Security For Ordinary PC Users
Wendy Tate and Farida Ali of Dynamic Computer Corporation
Most security articles are written for network administrators charged with the security and availability of corporate networks. As computers have become a pervasive tool in the office, however, they have begun to be an indispensable one at home as well. Around 73% of US homes have a PC in them, and about half of US homes have broadband internet service of one type or another. Many of us are also administering second or third PCs for children, teens, or elderly relatives. While the home PC should definitely not contain corporate secrets, they do safeguard some data close to users’ hearts. Imagine how it would feel to lose your family photos, tax records, little Janie’s homework projects, emails from great-grandpa, your confirmations and boarding passes for next week’s vacation and your grandma’s recipe book all in one blow. The data on that home computer is important to you, if not to the network administrator at your office.
Why would anyone attack your home PC? Simply put, there is a great deal of money to be made by enslaving your computer and using it for nefarious purposes, such as sending SPAM for profit, distributing illegal files, or hacking other networks. Some hackers make a great deal of money by stealing your financial and personal information, and either reselling it to other criminals or using it to make purchases themselves. Either way, a large percentage of PC attacks are made for profit. Frankly, home computers tend to be easy targets, since they don’t have professional defenders like corporate networks do.
So, without a professional defender, how can you go about assuring your computer and the rest of your family’s PCs are secure? Here are some recommendations.
1. First, you should definitely consult your system support personnel if you work from home. If you use your broadband access to connect to your employer’s network via a Virtual Private Network (VPN) or other means, your employer may have policies or procedures relating to the security of your home network. Those should supersede what you are reading here, so be sure to consult with your employer’s support personnel, as appropriate, before following any of the steps outlined in this document. You can use the information below to prompt discussions with support staff, or to help you administer other family computers.
2. Use virus protection software and anti-spyware software. Anti-virus software is a must-have for all Internet-connected computers. Inexpensive AV software often comes packed with your new PC. Be sure to keep your anti-virus software up-to-date, using automatic updates when available. Depending on the software you choose, you may also need to renew your subscription annually to keep receiving updates. If you do not renew your subscription, you may as well not have antivirus software at all. If AV software is not up to date, it absolutely cannot work properly. Antispyware software has also become important as more and more hacks are delivered in rootkits and other non-viral means.
3. Use a firewall. There are two types of firewalls; a hardware firewall, which is a network appliance, or a software-based firewall, which runs on your computer. Intruders are constantly scanning home user systems for known vulnerabilities. Firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. Software firewalls need to be kept up to date when manufacturers release patches to correct flaws or security holes. A firewall is never infallible, so it is important to continue all the other security measures after it is installed. It’s also best not to ‘poke holes’ in your firewall if you can avoid it. If you find yourself digging through the settings to open ports without knowing exactly why you are doing it, it is time to reconsider. Most good software for the PC these days is designed to work through firewalls without disabling them. If you’ve downloaded a software package that is being blocked by your firewall, it’s a good idea to check online for reviews of that software and make sure it’s safe to use.
4. Don’t open email attachments unless you can verify they are legitimate. Before opening any attachment, be sure you know the source of the attachment. It is not enough that the email originated from an address you recognize, because many hacks are specifically designed to utilize familiar email addresses to disguise their true points of origin. If you are in doubt, ask the other person whether they have sent you an attachment purposefully. Any good net citizen will be happy to verify their attachment for you.
5. Don’t run programs of unknown origin. Never run a program unless you know it to be authored by a person or company that you trust. Also, don’t send programs of unknown origin to your friends or coworkers simply because they are amusing — they might contain a Trojan horse program or a rootkit. If you are wondering whether to install a program, you should try to investigate it first. There are a great many authors who post excellent software reviews online. Try running a google search on the name of the software and the word ‘review’. This should give you some idea whether or not the software is legit. If you can’t find a decent review, odds are you shouldn’t run the software.
6. Keep all applications, including your operating system, completely patched. Vendors will usually release patches for their software when a vulnerability has been discovered. Read the manuals or browse the vendor’s web site to make sure you understand how to keep the software current. Some applications will automatically check for available updates, and many vendors offer automatic notification of updates via a mailing list. Look on your vendor’s web site for information about automatic notification. If no mailing list or other automated notification mechanism is offered you may need to check periodically for updates. If the PC has been turned off for a few weeks while you were away, the first thing you should do is update your software when you turn it back on. The key with updates is that they need to be performed frequently enough to ‘patch’ security holes before they can be exploited. Make it a rule in your house that Windows Update should always be allowed to do whatever it wants, and that the kids aren’t allowed to interrupt that process. If a reboot is required, it should be performed right away.
7. Turn off your computer or disconnect from the network when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network. This will also save you money on your energy bill, and may extend the lifespan of your computer.
10. Make regular backups of your data. Here are the basics of data backups:
11. Make a boot disk in case your computer is damaged or compromised. To aid in recovering from a security breach or hard disk failure, create a boot disk on a floppy disk which will help when recovering a computer after such an event has occurred. Remember, however, you must create this disk before you have a security event. For information on creating a boot disk, check your operating system vendor’s web site.
12. Review your computer security plans with all the users of the computer. It’s important to make sure everyone is playing for your team, and that no one is shutting off the firewall or delaying Windows from performing updates. They also need to know how to avoid downloading malicious software.
13. Prepare everyone in the home for social engineering attacks. A social engineering attack uses persuasion and coercion to convince users to allow access to a hacker. Unfortunately, awareness of social engineering is low, and surveys have revealed that nine out of ten people will give their password in exchange for a chocolate Easter egg. Tell your family that they should never share their passwords or give out their personal information online. Try to familiarize them with phishing tactics, too.
Unfortunately, good PC security will only defend your PC from data-based attacks. If you have children or elderly folks at home using the computer, you should be aware that they are preferred targets for the worst types of internet predators. In this case it is not just your data or your computer you must protect, but also your loved ones themselves. In the case of children, you should make sure they will absolutely never share their name, address or city, phone number, or the name of their school, their travel plans or schedule, or where they like to play. Make sure kids know they should invent usernames that do not resemble their real names or reveal any personal information. Inform your kids that they should never agree to meet an internet friend in person, and that people on the internet might not be what they seem. If anyone on the internet is being pushy with them, or making them feel uncomfortable in any way, they should report it to you immediately. Consider installing software to monitor your kids online, and make sure you’re checking on them to make sure everything is okay.
The elderly are often targeted by a different breed of cybercriminal, who will attempt various cons to perform identity theft, financial theft, and other types of fraud. Respectfully recommend that your elderly loved ones check the FTC’s web site at http://onguardonline.gov/index.html. This will give them many tools to detect and avoid the types of scams often aimed at them