Protecting your family

[j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)]

Hello Jason,

 

This is fairly broad question.  You did not mention whether your primary
home machine was Windows, Mac, or Linux.  I am going to presume Windows (may
be a bad assumption).

 

This is not an exhaustive list by any stretch but this is the first steps I
take when locking down a home machine.

 

1.      Secure home wireless/cable/dsl modem/router

a.      Change default password and username.  Create a 15+ random password.
Kee Password Safe is great for creating and storing passwords.
b.      Set to block everything originating from outside
c.      Turn off Universal Plug and Play (UPP)

2.      Update and lockdown FireFox/IE/Chrome (or whatever browser you are
using).  Just Google lockdown <browser name> to get useful instructions.
3.      Lockdown OS

a.      Turn on Windows Fire wall and set it to block all outside
originating connections and to allow no exceptions
b.      Turn on Automatic updates (make sure if using XP or older to upgrade
to Microsoft Update to make sure other Microsoft products are included -
7/Vista already has support for this built into Windows Update)
c.      Disable/uninstall any unnecessary services. BlackViper
(http://www.blackviper.com/) is a great site that helps guide you through
which services you can probably live without
d.      Setup and run under a Standard (non-Admin) account.  This can be a
little painful but well worth it.  This is a little less painful if you are
running Windows 7/Vista (due to UAC, file/registry virtualization).  Be real
leery of any process that request elevation - this is an example of a good
reason to setup a completely separate standard account (as opposed to
running as admin and relying on 7/Vsita split tokenization and elevation
options).  You more apt to think a little more about it if you are required
to enter in another user name and password to elevate as opposed to just
hitting "ok".
e.      If you are not needing to access the computer from another computer,
disable "File and Print Sharing" for the network adapter.  If you need to
share with other machines limit access to local machines through the Windows
Firewall (though this would require tweaking point "a" since you are now
allowing exceptions but hey that is tradeoff between functionality and
security)
f.      Turn off auto-run (a previous Microsoft update partially disabled
this but not completely.  To be safe manually disable)
g.      Configure BIOS to require password to make any changes to it (make
sure to save password - if not you will have to pull battery to reset)
h.      If running XP or lower, consider upgrading to Windows 7

4.      Update and harden commonly used 3rd party apps ( Office, Adobe
reader & Flash)

a.      If supported, turn on automatic updates for 3rd-party applications
b.      Google hardening/locking down <app name> - For Word/Excel lock down
macros/vba behavior.  For reader consider disabling Javascript (unless you
absolutely need that behavior)
c.      Install and run on a regular basis Secunia PSI (this is free for
personal home use).  It will give you the patch status on many 3-rd part
apps not covered by Windows Update.

5.      User behavior (this probably should be number one.  All the above
steps will not do much good if you open bad attachments/click on
links/install programs)

a.      Use common sense when using email and browsing the web. 

                                                               i.      Do
not open attachments from suspicious/ out of the ordinary looking email
(regardless of the sender or file attachment type)

                                                             ii.      Do not
click on links embedded in said emails

                                                            iii.      Don't
provide sensitive information in response to emails or links embedded in
emails.  When dealing with sensitive sites (banking, paypal, ebay, etc) go
directly to that site and don't rely on links embedded in emails.

                                                            iv.      Be
leery of downloading information from suspicious/out of the ordinary
websites.

 

Well these are the first steps that I would take when securing a home
Windows machine.  Of course there is no such thing as 100% security but this
should make you a bit more secure.   I hope it helps.

 

Jody

 

  _____  

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jason Guyer
Sent: Sunday, February 07, 2010 4:35 PM
To: Pauldotcom at mail.pauldotcom.com
Subject: [Pauldotcom] Protecting your family

 


I have a baby girl on the way and it suddenly hit me, what am I going to do
to protect my family (myself included) from online attacks? There are
content filters like squid proxy as well as things that do more like
"Untangle" or I can filter through OpenDNS. Any options or suggestions?

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100207/7841d7ba/attachment.htm