PaulDotCom mailing list archives
Protecting your family
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Sun, 7 Feb 2010 19:09:59 -0500
Hello Jason, This is fairly broad question. You did not mention whether your primary home machine was Windows, Mac, or Linux. I am going to presume Windows (may be a bad assumption). This is not an exhaustive list by any stretch but this is the first steps I take when locking down a home machine. 1. Secure home wireless/cable/dsl modem/router a. Change default password and username. Create a 15+ random password. Kee Password Safe is great for creating and storing passwords. b. Set to block everything originating from outside c. Turn off Universal Plug and Play (UPP) 2. Update and lockdown FireFox/IE/Chrome (or whatever browser you are using). Just Google lockdown <browser name> to get useful instructions. 3. Lockdown OS a. Turn on Windows Fire wall and set it to block all outside originating connections and to allow no exceptions b. Turn on Automatic updates (make sure if using XP or older to upgrade to Microsoft Update to make sure other Microsoft products are included - 7/Vista already has support for this built into Windows Update) c. Disable/uninstall any unnecessary services. BlackViper (http://www.blackviper.com/) is a great site that helps guide you through which services you can probably live without d. Setup and run under a Standard (non-Admin) account. This can be a little painful but well worth it. This is a little less painful if you are running Windows 7/Vista (due to UAC, file/registry virtualization). Be real leery of any process that request elevation - this is an example of a good reason to setup a completely separate standard account (as opposed to running as admin and relying on 7/Vsita split tokenization and elevation options). You more apt to think a little more about it if you are required to enter in another user name and password to elevate as opposed to just hitting "ok". e. If you are not needing to access the computer from another computer, disable "File and Print Sharing" for the network adapter. If you need to share with other machines limit access to local machines through the Windows Firewall (though this would require tweaking point "a" since you are now allowing exceptions but hey that is tradeoff between functionality and security) f. Turn off auto-run (a previous Microsoft update partially disabled this but not completely. To be safe manually disable) g. Configure BIOS to require password to make any changes to it (make sure to save password - if not you will have to pull battery to reset) h. If running XP or lower, consider upgrading to Windows 7 4. Update and harden commonly used 3rd party apps ( Office, Adobe reader & Flash) a. If supported, turn on automatic updates for 3rd-party applications b. Google hardening/locking down <app name> - For Word/Excel lock down macros/vba behavior. For reader consider disabling Javascript (unless you absolutely need that behavior) c. Install and run on a regular basis Secunia PSI (this is free for personal home use). It will give you the patch status on many 3-rd part apps not covered by Windows Update. 5. User behavior (this probably should be number one. All the above steps will not do much good if you open bad attachments/click on links/install programs) a. Use common sense when using email and browsing the web. i. Do not open attachments from suspicious/ out of the ordinary looking email (regardless of the sender or file attachment type) ii. Do not click on links embedded in said emails iii. Don't provide sensitive information in response to emails or links embedded in emails. When dealing with sensitive sites (banking, paypal, ebay, etc) go directly to that site and don't rely on links embedded in emails. iv. Be leery of downloading information from suspicious/out of the ordinary websites. Well these are the first steps that I would take when securing a home Windows machine. Of course there is no such thing as 100% security but this should make you a bit more secure. I hope it helps. Jody _____ From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jason Guyer Sent: Sunday, February 07, 2010 4:35 PM To: Pauldotcom at mail.pauldotcom.com Subject: [Pauldotcom] Protecting your family I have a baby girl on the way and it suddenly hit me, what am I going to do to protect my family (myself included) from online attacks? There are content filters like squid proxy as well as things that do more like "Untangle" or I can filter through OpenDNS. Any options or suggestions? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100207/7841d7ba/attachment.htm
Current thread:
- Protecting your family Jason Guyer (Feb 07)
- Protecting your family Francois Lachance (Feb 07)
- Protecting your family Jody & Jennifer McCluggage (Feb 07)
- Protecting your family Jody & Jennifer McCluggage (Feb 07)
- Protecting your family Jody & Jennifer McCluggage (Feb 07)
- Protecting your family Timothy Legge (Feb 07)
- Protecting your family Raffi Jamgotchian (Feb 07)
- Protecting your family Duncan Alderson (Feb 08)
- Protecting your family Nick (Feb 08)
- Protecting your family Nathan Sweaney (Feb 08)
- Protecting your family Scott Webster (Feb 08)
- Protecting your family Jason Guyer (Feb 10)
- Protecting your family Dan Stadelman (Feb 12)