Layered Security Basics

I get asked over and over about how to stay safe with computing. After all, my business is keeping my clients safe after cleaning up their computers and networks. My system and recommendations work. Typically, I don’t get much repeat business for spyware and viruses. When I “fix” a computer and give my customers the safety rules, I typically don’t hear from them again unless they upgrade or recommend me to a friend.

The following information is the same speech I give to everyone, and have written about in the past. It provides all the information you need to keep your pc’s and networks safe and running smoothly. I will update this one periodically.


Security Layers

Safety and security is a layered process just like your home. There is no one simple thing can solve every security problem. No matter what the marketing hype from Norton or McAfee or TrendMicro says – they are in the business of selling you products and not really keeping you secure. Windows XP and Vista certainly aren’t safe by themselves, and actually neither is a Mac or Linux box. You have to employ layers of security.

Common Sense

The first layer of security is common sense. No amount of hardware or software protection is going to help if you ask for a virus or ask for spyware. That’s right – if you get a virus or spyware then you asked for it. Maybe it wasn’t intentional, but you asked for it. So the first thing is to use common sense.

For instance, I will never send you an email that has one line that reads: “Open this attachment now!”

I’m as long-winded in email as I am in speaking or blogging. If you get a one-line email from me, then it was most likely spoofed and is a phishing scheme or attempt to get you to install malware.

NAT Router

The second layer of security should be your NAT (network address translation) router. Otherwise you are bare naked and bent over to the world. The DHS (Department of Homeland Security) and CERT have provided a basic list of home network recommendations.

It is incredible that I still encounter about 70% of home users with a cable connection and no router. That is way too dangerous and accounts for a large part of my business. I have clients who were on a cable modem with their business pc directly attached running XP SP1 and confidential customer information on the pc. That’s a huge problem.

FireFox – Not IE

One of the most important layers is to use Firefox and quit using Internet Explorer. It is simply one of the largest attack vectors for Windows. IE is tightly integrated into Windows so what attacks IE can more easily attack Windows. Also, Firefox does not support ActiveX controls. It is also open source so we know what is “under the hood” and can more easily ferret out the flaws in the code. With IE we are dependent on Microsoft and we all know how that usually ends up.


The next layer is to run OpenDNS on your network. This simple step will typically increase your internet performance (since most ISP DNS systems are not very robust), and it adds phishing protection and surfing history and control.


The last layer of security should be anti-virus. Why is this down the list? Simply because most viruses, trojans, etc, are designed to bypass detection. A/V companies are several steps behind the bad guys – always. Once Pandora’s box is open, you can’t guarantee anything. That means that if a virus has gotten on your system, then all bets are off on safety even if your a/v software says it was cleaned or quarantined. You get lulled into a false sense of security.


Zombies and Bots

Most computer security threats today are not really designed to crash your computer. Also rare are attacks to “steal your identity.” Most intruders are looking to turn your computer into a “zombie” in order to launch attacks at websites or other computers or networks. Even more common is the fact that most zombies are now created to help send spam out in the background.

Unfortunately, we can’t stop spam and thus the intruders until we take the economics out of the equation. I’m not sure of the current numbers, but worldwide spam accounts for billions of dollars in revenue for the spammers and advertisers.


Software Firewalls Cause Problems

What? Yep – you read that right. You do not need a software firewall when you are behind a NAT router. A NAT router already does stateful packet inspection and acts as a hardware firewall, which is far superior to software. In the end, Norton Internet Securities and other similar bloat-ware cause way more problems and issues than they solve – well they actually don’t solve any.

Hint: Bellsouth’s DSL service provides you with a “modem” that is also a NAT router. For instance, the Westell 6100 is a NAT router with only 1 ethernet port. You can buy a simple switch for less than $20 and connect multiple computers or devices with no configuration!


So what can you do?

  • Use alternative browsers to Internet Explorer such as Firefox, Safari, and others.
  • Run OpenDNS on your network.
  • Follow basic safety such as making sure you absolutely trust an email before opening an attachment or clicking a link.
  • Use Google’s GMail which has a very robust spam filtering system, SSL connections, and online virus scanning.
  • For business email, use Google Apps for your Domain, which provides all the advantages of Gmail under your own domain.
  • Use AVG (free edition for home users) and let it auto-update.
  • Use TrueCrypt for encrypted file containers or encrypting your whole drive.
  • If your computer slows down (software speed, etc), contact me immediately so we can asses what may be wrong.
  • DONT use Norton or McAfee products – you will have a false sense of security.
  • If you have a wireless network make sure WPA security is used. Don’t rely on WEP. It is badly broken.

Computer scientist fights threat of ‘botnets’

CERT® Coordination Center
Before You Connect a New Computer to the Internet

Is It Time to Ditch IE?
Feds say switching browsers is one way to deal with security threats.,117550-page,1/article.html