You never know who in your neighborhood is up to no good.

Don’t let computer security and home data management overwhelm you. Take baby steps. When I made the initiative to secure our home computers I first tackled the wireless network by using a strong pass-phrase with WPA2 (AES if you have the option). Then I focused on getting backups that operated automatically saving my changes every few hours. Then I focused on locking down the computers.

1. Use a Router

Get a router for your home network. Don’t just hook your computer up to a cable or DSL modem. A router provides the first line of defense against the bad stuff. Some modems are routers. Check your computer’s IP address and if it is 192.168. something then you have a router (sometimes 10.something as well). To check to see how the world sees your connection visit: www.grc.com/shieldsup.

Be sure to disable UPnP and change your default SSID and admin password. There are hacks that can allow people access to your computer if you don’t change those settings. (If you have an XBox or PS2 that requires UPnP, search around for solutions, it is not a good thing to leave UPnP running. You can find solutions online for static port forwarding)

Finally, disable WPS (WiFi Protected Set-Up). For the reason why, see the WPS Note below. WPS is used so that you can press a button on your wireless router and sync a device such as a printer or phone to your network without having to enter a nasty (but secure!) pass-phrase. You only connect a device once, if you want to do it the easy way, turn WPS on, connect your device, then turn it off, at least until there is a fix.

WPS NOTE – January 9, 2012: There is a vulnerability in one of the options you have with WPS (WiFi Protected Set-Up), the method by which you can press a button on your router and sync a PIN to your phone or printer to easily connect. More information about the WPS issue can be found on the Small Net Builder website. Short of the matter is if you can disable WPS, do so. Unless you want to go the short route and connect devices to your home network with one button you don’t need it anyway. I am dismayed that a few vendors (Linksys/Cisco) do not have this option. I do hope router firmware is updated soon.

2. Use WPA2 on your Wireless Home Network

Secure your wireless network! This should really be number one, but in reality, if you don’t keep any one of these 5 commandments, it all crumbles. Make sure your wireless network is set to WPA2 and provide a good network passphrase (use a 63 character one!). Setting your Broadcast SSID to not broadcast or filtering by MAC address doesn’t really provide security. Use WPA2 (WPA2 w/ AES if you’ve got it) and a strong passphrase. WEP can be cracked in under a minute.

A good WPA passphrase looks like this:

ZYMNzZ96ccz086XQY7BQHVUGLVOu

If you are paranoid (like me) a better WPA passphrase looks like this:

umGBy4uTA59rLPDrFVLEiD1ozSN5B9P65CHLWo68FPzDm0Ac641ELoHZutU2rEx

If you are truely an insane paranoid individual (not like me) a really, really strong WPA passphrase looks like this:

47`$'&OY-]e>ghlB^IjZc1wrfsnWv0h^9qd\X9Kv/eUk1ODMxK|aOD~nw:<da{l

Why? Because computers are fast at trying all keys. An attack may start with 1, then try 2,…. AA, AB, AC….. GHEa, GHEA, etc. The longer you make it the longer it takes for the computer to try all of the possibilities.

It is the same as giving a hacker a key chain with a billion keys in which only one is a match to your house. Give them 10 keys and they will try all ten and figure it out quickly. But, give them a billion, they will say “forget this!” throw your key chain to the ground, and run to your neighbor’s house where the door is probably unlocked. GRC.com has a great random password page. Get one from there and save it in a text document on your computer. You only have to configure your network and devices once, so just copy and paste from that document, there is no sense in using a remember-able password. Just set it and forget it. (You’d forget the 8 character one anyway, might as well make it secure.)

WPA2 is not cracked: WPA2 is not cracked despite what you may read on some blogs, these are misconceptions and attention-getting headlines. Yes, it can be brute forced using a dictionary attack, but if you are using a long random pass-phrase (like a 63 character one) and not a word seen in the dictionary, you will remain secure. Also, the WPS (Wireless Protected Set-Up) vulnerability mentioned earlier on this page, is not part of WPA2. Once WPS is fixed, or if WPS is disabled on your router, you are back to being secure.

3. Get Virus Protection

Get virus protection and keep it up to date. If you are a University of St. Thomas Staff member virus protection is free through a program called Symantec Endpoint Protection. Download Symantec from the IRT Web site or contact IRT for details.

There are two FREE anti-virus programs that I recommend. Microsoft Security Essentials (www.microsoft.com/security_essentials) and Avast (www.avast.com). There are other supposedly free programs out there, but most are just scareware. (The pop up that comes up saying “You are infected download XYZ now” while you are browsing the internet is an example.)

No. I do not offer support for installing or maintaining programs.

4. Back-up your documents

This isn’t really security, but your documents and pictures (and MP3s) are very valuable to you. In the event of a computer crash, fire, natural disaster or theft you would hate to lose them. Store them in one location on your computer (My Documents or an external hard drive) and create regular back-ups. Get an external hard drive (about 500GB should be good) for your backups.

In addition to the backups you have on your external hard drive, I REALLY recommend off-site storage as well. In the event your computer is lost, stolen, taken by a tornado, or the back-ups didn’t work, it just gives you piece of mind when they are still safe in another location.

I recommend either Jungle Disk (www.jungledisk.com) or Carbonite (www.carbonite.com) for your off site backups. Again, I HEAVILY recommend (encrypted) off-site storage in one form or other just because of the possibilities of a natural disaster. Our town recently had a tornado devastating a neighborhood 20 blocks north of us. It really woke me up to the need of off-site storage. Also, when my back-up drive failed I could still sleep at night knowing that there was another backup I could rely on.

With backups, if you ever loose your data, or you get a virus and you need to wipe your computer clean, just reformat and re-install the backup. Be sure your backups are in good working order though. I’ve been bit once by a backup that was corrupt. I lost 9 months worth of pictures and video of our son when he was one. I now use a different backup structure and get stuff on DVDs more often.

5. Use Strong Passwords

Use a good password. There are password analyzers out there that will tell you if your password is weak, good, or great. Minimum is 8 characters, I would recommend 10 or more. Combine words and numbers, throw a period or dash in there for good measure. If you write them down, put them in a safe place, like a SAFE. There are password key chain applications out there, but make sure you are using a good one. Never let IE or Firefox store your passwords but I can recommend LastPass for your password management needs.

More About Security

I’m not an expert, but many of these tips I learn from my job, classes, and about 90% are from listening to Security Now! with Steve Gibson and Leo Laporte.

About Chad Leigh Kluck

I enjoy technology development and management by following new trends, change and disruption, and security. I have a Master of Science in Software Engineering and my hobbies include railroads, history, do-it-yourself projects, writing, and ham radio (K0RRX). More...

I enjoy comments and feedback. Let me know if you have anything to share with me like stories, pictures, or other media. You can also contact me directly via the contact form. I'd love to hear from you!

Leave comments or feedback