative to help. Having less than WPA2 compromises the security of your WiFi network and runs the risk of having a drive-by download of child porn be blamed on you. If you don’t use WiFi turn it off, including the sneaky WiFi connection provided by your friendly Internet service provider.
Use 100 different passwords. Each online account should have a different password. This prevents a data breach at one merchant from opening the door to all of your accounts. It’s easy to do this with a password manager like Keychain for Apple devices. There are lots of 3rd party password managers for like KeePass (for Windows, Linux, Mac, iOS). If you want a cloud based password manager check out LastPass. Any of these techniques does a lot to protect passwords. Be sure to use a long complex password and 2-factor authentication for the password manager.
Have a bunch of email addresses. Any decent email provider will let users have a bunch of different email addresses. Use different ones when you buy stuff on the web, join a listserv, … If you buy a domain of your own you can have hundreds. That is enough for every conceivable place that you sign in with an email address. When one gets spammed you can just direct email to another one and kill the spammed one. It’s better than getting 600 spams to your primary email address. That happened to me before I started using hundreds of different email addresses.
Straighten out your browser. Use any browser except Internet Explorer. Add Ghostery, watch the support documentation, turn off trackers, beacons and privacy problems. Your browser will reward you by having fewer ads, less leakage of your browsing habits and faster performance.
Use 2-factor logins. Just a password is not enough to protect critical online accounts (especially if the password is the name of your best friend, Fido). Get your bank to set up a token that generates pseudorandom numbers for logins. Check out Duo or phone apps for Microsoft Authenticator, Google Authenticator. Some web sites are set up to send a PIN number directly to your phone via a text message; that’s good too.
It’s no joke. Set up your mail program to only show the subject, sender, etc…. not the contents of an email. This will allow you to delete the ones that say “This is really funny” without opening the email (or even worse) clicking on the link to hackers in a country that you don’t want to visit.