Years ago, I was head of a military school that taught, among many other things, computer network defense. We hads lots of unknowing people come through our school and receive our firehose of information over a two-week period. There was way to much information to teach in that time, so we provided a supplemental CD with the full course materials and additional references. I wrote a very basic summary of how to defend your home computer, giving examples and recommendations based on how I was doing things.
That summary is no longer on the school's wesite, but I was able to find a copy here. What follows will be a series of entries that update that material for the intervening 2-3 years. Going back over the information, I am amazed by how much things have changed in the interim.
I will start with a summary of good things to do. The recommendations do not constitute endorsement of the companies involved. The material does not address defending against intentional misuse of your home computers.
The National Strategy to Secure Cyberspace is available at http://www.whitehouse.gov/pcipb/. An article from the Carnegie-Mellon CERT Coordination Center on Home Network Security at http://www.cert.org/tech_tips/home_networks.html goes into significantly greater detail. I would like to claim all the ideas below are mine, but they are just a compilation of best practices and good ideas from many sources. Just like you lock your doors and draw the shades in your house, you should do the same for your computer.
- Regularly update your operating system, web browser, and other key software, using the manufacturers' update features or manual downloads from the manufacturer
- Do not open an email attachment, even from someone you know well, unless you know what it contains
- Configure your computer to show file name extensions so you are certain what type of file you are working with
- Configure your computer to not share files over your Internet connection
- Create a floppy boot disk as part of an emergency recovery plan
- Do not respond to spam email - you are only confirming to the spammer that they have a valid address
- Configure your email software to not use automatic preview in your default Inbox - this may execute an undesired script or applet
- Make regular backups of important data
- Keep a list of the programs installed on each computer with the installation disks in a known location
- Make sure all passwords are strong with: at least eight characters of mixed case, include at least one numeral (not at either end), include at least one special character, and do not include common words; and change them at least every six months
- Keep your passwords written down and accessible so you will be likely to continue using strong passwords
- Run all wireless networks with WEP/WAP enabled and treat your boundary security as if you were wired
- Be aware that email and the web is not the only connection to the Internet you may use - check for instant messaging (IM) and chat (IRC) programs also
- Use a firewall to protect all your computers all of the time
- Configure the firewall correctly to restrict the maximum number of avenues into your machine (do not assume the manufacturer defaults are correct for your situation)
- Configure the firewall to operate in stealth mode
- Ensure the firewall will email alerts and logs to an account that you monitor
Virus / Adware / Phishing
- Install anti-virus and anti-adware software on every machine
- Configure the software to automatically download updates at frequent intervals
- Configure the anti-virus software to automatically scan the computer daily for viruses (optimally after the update check)
- Manually scan disks with anti-virus software before you use disks from an outside source, including manufacturer's installation disks
- Manually scan with anti-virus/anti-adware software when you suspect you may have been infected
- Do not forward any email warning about a new virus since it is likely a hoax or outdated