The Internet is a haven for both viruses and malware that infect millions of computers each year. These types of software are coded to do a specific task, such as steal personal information, restrict access to a computer to extort money, or just make a computer inoperable. There are many bad things that can happen because of malware, and most, if not all malware, originates from the Internet.
While it may seem like an impossible task to prevent malware from being installed on your computer, in reality, it can easily be controlled by practicing “safe computing.” My current desktop is over 4 years old, has the same first install of Windows 7, and has had no virus or malware installed because I practice “safe computing.” Safe computing isn’t complex to understand, and usually just requires setting up both your computer and network to help protect all devices that are connected to your network – most settings you will only need to change once.
Securing Your Router
The biggest area to focus on to secure your Internet connection involves the device that provides access to the Internet from your local network – your router. Routers that are sold are not secure by default – the own is responsible for properly securing the router. Router manufacturers, however, do give instructions on how to secure their router, so you should take the time to follow those instructions.
Below is a quick summary of what you should look for to secure your router:
Change Administrator User Name and Password
Whenever you start to secure a router the first thing that should be done is to change the username – if possible – and password for your router. Since router usernames and passwords default values are published online, anyone can look up that information and attempt to log into your router. Once that happens, they can do whatever they want, even install malware in the router.
To prevent such malicious activity, you should first change the username and password to your router.
Note:
Don’t forget the username and password to your router – you can’t recover this information. If you do forget the username or password, then you will need to reset your router back to factory defaults and then secure your router again.
Enable WPA2 With Strong Passphrase
Once the username and password to the router is secured, the next step is to secure the connection to your wireless network. All wireless routers support WPA2, and for good reasons – it is secure. You should enable WPA2 on your router and then enter a long and strong passphrase.
The passphrase is like the password to your wireless network, and you will need to enter the passphrase the first time a device is connecting to your wireless network. Having a strong passphrase means an unauthorized user – such as a hacker – won’t be able to guess the passphrase and gain access to your network.
Disable UPnP
UPnP allows a device to talk to your router and open ports to communicate with your router and the Internet. Such technology is used by such devices as gaming consoles to connect to the Internet without having to worry about managing ports. The idea was that UPnP was to only allow local devices to communicated with your router, but that has not been the case.
Unfortunately, UPnP can also be used from the Internet side of your router as well as the local side. This means that devices on the Internet can communicate with your router and have your router open ports so the Internet device can communicate with your local network. Obviously, you don’t want UPnP to be exposed to the Internet so you should disable the UPnP option in your router. When you do disable UPnP, you will need to manually open ports on your router and forward those open ports the IP address of the device on your network.
Use a Third-Party Firmware
While the router manufacturer’s firmware is good for most people, those that have more technical skills may want to replace the manufacturer’s firmware with something more robust and feature-rich.
Third-party firmware have been available for many years and the two most popular are DD-WRT and Tomato. I now have DD-WRT installed on my router, and that firmware provides many more options than my router’s manufacturer’s firmware ever provided.
Many of the other features allow you to enable or disable security features that may not have been possible with the router’s regular firmware.
Of course, installing third-party firmware does need some technical skills because installing the incorrect firmware can brick your router – meaning your router will be unusable.
Keep Your Router’s Firmware Updated
Just as you need to keep applications updated, you may want to update the firmware of your router, regardless if you use the router’s regular firmware or third-party firmware.
A router’s firmware update can include everything from performance increases, compatibility improvements, but also security patches and enhancements. While you may not need to check for firmware updates on a weekly basis, a monthly basis may be a good idea. Of course, you should read the description for each firmware update to see if you need to do the update.
Install Security Software
Having your router secured is only one aspect of securing your Internet connection. Someone can still download and install malware on your computer, or any device on your network, that can cause harm. The next step is to install software that can help protect your computer. There are several different applications that you can install to protect your computer.
Anti-virus Software
The old anti-virus software that we have used since the days of DOS are still recommended today to help scan and clean your computer for viruses. Installing an anti-virus software is usually one of the tips provided when talking about computer security, but it also applies to Internet security, as well. This is because many of the viruses that infect a computer can send information over the Internet and open ports on your router.
There are many anti-virus software available – some are included in Internet Suites that also include other security software. Whatever anti-virus software you install you must make sure you only install one application. Anti-virus software can conflict with other anti-virus software if more than one is installed on a computer.
Anti-malware Software
While viruses are technically malware, when I talk about security software I always separated anti-malware and anti-virus into two distinct groups. The biggest difference between anti-virus and anti-malware software is that you can install multiple anti-malware software on a single computer, unlike anti-virus software.
Since you can install multiple different anti-malware software, you should do so. The reason? Each anti-malware application may detect and protect your computer from malware that another anti-malware application couldn’t detect.
Much like anti-virus software, anti-malware applications can also load when your computer starts and then scan your computer from time to time looking for malware.
Software Firewall
Your router may include a hardware firewall than can protect your network and computer from malicious attacks from the Internet but it may not prevent an installed malicious application from connecting to the Internet from your computer. That is the job of a software firewall.
When properly installed and configured, a software firewall can alert you when an application or process running on your computer attempts to connect to the Internet. If you recognize the application, then you can allow it to connect, but if you don’t, you should research the application and then decide whether you should allow the connection.
Change DNS Servers
When you enter a URL into your Web browser, the browser will lookup the IP address associated with the domain from a DNS (Domain Name System) server, which is usually provided by your ISP. By default, your ISP DNS servers allow you to access any website online – even the sites that contain malware.
If you are like me and have many people using devices that are connected to your router, then there is a good chance of either having malware or viruses installed that are accessing your network. Those malware applications can be installed from known bad sites, and access specific sites online. An easy solution to restrict access to bad sites is to change the DNS servers to using OpenDNS.
OpenDNS has DNS servers around the world, and can be used to protect your network and computers from accessing known malicious sites by blocking the request to those sites. OpenDNS does this by analyzing the DNS request sent to their servers from your network, and blocking requests to known bad sites.
In addition, you can also set filters to prevent other people who are using your Internet connection to use specific websites. For example, if you don’t want someone to get access to torrent sites, you can restrict access to file sharing and torrent sites. Ad networks can also be restricted so your can see fewer ads when browsing the web.
The easiest way to use OpenDNS is to change the DNS servers in your router. By doing so, anyone that connects to your router will use the OpenDNS servers when accessing the Internet from your network.
Changing Web Browsers
While Internet Explorer has been more secure than earlier versions, I still prefer either Mozilla Firefox or Google Chrome as a web browser. the biggest difference between these two web browsers and Internet Explorer is the fact that both Firefox and Chrome support add-ins/extensions. Since the web browser is what you use to get access to the Internet, it is important to make sure you make the web browser as secure as possible.
The best way to secure Firefox is to use the NoScript add-in, and for Chrome you should install and use the NotScripts extension. Both NoScript and NotScripts do one important thing – stop JavaScript from running.
JavaScript is useful for creating dynamic web pages, but since it runs on your computer and not a web server, malicious users have used JavaScript to install malware. By preventing JavaScript from running on any website, you effectively close one way for malware to install.
When you visit a web page you can display a list of domains that are attempting to load JavaScript. If you trust a site, then you can allow JavaScript to run from that site, otherwise you should keep it disabled. Some sites may not display properly until you enable JavaScript.
One added benefit of not enabling JavaScript for every site is that ads may not be displayed, which eliminates another potential avenue for malware authors to deliver their malicious application, as well as making your web browsing faster.
Don’t Use an Administrator Account in Windows
For most people using Windows involved using an administrator account. This account had unrestricted access to every aspect of a Windows machine, which may sound great, but any virus or malware that was run from such an account also had unrestricted access to the system.
If you do one thing to secure your Windows system, I highly recommend that you no longer use an administrator account for your every day Windows user. Setup your user as a “Standard User” that will help keep your Windows system secure by restricting what your user account – and malware – can do to your system. System-wide changes to your computer can only be performed by an administrator account, so malware won’t be able to make such drastic changes to your system when run with a standard user account.
What happens when you need to make changes to your system? Windows will prompt you for the administrator’s password, which will allow you to make the changes – but just for the application making the changes.
The above list is not a complete list of every security option available to you to secure your Internet connection, it does provide a good basis for protecting your computer and network from malicious software. One thing to keep in mind is that even the best security defenses can be defeated if common sense is not used when it comes accessing the Internet.