Digital Protection Required Today- A Checklist
- Red Atom Networks's blog
- Login or register to post comments
- Email this page
- Printer-friendly version
ShareThis
More and more elements of our daily lives are digital and online. We communicate with the computer, pay bills, do our taxes, store valuable info and many other tasks. There seems to be a steady stream of new devices that need access to our computer networks- iPod's, video games consoles, cameras, net books, music players, etc. There's also a steady stream of new users wanting to get on our networks- kid's friends, relatives that visit, colleagues that need to collaborate at the kitchen table, etc. Criminals know all of this and are smart enough to know that most of us aren't protected as well as we need to be in this day and age.
Our networks, computers and lives are open doors to cyber crime, viruses, malware, identity theft, credit card fraud, hackers and worse. It's even worse when we are using a laptop from a public wi-fi hotspot like at Starbucks or when travelling. How do we protect ourselves, our children and our digital assets when online?
Here's the Red Atom Networks' checklist- not comprehensive, but most of what you need:
Computer Requirements-PC/MAC:
|
- Physical security of computer so it isn't stolen - Firewall enabled - Anti-virus software enabled, up to date and set for automatic updates - Anti-spyware software enabled, up to date and set for automatic updates - Automatic updates enabled for operating system - Remote control application installed and configured for remote access- e.g. LogMeIn - Remote control application installed and configured for remote support- e.g. Zoho Support - Screensaver enabled with password - Login password enabled - All passwords appropriately strong (see these guidelines ) - Create multiple user accounts as needed and secure with the appropriate limited/ full use capabilities - Log in and use a limited use account as the primary account instead of the administrator account (default) [this is controversial but the more secure way to do it- if it's inconvenient, then skip it] - Disable file and print sharing unless needed and secured - Routine cleaning/ maintenance utility installed and configured to run at startup- e.g. CCleaner - Wake-On-LAN (WOL) enabled in bios and network card to support remote access - Static IP address set as appropriate instead of DHCP - Ensure all computers are on the same network name- e.g. WORKGROUP - Network connections to other devices, e.g. network storage (NAS), configured to reconnect on startup - Backup software installed and configured - Browser bookmark manager installed and configured [recommended] - Browser password manager installed and configured - Keep the browser default settings - Private files protected with a password or within an encrypted folder- e.g. with TrueCrypt - For laptops, hard drive startup password set [usually a bios function for the user] - For laptops, Virtual Private Network (VPN) software installed and configured - For laptops, connection manager software installed and configured for automatic secure connections- e.g. Thinkvantage Access Connections - For laptops and other mobile devices, make sure it is physically secured so it isn't stolen- e.g. locked car trunk |
Network Requirements:
|
Secure Private Side of Network- Router Requirements --- - Physical security of network components to prevent tampering or theft - Change admin ID and password - Use a small DHCP range to cover just the needed devices (see next) - Use static IP addresses with a MAC address filter table to ensure only approved devices can access network (see previous) [mobile devices like laptops typically use dynamic IP assresses for convenience] - Firewall enabled - Use a meaningful SSID to you - Don't broadcast the SSID- keep it hidden - Update the firmware in the router - Enable VPN server (if available) with client access for remote users- e.g. laptops - Enable client isloation if available - Enable logs - Don't enable remote admin - Enable appropriate services as needed- e.g. UPNP - Configure OpenDNS on router for online protection [recommend 'Moderate' setting] - Enable and configure dynamic DNS (DDNS) on router and with service- e.g. DynDNS - Run wireless in mixed mode if needed depending on clients - Enable wireless security, either WPA2-PSK or WPA-PSK-do not use WEP- use AES or TKIP encryption as available - Document the IP ranges, gateway name, net mask, channel, etc. - Document all computer names on network and their corresponding network settings - Export the completed configuration as a file and save - Set up external uptime service with an alert to notify you if your network is down- e.g. Site24x7
Secure Hotspot Side of Network- Guest Access- Router Requirements ---
- This router may be a completely different additional router to the other -Use an entirely different IP range than the secure network- e.g. if you use 192.168.0.x above then use 192.168.1.x with the hotspot for example - Use a different SSID name than above- e.g. 1234guest- don't broadcast it either - Use a different channel than the above router
With both router setups, ensure consistent and even coverage of the wi-fi signal strength in relevant areas of your home or business with a simple site survey. Adjust settings or add wireless access points (WAP) or other networking equipment to complement and enhance the coverage. |
Network Storage Requirements:
|
Every home should have a network attached storage device (NAS) to which every computer in the house backsup its files. This NAS is also the primary storage location for all digital assets- photos, videos, movies, music, documents, etc. Think of it like a central place that's the showbox for your photos, file cabinet for documents, closet for movies and videos and shelf for music. As a central place for storage of all digital things that are important to you, it is also a single point of failure and loss. It needs to be secured and protected.
NAS Requirements --- - Physical security of NAS- lock it up - Enable an automatic offsite backup with a known and reputable online provider (follow the 3-2-1 rule ) - Enable RAID1 across multiple hard drives in the NAS for redundancy - Enable DLNA/ UPnP for media streaming - Password protect the administration and access to the NAS - Restrict access to private documents, folders or backups - Restrict the ability to delete files |
Everything needs to be documented and then this documentation secured from prying eyes. Red Atom Network clients will find their documentation in our secure online project vault .
This is not comprehensive, close, but there are likely other settings that various experts would add or change. These are the core requirements that we use to make your network and home computing environment secure, fast and reliable while protecting you when online.
Don't forget about your behavior online as well- use common sense when shopping online, opening email, clicking links, etc. Don't open any attachments from people you don't know or aren't expecting to send you something. Don't give out your personal info unless you're sure who it is you're giving it to. Know when not to allow a application to access the firewall. Talk to your kids about online safety and make sure they know about the network so their friends access the hotspot and not the secure side.
Red Atom Networks can do all of this for you so you don't have to go it alone. It's probably not your expertise, but it is ours. Contact us to secure your digital door and protect your digital assets.
    |
    |
- Value of Connected Appliances
- NEWS: Rackspace Partnership Announced
- NEWS: AMCEST Central Station Partnership Announced
- HDMI Explained Finally
- This Isn’t Your Mother’s Kitchen
- Getting Started in Home Control and Automation
- Higher Prices: Are Specialty A/V Dealers Ripping You Off?
- Will Consumers Pay for Energy Management?
- Comparing 3D Systems
- Is 3D Struggling to Become Mainstream?
Give and Get. Find out how.
Great Sources for Information