procedures

The following series of discussions and slide shows will cover some basic lockdown and hardening of your home network and computer. This section is intended for home users, not business networks.  Please note that topics covered here involve changing the configuration of your computer and hardware devices which if not done properly can cause problems with the functionality of your computer and/or home network.  Network Security Experts takes no responsibility for anything that may go wrong.  Believe it or not, things do not always go as they should in the IT world.  You are welcome to use these practices at your own risk.

Before you get too involved with this site, you should have a complete backup of your critical data in the event you need to restore your computer.  As we said before, things don't always work as they should in the IT world.

Keep in mind that these procedures are very basic and are meant for the novice.  These procedures are not meant to be a replacement for antivirus protection and a good malware/spyware removal program.  If you do not have these basic measures on your home PC, click on the links page and choose one of the free antivirus and malware/spyware programs to download and install.

There are many of you that know you can do hundreds of different little tweaks here and there to lockdown and "secure" your computer.  Please keep in mind that you must balance between functionality and security.  I have seen far too many home users spend hundreds of dollars every year on their computer because they made their computer so incredibly "secure" that it became unusable.  This always results in paying a professional to repair your computer, usually at the cost of $95/hour or more!!!  SO BE CAREFUL!!!

So once again, let me give you 4 very simple steps that you should take before you even think about further securiing your system:

1. Have antivirus installed and running.  Ensure your antivirus is set to update at least once a week.  Many packages will check automatically for updates every day.
2. Have a malware/spyware removal utility installed on your computer.  Update this software once a week and run a full scan on your computer once a week.
3. UPDATE, UPDATE, UPDATE!!!!!!!!!!!!!!!!!!!!!  Enable automatic updates on your Windows machines. If you are unsure if this is running or not, just open up Internet Explorer, click on Tools, then Windows Update.  Choose Express Updates and follow the prompts.  It does not hurt to check this once a week.
4. It is recommended that you run a firewall of some sort.  I would just stick with the Microsoft firewall if you are running Windows XP Service Pack 2 or later.  You can also download one of the free software based firewalls from the links page.  Keep in mind that many of these firewalls are not very user freindly for the novice and can stop your computer from getting to the Internet in some cases.

If you are not abiding by at least the first 3 of these recommendations, you are pretty much headed for a lot of trouble if your computer touches a high speed Internet connection.

Microsoft Windows XP - You will receive a warning from Internet Explorer on this slide show.  Make sure you allow the active content to run.  It poses no risk to your system.

When I was taking my ethical hacking training, we were told to go on a war drive.  A war drive is when you take a laptop and any wireless card and just drive around mapping out all of the unsecured wireless networks you find.  Potentially, a mailicious user could utilized any unsecured wireless network and carry out attacks on other networks around the world.  When the attack is traced back to it's source, it comes back to some poor unsuspecting home user who does not have a clue to what happened.

To start with, you should at least enable WEP encryption which is still very weak and incredibly easy to hack, but it is better than running no type of encryption on your wireless access point.  If you do not know how to do this, contact your Internet Service Provider or local Computer Shop.  They will be happy to help you accomplish this lock down for very little labor.

The preferrable wireless lockdown would involve using WPA2-PSK wireless encryption.  WPA2-PSK encryption is much stronger than WEP and easier for a home user to utilize.  With WPA2-PSK, a home user is asked for a "shared key" or password to connect to the wireless network.  Ensure your password is a minimum of 8 characters long, utilizing alpha and numberical characters.  With this added protection you will ensure that only computers in your home are allowed to connect to your wireless access point.  After all, why should you share expensive Internet with someone you do not know and is not helping you paying for it?

To put it plainly, invest in a firewall.  There are many hardware firewalls ranging from $40 - $600 for Small Office/Home Office, so these devices are pretty affordable for most anyone.  If you do not want to invest in a firewall appliance, consider once again investing in one of the commercial Antivirus Security Suites listed on the links page, or speak with your Internet Service Provider for managed options they may be able to provide you.  Most of the broadband routers utilized for home high speed internet have some firewall functionality built into them to restrict what ports can be used within your network.  

If you are serious about good firewall protection for the home, Network Security Experts recommends the Watchgaurd line of firewalls.  They are very affordable and can come packaged with very nice features such as web content filtering, gateway antivirus, and intrusion prevension services.  You can visit Watchguard's web site by visiting the Links page..

There are thousands of different ports you can open and close on a firewall, but I will keep it simple and just list some of the most common outgoing ports which work for most home users.

TCP Port 80 - HTTP or Web Browsing
TCP Port 443 - HTTPS or Secure Web Browsing
TCP Port 25 - SMTP utilized for e-mail
TCP Port 110 - POP3 utilized for e-mail

Depending on your firewall of choice, you may need to double check and ensure all incoming traffic is denied by default except for the traffic requested by you.  Usually not a problem, but you may want to check with your firewall vendor to ensure your device is configured correctly.

In a basic firewall configuration you would close all ports except those listed above.  If you use Instant Messaging or Chat, you should consult with the vendor providing the service on what ports are needed for their program to function.

If you have no idea what we are talking about, please consult with a firewall expert about options available to you for your home network.