Security Essentials for the Home Network
May 2, 2001
Security should be just as much of a concern for the home user as it is for the corporate user. If major
Internet companies cannot protect themselves how does the home Internet user plan to do this.
Interesting enough, most "out of the box" computers that are purchased for the home are much more
secure then the corporate and government multi-million dollar computer systems. I will show you what
we can do to with some basic security precautions to protect the home network and why security is so
important on a home network.
The basic security management model:
This includes three critical characteristics of information, also known as the Confidentiality, Integrity and
Availability (Infosec) triad (CIA Infosec Triad). This will be the focus of what actions were trying to
prevent from happing and the protection of information on your computer system.
Confidentiality is the ability to contain information to those unauthorized to view and to protect against
the disclosure of information where it could be damaging. This would include keeping information
private or secret. Confidentiality can be obtained by keeping information secure and preventing
unauthorized access to such information.
Integrity is the quality of information that identifies how closely the data represent reality. This is the
ability to keep information from being changed by unauthorized users and that the information is
complete and unchanged. Unauthorized modification of log files or getting a virus that makes changes
to files is a form of an integrity attack.
Availability goes hand-in-hand with confidentiality and integrity. Availability is the ability to provide
authorized users information when it is requested or needed. A power outage or viruses that crash a
computer system are some examples of an availability attack.
Confidentiality, integrity and availability are the prevailing conditions that provide us with the theoretical
basis for our basic security management model.
So who and where does the actual threat come from? Some people refer to them as hackers, crackers,
cyber vandals, script kiddies and even those that you know and think you trust are all a threat. Just
about anyone on the Internet can be and should be considered a threat until you can build a trust while
at the same time protecting your self. Most are just curiosity seekers known as script kiddies. Script
kiddies will use utilities or scripts to exploit known vulnerabilities. These utilities/programs are highly
available anywhere on the Internet. The script kiddies will download these utilities and use them having
no idea what they are actually doing. Just a point and click game. These people do not have to be well
educated or an expert computer user to do damage. Then you have the actual hackers and crackers,
which will find new exploits. So there is a real threat out there to deal with. With more people
connecting to the Internet everyday whether it is with a dial-up, DSL, cable modem or another type of
broadband connection to the Internet, you many have unknowingly made your computer an easy target
on the Internet. Especially for those that have an always-on Internet connection such as DSL, cable
modem or any other type of broadband. Computers with always-on connections are much easier for
hackers to find on the Internet and chances are that your computer will be scanned, probed and
attacked regularly and even compromised.
Know your system. Do not install or run applications that you are not familiar with. If you are unsure on
how to properly setup or configure an application especially the ones that connect to the Internet
contact the software and or hardware manufacture for technical assistance. With out the proper setup
and configuration off software or hardware you can make your self even more at risk. Update your
computers hardware and software with the latest updates and security patches. Keep in mind that
software applications must be maintained on a regular basis as well.
Make Backups of your computer system on a regular basis. Verify your backups to ensure that the
backup had actually been done and that the backup media is readable. Back up critical information and
any files that were created or modified outside of the default installation of the software programs that
were installed. Attacks, bugs, natural disasters and unintentional as well as intentional deletion of files
are unpredictable. In the event that you were attacked or compromised you can use your backups to
compare your computer files with the backups and restore your computer to a stable state. If you value
the data on your computer system, backups should occur on a regular basis.
Install a personal firewall. A personal firewall will help protect your computer from unauthorized access.
The personal firewall will provide you with information regarding the types of attacks as well as how to
strengthen your computer against future attacks. Having a personal firewall in place can help limit the
amount of damage an attacker can do to your system. A personal firewall can be used to monitor or log
all communications coming in from the Internet as well as communications going out to the Internet.
When using a personal firewall you should configure it to suite your personal needs. Do you really need
a personal firewall or intrusion detection system? If you do anything on the Internet the answer is yes.
You should just ask your self, these questions to justify the use and purchase of a personal firewall.
Does your computer ever connect to the Internet?
Do you log on to a corporate network using a VPN or dial-up connection?
Trade stocks on-line?
Play interactive games?
Purchase items on-line?
Chat with friends on-line?
Do you or will you allow your computer’s files to be accessed remotely across the Internet?
Do you operate any type of Internet server such as a Personal web server, ftp server, peer-to-
peer file sharing such as Napster, Gnutella?
Do you use any type of internet-based remote control applications such as PCAnyWhere,
Do you want to properly and safely monitor your Internet connection for intrusion attempts?
Do you want to preemptively protect your self from compromise by "inside the wall" Trojan
horse programs like NetBus, Legion, Back Orifice, Sub7?
All of these typical Internet activities dramatically increase your risk to being attacked. Hackers love to
prowl the Internet looking for unsuspecting victims. They especially like users with dedicated
connections such as DSL and Cable modem’s. If you have answered yes to any of these questions
then you will want to look into the purchase of a personal firewall. Here are some names of the most
popular personal firewalls. Some of the personal firewalls listed below are free for personal use.
BlackIce Defender http://www.networkice.com
ConSeal PC Firewall http://www.consealfirewall.com/
Internet Guard Dog http://www.mcafee-at-home.com
McAfee Firewall http://www.mcafee-at-home.com
Netwatcher 2000 http://www.moonlight-software.com
Norton Internet Security 2001 http://www.symantec.com
Norton Personal Firewall 2001 http://www.symantec.com
Sygate Personal Firewall http://www.sygate.com
Tiny Personal Firewall http://www.tinysoftware.com
VirusMD Personal Firewall http://www.virusmd.com
Install anti-virus software. Anti-virus software should always be installed and regularly updated on any
home computer. After installation of your anti-virus software, update your anti-virus software
immediately. Most anti-virus software is signature based and with out having the latest anti-virus
signature updates installed your anti-virus software will just give you a false sense of security. This is
why anti-virus software is only as good as the latest updates, which were applied. Anti-virus software
must be maintained on a regular basis. Most anti-virus software will allow you to schedule the anti-virus
software to automatically retrieve updates. According to Network Associates more then 500 new
viruses are discovered monthly.
According to McAfee’s "Anti-Virus Tips" located at http://www.mcafeeb2b.com/naicommon/avert/avert-
This is a list of Virus Detection and Prevention Tips:
1. Do not open any files attached to an email from an unknown, suspicious or untrustworthy
2. Do not open any files attached to an email unless you know what it is, even if it appears to
come from a dear friend or someone you know. Some viruses can replicate themselves and
spread through email. Better be safe than sorry and confirm that they really sent it.
3. Do not open any files attached to an email if the subject line is questionable or unexpected. If
the need to do so is there always save the file to your hard drive before doing so.
4. Delete chain emails and junk email. Do not forward or reply to any to them. These types of
email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
5. Do not download any files from strangers.
6. Exercise caution when downloading files from the Internet. Ensure that the source is a
legitimate and reputable one. Verify that an anti-virus program checks the files on the download
site. If you're uncertain, don't download the file at all or download the file to a floppy and test it
with your own anti-virus software.
7. Update your anti-virus software regularly. Over 500 viruses are discovered each month, so
you'll want to be protected. These updates should be at the least the products virus signature
files. You may also need to update the product's scanning engine as well.
8. Back up your files on a regular basis. If a virus destroys your files, at least you can replace
them with your back-up copy. You should store your backup copy in a separate location from
your work files, one that is preferably not on your computer.
9. When in doubt, always err on the side of caution and do not open, download, or execute any
files or email attachments. Not executing is the more important of these caveats. Check with
your product vendors for updates which include those for your operating system web browser,
and email . One example is the security site section of Microsoft located at
10. If you are in doubt about any potential virus related situation you find yourself in, contact avert
at one of the locations listed here, http://www.mcafeeb2b.com/avert/avert-research-
Here are some names of the most popular anti-virus software
Computer Associates InoculanIT http://www.ca.com/
Dr. Solomon’s Virex http://www.mcafee-at-home.com/
F-Secure Anti-virus http://www.fsecure.com/
McAfee VirusScan http://www.mcafee-at-home.com/
Norton Anti-virus http://www.symantec.com/
Install Encryption Software. You can use encryption software to encrypt sensitive information on your
computer such as financial information, documents, email and even your actual network connection. If
you have encrypted your sensitive information and in the event your computer is compromised the
information that is stolen can be virtually useless provided that the thief does not know your encryption
key. For this reason even with the best pieces of security mechanisms in place, sensitive information
should always be encrypted using an encryption mechanism that is hard to crack. By using some type
of strong encryption software such as Pretty Good Privacy also known as (PGP) you can ensure that
your sensitive information will not be compromised in the event of theft.
By taking some simple security steps and precautions you will be able to secure your home computer
from unauthorized access, protect against viruses, keep sensitive information secure, recover your
computer system and prevent attacks from doing damage.
1. Garfinkel, Simson and Spafford, Gene. Pratical "Unix & Internet Security 2 Edition." Sebastopol:
O’Reilly & Associates, Inc, 1996.
2. Anonymous. "Maximum Linux Security." Indianapolis: Sams Publishing, 2000.
3. Unknown. "Anti-Virus Tips." McAfee.
URL: http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/anti-virus-tips.asp (2 May
4. Leonhard, Woody. "The New Internet Security Threats." Ziff Davis. 12 June 2000.
URL: http://www.zdnet.com/filters/printerfriendly/0,6061,2577904-45,00.html (19 May 2001)
5. Thorsberg, Frank. "Is your PC open to attack?" CNN. 17 May 2001.
URL: http://www.cnn.com/2001/TECH/internet/05/17/zombies.idg/index.html (18 May 2001)
6. Unknown. "NSTISSI No. 4011, National Training Standard for Information Systems Security
(INFOSEC) Professionals." National Security Telecommunications and Information Security. 20 June
URL: http://www.nstissc.gov/Assets/pdf/4011.pdf (7 May 2001)
7. Unknown. "NSTISSI No. 4009, National Information Systems Security (INFOSEC) Glossary."
National Security Telecommunications and Information Security. Sept. 2000.
URL: http://www.nstissc.gov/Assets/pdf/4009.pdf (7 May 2001)
8. Armstrong, Illena. "Detecting Viruses in Real-Time." SC Info Security Magazine. May 2001 (2001):
25 – 35
to top of page | to Home & Small Office Computing | to Reading Room Home