10 security steps for home users

Companies and home users are definitely different entities with different approaches to computer security. Not only are some of the items different, but the solutions as well. What is important to a business may not be important at all to a home user, and the reverse is true as well. Home users value system performance, ease of use, stability, security of their personal data, and security with their identities. Home users can both be the hardest to break into and the easiest to break into, from a security standpoint.
Not every home user is technically inclined or even wants to learn to use new programs and such for being secure. For this reason, many of the best pieces of advice for home users is behavioral. Rather than “learn Linux and implement a highly guarded firewall” most users will read that and not even try. That’s just too much effort to ask of most people.
You can also go crazy trying to keep up with the latest security news, updates, vulnerabilities, and patches. But why bother? Unless you’re a geek or an IT professional, there is no reason to spend personal time being paranoid. Instead, home users can benefit from education and careful habits when working or playing on their computers.
For homes user, I assume the user is just operating one or a couple systems for the primary purpose of surfing the web, gaming, entertainment, and personal uses. No servers, web servers, mail servers, etc, are assumed. Once you get real servers with open services, the game changes quite a bit, and most home users do not do those things anyway.
1. Backups. Always back up important data to a second hard drive or system. If possible, do it twice and keep one set offsite somewhere. Windows has built-in mechanisms for automatic backups, but if you don’t mind doing it, at least just drag-n-drop all the important stuff over. Imagine if your hard drive dies in the next hour and no data is recoverable. What is your pain? What will you miss? What cannot be recreated? Back that up. USB or Firewire drives are cheap and easy to get. Buy a spacious one and use it for backing up data regularly. If you can back your data up to a drive stored offsite or in a fireproof safe, that is even better.
2. Firewall or NAT the Internet link. Actually, it is much easier and more common for home users to simply operate behind a NAT device such as a typical cable router or wireless router from Best Buy. That is typically enough, but if the opportunity is there, run behind a Linux firewall, either iptables or SmoothWall/IPCop or something. This one step is enough to stop any curious Internet-side parties from getting into your systems. If you’re not sure if you are protected by a NAT device, ask someone you know to check, or call your ISP and ask their support if they know. Be ready to let them know what your cable modem or DSL router model is. If you are not behind a NAT device, ask about how you can implement one. Most ISPs have recommendations and instructions on this.
3. Turn on Windows Automatic Updates. Every now and then perform a manual Windows Update, but otherwise just turn on Automatic Updates to automatically download and install on at least a weekly basis at a time when the computer will be on (like 8pm or something). Not only will this apply necessary patches, but can enhance or fix features like wireless options.
4. Practice safe computing. Do some common sense things to stay safer online. First, don’t install every new and neat free program that tells you to install something or that you need something. Chances are, there is a reason it is free and enticing. Treat it like you would any advertising on television or radio and just be wary. Second, do not open any email attachments that are not sent from known people and are expected. Just delete those emails. Likewise, do not click on any links in emails unless from known people and the email is expected. when in doubt, just delete the message or type in the address to your web browser as opposed to copying it or clicking it. Third, do not frequent questionable sites, especially when using IE. If you are visiting a site you wouldn’t want your parents or kids to know you were visiting, chances are you shouldn’t be there. Avoid that darker and more dangerous side of the web. Fourth, always close pop-up windows. Never click inside them or respond to ads on sites. Just never do it. Fifth, if possible, use only one credit card for online purchases, keep the credit limit as low as you can while allowing you to do what you need, and always go over the monthly statements.
5. Protect your passwords. Write down all your passwords and put them someplace safe, but easy to get to while at your computer. I know, many security people will look aghast at this suggestion, but when it comes to home users, there is little real reason to trouble people with anything more complicated. Get an envelope and write down your passwords on paper inside it, and keep it tucked safely into a drawer or even inside a book. I suggest making two copies of this and storing it somewhere offsite, especially if you do lots of banking and other monetary things online. You don’t want to lose your accounts because you lost your passwords in a fire or something. I do suggest not sharing passwords amongst spouses, roommates, or even your kids. Don’t let them find or use those logins. Also, do not use the same password for everything. I find it best to have 3-7 different passwords. For anything you don’t care about, use your first password. For more sensitive things, use other passwords. You can use multiple, but just think if one password is swiped by a hacker and is linked to your email account which has the same password. You can’t usually protect yourself from lost accounts on various websites or even forums. They may be run be unethical people or they may be victims themselves of a break-in that divulges your personal information. More technically inclined users can look into using a program like PasswordSafe to store their passwords securely on their computer. Be sure to make a backup of the storage file.
6. Don’t use Outlook or IE. Yes, IE and Outlook are easy to use and everyone uses them, making getting informal support painless. But just like ease of use is high for users, ease of use for malware is even higher. IE has had holes for years, unpatched, deep holes, and will continue to have them because it is so deeply married into Windows itself. Ask any IT pro to uninstall IE for you, and you will get the wide-eyed response that they can’t. To make an analogy, IE is so deeply rooted into Windows, you cannot separate it out. That’s dangerous, and Outlook is no better. Instead, use something less mainstream and exploitable. I recommend Firefox as default web browser and Thunderbird as an email client. Both are free, easy to use once someone opens their mind up and accepts a little bit of change, and suffice for 98% of everything users do with email and web surfing. This software switch will nearly eliminate the risk from email worms (although will not stop spam or malware attachments designed for the user to execute as opposed to running from a preview pane or through Outlook’s tools) and drastically lower adware and spyware infections from web surfing.
7. Run antivirus software. Many new computers for most users come with antivirus software. Be sure it is set to update automatically, and pay for the protection if required. For somewhat technically inclined home users that practice safe common sense computing, this software may not be entirely necessary, but I suggest it for decent protection, detection of most malware, and peace of mind. I suggest F-Secure or Kaspersky as opposed to Norton or McAfee, but chances are the latter two came with the new PC. If so, stick with what is pre-installed. And yes, make sure it downloads new updates or signatures on a daily basis.
8. For wireless at home: secure your wireless. If you run wireless at home, be sure it is secured by at least WEP encryption. If available, use WPA encryption. This will prevent a huge majority of neighbors from hopping onto your wireless connection. Not only can they use your Internet link for their own traffic (legal or illega), but they can also probe at your network and computers and sniff your traffic if they get on. And yes, trust me, young adults and kids are curious creatures and will try these things if they have that sort of knowledge. Turning on encryption will prevent any but the most determined attackers.
9. For laptop users: be paranoid when at hotspots. Lots of people get fancy with recommending Tor even SSH proxying for secure access at wireless hotspots. But lets face it, only the technically inclined bother with such things. For all other users, just assume the wireless hotspot is not a safe network. Do not stay on wireless hotspot networks for too long. Do not log into email through Outlook or Thunderbird when at a hotspot. Do not log into a website that is not SSL-enabled. If you use IM, assume your conversations are being read by someone sitting near you, and, in some cases, assume they now have your login account and password. If you do not go to hotspots very often or you had to chat in IM or check email, once you get home immediately change your passwords for those systems. Hotspots are fun places for geeks like me who are curious about other people, and for people who would love to do you harm or mischief. Be safe when not at home. Now, what counts as a wireless hotspot? Any wireless network that is not your home network.
10. Get help. Like mentioned for small businesses, home users will benefit the most by befriending technically inclined friends and family, or even paying for the service of a home consultant or contractor to help you out. Always be nice to your experts, though, as we do tend to get tired of high maintenance users, especially if we’re not being compensated for our time. I strongly suggest just asking your technical friends questions as opposed to asking them to actually do things for you. You can get really good return, though, for paying someone a little bit of money to spend an evening or some hours tuning your system and giving you some education on what the best things to do are. All the steps above are either behavioral (education), one-time deals where you set it up and that is it, or a few that require some additional changes or on-going action. Spend some money, hire up someone on the side that knows their stuff. If nothing else, befriend them and make a night of it with pizza, beer, and maybe hang out for a movie or something while they do their wizardry.
PS: I added a “1/2” extra step in a later post on getting to know how to reinstall your operating system.