If you are like me, then you are always looking for ways to increase the security of your home network. Threats to your network, devices and to your files can come from anywhere online. So it is important to take the necessary steps to ensure your home network is secured.
This post will outline some of the settings that I use to protect my network, devices, and files from both malicious software and users.
Router Security Tips
The first line of defense of my network starts at the access point from the Internet into my network – the router. The router I am using is a Linksys E4200. It is an older router and only supports Wireless-N.
I have flashed DD-WRT onto the router, so I have many more options than with the stock firmware. The DD-WRT firmware allows me to apply more security onto the router and adjust many more settings than the stock firmware allows.
Here are the settings I have configured in my router:
- Administrator ID and password changed
- I have changed both the administrator and password for the router.
- Enabled WPA2 with passphrase
- Probably the most important security of wireless. I have configured my wireless network to use WPA2 with a strong passphrase. I always have to look it up when I want to connect a device.
- Using OpenDNS
- To help manage what sites my network can access, I use OpenDNS as my DNS servers in my router. This allows me to block certain domains that are not appropriate for my kids, which also includes malicious sites.
- Configured a guest network
- I have setup a guest network for guests to use. The guest network uses WPA2 with a much easier passphrase to remember so I can easily remember it. It is also prevented with firewall rules from communicating with the main network. This network also uses OpenDNS and the firewall rules enforce he use of OpenDNS.
- Disable WPS
- WPS is a security issue and I don’t use it, so I disable it.
- Disabled remote access
- I can’t access my router from the Internet. I can only access my router from a computer hard-wired into the router.
Computer Security Tips
Even though I have secured my router, I also need to make sure each computer that is connected to my network is also secured.
For guest computers, I can’t verify what is installed or not installed. This is the reason I have those computers connect to the guest network.
Here is a rundown of what security settings and software I have configured on my home computers.
- Never run as an administrator
- For seven years I haven’t found real need to run as an administrator. In fact, I can give you many reasons not to run as an administrator. I don’t run as an administrator on any of my computers.
- Google’s Chrome as my Web browser
- I use Chrome for its sandboxing and extensions features. One of the benefits of Chrome is tat each tab is a separate process so one tab doesn’t crash another tab. Firefox is my secondary choice for a Web browser.
- Use uBlock Origin in Web browsers
- When it comes to websites, I don’t trust many sites online, especially the JavaScript. uBlock Origin is always running in Chrome so I can choose what sites run JavaScript.
- I don’t use Flash
- Flash is disabled in my main browser. I find I don’t need to use Flash as much but if I do, I have another browser with Flash enabled that I will use to display Flash content when needed.
- Use a software firewall
- A hardware firewall can block access into my network, a software firewall can block application from connecting to the Internet. If I do get infected with malware, I don’t want it to connect outside my network, so my software firewall blocks the attempt. The built-in Windows firewall works for me.
- Anti-malware software installed
- I have Malwarebytes Anti-Malware Premium installed on my main desktop, with scheduled scans each week. On other computers I have the free version and run scans periodically.
- Anti-virus software installed
- I am not a big believe in anti-virus applications these days as they are basically reactive software. To avoid too many applications from being loaded, I just stay with the anti-virus built into Windows. Anti-virus scans are scheduled on a weekly basis.
- Windows and installed software is kept updated
- I always try to install the latest updates for both the operating system and installed software. Microsoft releases patches on the second Tuesday of every month. Adobe follows the same schedule, but other applications will provide a notification.
- Always keep in mind that all software has security flaws
- When it comes to software, I try to remain vigilant. I believe that all operating systems and applications have security flaws.
Data File Security Tips
I also look at security down to my data file-level. This means how can I best protect my files, both from an operating system and restorative perspective.
Here are some tips that I currently have implemented, and you may do the same as well.
- Multiple backups
- I always keep multiple backups. Two copies of my files are stored locally, and two copies are stored offsite.
- Automated backups
- I have automated my file backup process. When a file is placed in a folder, it is automatically mirrored onto a second, local hard drive and also uploaded to my online backup cloud.
- I don’t have write-access to my data files outside my server
- I go to great lengths to protect my data files. Any new files or changes are written to a staging folder, and a service on the server copies the changes to the master folder. The folders that contain the master copies of my data are always mapped with a read-only account.
That is my list of security settings and tips that I have applied within my home. Security involves multiple layers to properly protect your home network and all devices that connect to that network. While you may not implement as many features, it is important to recognize that you must apply some security on your network to protect our computer and data files.