One of the prime objectives of the National Security Agency (NSA) is related to electronic espionage, so it’s only natural that it knows a thing or two about network security. These are their recommended best practices for securing a network. Some of these may seem like plain common sense, but these are ignored quite frequently.
Minimize Administrator Usage
By default (and for convenience) the first account you create on a Windows installation has system administrator rights, even though not necessarily named as “Administrator.” Moreover, people frequently continue to use this default account for their regular computing activities, which leaves them open to the myriad threats while browsing the Web and accessing email.
Create a standard user account for everyday computer use, and use the administrator account only when it’s really needed — upgrading hardware, installing software, or for making system-wide configuration changes. While logged in with a standard account, you can right-click any program icon to choose the “Run as administrator” option as and when needed.
Full Disk Encryption (FDE)
Portable laptops can easily be misplaced, lost or stolen and when that happens, standard passwords alone are not enough to keep a determined hack from gaining access to your sensitive data. Encrypting the hard drive, on the other hand, will give you an added complex layer of protection by securing not just specific files or folders but the entire contents of the drive, including the operating system and programs.
Modern operating systems since Windows 7 have the BitLocker feature, which offers built-in full disk encryption, though only in the Enterprise and Ultimate editions. On the other hand, there are any number of third-party disk encryption products available, including the free, open-source TrueCrypt and BestCrypt.
MS Office is a boon for small businesses, but if you’re using Office 2003 (and plenty are), listen up, as it’s filed use a binary format that can execute potentially malicious code when you open them. However, the XML file formats used by the later Office 2007 and 2010 versions, have solved this problem to a great extent, with Office 2010 even including a Protected View that handles potentially risky files – like email attachments or files downloaded from the Internet– in read-only mode.
Your Router/WiFi Access Point
Nowadays, most ISPs provide cable/DSL broadband connections with built-in router, Ethernet switch, and Wi-Fi access point all combined. These might be convenient but can leave your network security in the hands of your ISP rather than yours. Many ISPs also hinder your ability to update firmware or even view or change configuration options on the hardware they supply.
Rather than leaving your network vulnerable on a device that you don’t own or fully control, it’s best to supply your own internet access device or modify the intrusive functions on your ISP’s hardware.
An Alternate DNS
The DNS (Domain Name System) service, lets you access websites and other Internet resources with friendly names like www.facebook.com rather than cumbersome, numbers-only IP addresses. Most networks rely on their ISPs for this as well.
It’s easy to switch to a third-party DNS service such as OpenDNS that can result in faster browsing performance, and enhanced security which blocks access to sites that are infected with malware. (Note: Google too has a Public DNS service but doesn’t currently offer any malware protection.)
Related post: 4 Tips for Speeding up your Windows PC