Home Network Security

Here are some notes I made for various people about network security and combatting SPAM in a home or SOHO situation. It's quite a long list but hopefully it can prove useful.

Personally, I use the anti-SPAM service at www.SpamCop.Net. It's very reasonably priced and highly effective. I also use Norton Internet Security for both anti-virus and firewall solutions, together with a Linksys router.

NETWORK SECURITY MEASURES

0) If you are a Windows user, make sure you also visit www.microsoft.com/security and preferably run through their suggestions.

Make sure you also visit www.microsoft.com/windowsupdate unless you are still using Windows 98 or ME, when you should visit www.microsoft.com/windows98/ or www.microsoft.com/windowsme respectively.:

1) Always use recommended format passwords:

• At least 8 characters long.
• Contain no proper words.
• Always different to your previously used passwords.
• Contain at least three numerics, one special character if allowed, and mixed case characters.
• A good example:

A7B_59bQz

• Bad examples:

- your name
- "password"
- your pet's name, wife's name, etc.
- your birthdate
- etc.

2) Get a router:

• Study the manufacturer's handbook.
• Set the Admin user ID and password to something unique.
• Change the default gateway address and network.  For example, do not use a network mask such as 192.168.0.0/255.255.255.0 or 192.168.1.0/255.255.255.0.

3) Get a quality Anti-virus product and maintain a current subscription for automatic updates. (See also next point: the most popular anti-virus products also come packaged with a firewall).

4) Get a quality Firewall product and maintain a current subscription for automatic updates:

• Block everything until you allow it.
• Always block any inbound ports you are not using.
• Always block File Sharing ports (137, 138, 139, and 445) both inbound and outbound except on your local network.

5) Keep your system up-to-date:

• For example, use Window Update automatically, or OSX System Update for Macs.
• Always apply any bona fide recommended security fixes.
• Upgrade your Windows 95/98/ME system to Windows 2000 or XP if at all possible (you might need a faster computer).
• Preferably use Mac OSX (generally provides much better security than Windows).

6) Download and use Firefox, Netscape, Opera, or Mozilla as your default web browser rather than Internet Explorer on Windows:

• Prompt for execution of Java applets and ActiveX controls.
• See also the next three points.

7) Enable advertisement filtering and pop-up blocking.

8) If you must use Internet Explorer, also use an quality anti-SpyWare product such as Ad-Aware or SpyBot Search And-Destroy regularly.

9) Virus scan your entire system regularly.

10) Regularly back up any data that you do not want to lose, including e-mail logs, and practice how to recover your system.

11) Do not use pirated software.

E-MAIL SECURITY AND ANTI-SPAM MEASURES

0) If practical to do so, only check your mail at your ISP's web site  (most ISPs support this).

1) If you must use an e-mail client program to download messages to your computer, avoid using Microsoft Outlook if possible, and consider using SSL ports to send and receive e-mail if your ISP supports this (most do).

2) Use automatic SPAM-filtering if your ISP supports it (most do), or else use a service such as SpamCop.net.

3) Report SPAM.

4) Disable automatic script handling and opening of attachments in your e-mail client program.

5) Always check the mail headers of any message from a sender that you do not recognize. For example, in Outlook, select the message in the mailbox list, right-mouse click, and review the "Options" to validate the sender.

6) Never open e-mail messages if you do not know who they are from: discard them immediately.

6a) Avoid using Outlook mail preview for unchecked messages.

7) Never open any e-mail attachment unless you have validated and preferably virus-scanned it first.

8) Never click on a link in an e-mail message unless you know it is bona-fide. Instead cut and paste the link into your browser and make sure that it is not redirected or morphed. (In some e-mail client programs you can also "View source" on HTML-format messages in order to check that a link is valid.

9) Never provide any personal information in a web form linked to directly from an e-mail message.

10) Always report any suspected abuse promptly, including suspected fraud.

That's about it for now.  Obviously I can't guarantee to answer questions on the above, nor can I accept any responsibility for damage or losses that might occur.

Document last updated 2005-03-22. Edited 2007-08-25.