Protect Your PC with a Defense Strategy
So how do you apply the concept of defense-in-depth strategy to your home network?
You can start by building virtual layers of protection for your network and the computers and other network devices behind it.
1. Purchase and install a Personal VPN account to a VPN-capable wireless or wired router
Virtual Private Networks (VPNs) allow for the encryption of all the traffic entering and leaving your network. They allow you to create a encrypted tunnel which can protect your privacy, provide anonymous browsing and have other great features as well. VPNs aren't just for rich corporations anymore. You can purchase a personal VPN account for as little as $5 a month from sites such as StrongVPN, WiTopia, and OverPlay.
The more sophisticated VPN providers allow you to install their VPN service on your VPN-capable internet router so that every device on your network is protected. Since the router does all the encryption and decryption work, you don't have to install VPN clients or reconfigure any of your PCs or mobile devices. The protection is virtually transparent, you won't notice anything except for some delay caused by the encryption and decryption process.
2. Secure Your DSL/Cable Modem behind a Router with a Firewall
Whether you opt for a VPN account or not, you should still use a network firewall.
If you only have one computer in your home and it's plugged directly into your ISP's DSL/Cable Modem then you are asking for trouble. You should add an inexpensive wired or wireless router with built-in firewall capability to provide you with an additional outer-layer of protection. Enable the router's "Stealth Mode" to help make your computers less visible to attackers.
3. Enable and configure your wireless/wired router's and PC's firewalls.
A firewall won't do you any good unless it's turned on and configured properly. Check your router manufacture's website for details on how to enable and configure your firewall.Firewalls can prevent inbound attacks and can also prevent your computer from attacking other computers if it's already been compromised by a malware infection.
You should also enable the firewall provided by your computer's operating system or use a third party firewall such as Zone Alarm or Webroot. Most computer-based firewalls will alert you of applications (and malware) that are trying to communicate to devices outside of your network. This could alert you to malware trying to send or receive data and allow you to shut it down before it does any damage. You should also periodically test your firewall to make sure it is doing its job
4. Install antivirus and anti-malware software
Everyone knows that virus protection is one of the basics that no one should be without. We all groan at paying $20 a year to update our antivirus software and many of us let it lapse. If you don't want to shell out cash for AV you can always opt for some of the great free products that are available such as AVG and AVAST.
Besides antivirus software you should also install anti-malware software such as MalwareBytes which checks for malware that is commonly missed by many antivirus programs.
5. Install a second opinion malware scanner
You should always have a secondary malware scanner because even the most popular antivirus / anti-malware scanner can miss something. A second opinion scanner is worth its weight in gold, especially if it finds something dangerous that your primary scanner missed. Make sure the secondary scanner is from a different vendor than your primary scanner.
6. Create strong passwords for all your accounts and network devices
A complex and lengthy password can be a real turn off to a hacker. All your passwords should be complex and long enough to avoid being broken by hackers and their rainbow table password cracking tools.
You should also ensure that your wireless network access password is not easily guessable. If it's too simple, you could end up with hackers and/or neighbors getting a free ride from leeching off your internet connection.
7. Encrypt your files at the disk and/or OS level
Take advantage of your OSes built in disk encryption features such as BitLocker in Windows, or FileVault in Mac OS X. Encryption helps to ensure that if your computer is stolen that your files will be unreadable by hackers and thieves. There are also free products like TrueCrypt that you can use to encrypt partitions or your entire disk.
There is no one perfect network defense strategy, but combining multiple layers of defense will provide redundant protection should one or more layers fail. Hopefully the hackers will get tired and move on.
Source - Andy O’Donnell, About.com
Note: CFA does not represent or warrant that the information accessible via this blog or links from this blog are accurate, complete or current. This blog is for information purposes only. CFA will not be liable for any damages of any kind arising from the use of this blog or website including but not limited to direct, indirect, incidental punitive and consequential damages.