Menu
Securing systems
1. Strong passwords
2. Virus protection
3. Security patches
4. Avoid common configuration mistakes
5. Firewalls
6. Regular backups
7. Wireless
8. Locking your computer screen
 Further reading

Most of us use computers in our workplace. Increasingly we have them at home as well. Whilst at work there's normally someone who looks after them for us - dealing with problems that occasionally arise, keeping them up-to-date, securing them against hackers - at home you're on your own. Unfortunately the threat to home machines is increasing as more of us go online for longer periods. Short duration, slow telephone connections are being superseded by high-speed 'always-on' services (such as those provided by ADSL and cable modems) which make your computer a much easier target for those who get a kick out of breaking into other peoples' systems(1). Should you care? Well, yes you should. Do you want someone ferreting through your confidential documents? Looking at household bills, bank details, or private e-mail? Using your machine to attack someone else (your employer, perhaps, or a corporation with a legal team that feels strongly about liability)? Most of us don't.

The good news is that there are simple precautions you can take to protect your home computer. You don't need to be an expert to apply them. You won't achieve 100% security - no-one ever does - but you can make a would-be attacker's job sufficiently hard that in all likelihood they'll give up and go and bother someone else instead.

None of the steps described below will cost you anything, other than a few moments of your time.

Note that this document is unashamedly focused on Microsoft Windows, the platform most commonly found in home environments. The principles discussed do broadly apply to other operating systems as well, but you'll need to work out the details for yourself. If you're technical enough to set up a Linux server for your family web site, then you probably know what you need to do anyway.

Seven steps to securing your computer

1. Use strong passwords

Most modern desktop computers are capable of acting as servers. When you're online, someone who can guess or break your password may be able to gain access to your home computer. Avoid dictionary words, names, or simple variations of these. If you don't know what constitutes a good password:

2. Use virus protection software

Set it to check your files automatically whenever your computer is on. And make sure it's the kind that keeps itself up-to-date: the last thing you want is to waste time every day checking for the latest update (and that's how frequently antivirus software changes, believe it or not). UCL staff and students can get antivirus software for their home computers for free. Several products are available, but for ease of maintenance we recommend F-Secure which meets the above criteria:

3. Regularly download security patches from your software vendors

This used to be a real chore, but is much easier nowadays. If you use Windows just visit the Microsoft Windows Update web site regularly (at least once a month, or more often if you feel the need):

http://windowsupdate.microsoft.com

then click Product Updates . Windows 98T and Windows 2000T users can additionally choose to install the Critical Update Notification utility, which provides automatic alerts of important updates. (The tool is available through Windows Update, as an optional download.)

Other systems have similar procedures –follow the instructions given by the vendor at purchase.

4. Avoid common configuration mistakes

The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use program that can analyse Windows systems for common security issues. It runs on Windows 2000T and Windows XPT, and as part of its checking will also look for missing hotfixes. Straightforward advice is given on how to resolve any problems identified. Get it from

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

5. Use a firewall as a gatekeeper between your computer and the Internet

* If you are using F-Secure under the college license you will not need to install a separate firewall as it has its own firewall. Please ensure you do not run more than one firewall on your machine as they may clash *

Home firewalls are usually software products. They are essential for those who keep their computers online through ADSL and cable modem connections, but they are also valuable for those who still use old-fashioned modems to dial in. ZoneAlarm is good, and quite easy to set up:

http://www.zonelabs.com/

Note that ZoneAlarm Pro is charged for; the basic version of ZoneAlarm is free for personal and non-profit use, and has all the functionality required by the majority of home users.

Once you've installed your firewall software, check it's working by running the Symantec Security Check:

http://www.symantec.com/securitycheck

6. Make regular backups of critical data

Modern hard disks are very reliable and seldom fail. But seldom isn't the same as never. And remember the human angle - can any of us say we've never accidentally deleted the wrong file in a moment of inattention?

You need to determine what files you're going to back up - think which ones would cause you inconvenience or upset if they were to disappear - and how often. At work central systems are backed up daily. This is almost certainly overkill for the majority of home systems, but it's a decision you have to make for yourself. Are you willing to spend a few moments backing up your correspondence each day, or prepared to risk a couple of days' work and perhaps tackle the task once a week?

Make your backups onto a separate device, not just somewhere else on your hard disk. (If the disk does fail and it contains all your backups, you'll likely lose the lot.) Remember also to check that your backups have worked every now and then. Pick a random document and see if you can get it back.

7. Secure any wireless networks

If you're thinking of setting up a wireless network at home to link several machines together, take a look at the final reference below. The NIPC document (reference 4) provides simple guidance on how to avoid common configuration errors that can leave your home network wide open. 


8. Locking your computer screen

When leaving your computer unattended it is good practice to lock your computer screen, this prevents an unauthorised person gaining access to your machine.

To lock your computer screen:

  • Press the Ctrl + Alt + Delete keys at the same
  • Click on the 'Lock Computer' button

To unlock your computer screen you need to enter your password.

References and further reading

Much of the above material is taken from the following sources, which contain considerably more information than we have space to include here. The CERT ® paper (reference 2) gives a very good description of the risks home users face, along with simple advice on what to do to make things safer. The NIST document (reference 3) goes into greater detail, including configuration recommendations for antivirus and firewall software.