Top 10 Ways to Protect Your PC: Defense in Depth: Page 2

(Page 2 of 2)

6. Turn off autorun. The ability to automatically run programs when inserting a CD or USB flash drive was a huge security mistake on the part of Microsoft. Making this worse, in the many years since, they have modified the rules over and over and issued multiple bug fixes to the software enforcing the rules. Anyone who thinks they understand the rules for how autorun works and can explain it to you, doesn't understand the rules.

The good news is that you can bypass the quicksand of autorun completely. Every variation and iteration of Microsoft's rules boils down to a file called autorun.inf. There is a simple registry update that tells Windows never, no matter what, ever pay attention to any autorun.inf file. It's ironclad safety.

7. Protect your WiFi network from snooping. The big issue with securing wireless networks is making sure that good encryption is used for all data traveling over the air. Never use WEP encryption. If that is the only option in your router, buy a new router. WPA encryption is good enough. There have been two holes discovered with it, but experts consider them minor. WPA version 2 (WPA2) is the best encryption and should be your first choice, assuming all your wireless devices support it.

Technically, the last paragraph is not true. What people call WPA encryption really refers to TKIP and what is called WPA2 encryption really refers to AES. I mention this because if you opt for WPA2 and then chose TKIP to use with it your security is the same as WPA.

Another possible problem with WPA, WPA2, TKIP and AES is the password. Bad guys can record WiFi transmissions over the air, and then try to crack the encryption later. If the WiFi password is short, or a word in a dictionary, your private transmissions will no longer be private. Don't think password, think pass sentence. Since the wireless password is typically entered only once per computer, something over 20 characters would serve you well and not be a constant annoyance. Nothing wrong with writing it on a piece of paper and taping it, face down, to the router.

8. If you have a router, open up the front and close the back.

By open up the front, I mean insuring that you can get into the routers internal website to make changes. To do so, you need to know three things: the IP address of the router and the userid and password for logging into the internal website.

Every computer on the LAN knows the IP address of the router, it's the default gateway. Windows users can enter the command "ipconfig" from a command prompt to learn the IP address of the default gateway. Enter this IP address into your web browser and you should be prompted for a userid/password. New routers will have the default userid/password somewhere in their documentation. Never use the default password. Like the WiFi password, it's probably a good idea to write this information on a piece of paper and tape it, face down, to the router.

By closing the back, I was referring to the firewall in the router. You can test how well the firewall is protecting your LAN with Steve Gibson's Shields Up! service.

9. Use OpenDNS. The system that translates computer names to the underlying IP addresses that computers actually use to transmit data on the Internet is called DNS. DNS is such a critical building block for the Internet that every Internet Service Provider has to maintain at least two computers dedicated to offering their customers DNS services.

Maintaining DNS computers is non-trivial and some ISPs do it better than others. OpenDNS offers a free service that is fast, maintained by specialists and offers a number of advantages over the DNS service from many ISPs. Perhaps the most visible advantage is protection from visiting some malicious websites. No such service can ever be anything close to perfect, but you are safer with it than without it.

There are two ways to get started with OpenDNS, you can either modify a single computer to use their DNS servers ( and or you can modify the router so that all computers on the LAN use OpenDNS. This is one reason for the previous item, being able to make changes in your router.

10. Finally, the mandated item in every article on this subject: anti-malware software. Rather than re-tread well worn advice, the only point I'll make here is about the choice between dedicated antivirus/antispyware/antimalware software and a suite of protection software that includes this along with many other types of defensive software. Avoid the suites.

Page 2 of 2

Previous Page
1 2

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.