Computer Security

[TN8Man]

We all have one thing common, tractors :thumbsup: But we also have another thing in common, computers (including smart phones and tablets) to communicate with our members on TBN. We maintain and protect our investment in tractors and we do the same for computers. So I was just curious what people do to protect their computers and home network from a growing threat of viruses, malware, ransomware, hacking, tracking and rogue surveillance.

I'm getting gigabit service soon and want to upgrade my router and overall home network. I have several computers and devices that I want to make as protected as reasonably possible. I want a router that is bulletproof to protect my network from bad actors and rogue intelligence agencies.

What do you do to protect your home network?

 

[frugalangler]

What do you do to protect your home network?

Your biggest risk if you are somewhat diligent in using a home router/firewall will be yourself and other users inside your LAN! Social engineering, phishing, etc. are the biggest threat vector - simply NOT clicking on every link that shows up in your email, being somewhat diligent on what web sites you visit, and setting your PC up to use multiple accounts, one for each person which DON'T have administrator access, then unlock the Administrator account (Windows) but don't use it other than for maintenance and software install. Most all virus infections in a home LAN are self induced by user action, that is where you should place emphasis - on user education. If what you're doing now has worked, just because you increase your access bandwidth doesn't make you more or less vulnerable - it just makes that mistake of clicking a bad link in a email much faster to cause infection.

 

[houstonscott]

We all have one thing common, tractors :thumbsup: But we also have another thing in common, computers (including smart phones and tablets) to communicate with our members on TBN. We maintain and protect our investment in tractors and we do the same for computers. So I was just curious what people do to protect their computers and home network from a growing threat of viruses, malware, ransomware, hacking, tracking and rogue surveillance. I'm getting gigabit service soon and want to upgrade my router and overall home network. I have several computers and devices that I want to make as protected as reasonably possible. I want a router that is bulletproof to protect my network from bad actors and rogue intelligence agencies. What do you do to protect your home network?

Switch to Apple. Problem solved.

 

[Bird]

I'm sure I know less about computers than many of you, but I just renewed my subscription to Webroot Secure Anywhere from Best Buy.

 

[/pine]

leak proof firewall...if you're really paranoid set up a proxy server...then only the proxy is actually connected to the Internet...

 

[TN8Man]

leak proof firewall...if you're really paranoid set up a proxy server...then only the proxy is actually connected to the Internet...

I currently use vpn servers. This is one reason why I want a new router. I want a router that I can connect to a vpn server directly (instead of by device) so that all communication through the router is using vpn.

 

[TN8Man]

Switch to Apple. Problem solved.

I don't think Apple computers and devices are immune to all the threats. Apple is not an option for my needs.

 

[TN8Man]

Your biggest risk if you are somewhat diligent in using a home router/firewall will be yourself and other users inside your LAN! Social engineering, phishing, etc. are the biggest threat vector - simply NOT clicking on every link that shows up in your email, being somewhat diligent on what web sites you visit, and setting your PC up to use multiple accounts, one for each person which DON'T have administrator access, then unlock the Administrator account (Windows) but don't use it other than for maintenance and software install. Most all virus infections in a home LAN are self induced by user action, that is where you should place emphasis - on user education. If what you're doing now has worked, just because you increase your access bandwidth doesn't make you more or less vulnerable - it just makes that mistake of clicking a bad link in a email much faster to cause infection.

I'm pretty good about the do's and don't on internet activity. I also keep my virus protection up to date and run boot level scans periodically. I do use the internet for all of my tv content and some content comes from outside the USA which is one reason why I use vpn. This is also the reason why I have several computers, multimedia computers for TV/entertainment content. My concerns are more towards advanced threats that are becoming more prevalent these days.

 

[Wagtail]

About 4 years ago I ditched Norton security for "Panda Internet Security". They're a mob out of Florida and I haven't been hit with one problem/virus since I switched to them. They've got a 24/7 1-800 number (it's a 1-300 number from Aus) and I ring them up every 3-6 months to do a computer clean/spruce-up.

Military discount too... they even accepted my Australian service, verbally, for the discount.

 

[RNeumann]

For routers we've tried several brands, models etc. We've also used dd-wrt. I settled on the Apple Airports. Easy to program (from mac or pc) and is full featured. We have a server "behind" a second router as well. I'd give the Airport a look.

 

[polo1665]

Switch to Apple. Problem solved.

I'm certainly not nearly an expert on any of this, but recent training at my workplace said that this is a myth.

 

[Garandman]

I don't think Apple computers and devices are immune to all the threats. Apple is not an option for my needs.

You are correct, but the dudes with the Apple tattoos don't hear that.

Frugalangler pretty much nailed it.

 

[kf4uda]

ESET Smart Security is the best security software that I have found. We have been using it on all of our PCs and servers at work. It takes care of business and doesn't take up all of your computer's resources while doing it.

Internet security for Windows | ESET

 

[houstonscott]

I'm certainly not nearly an expert on any of this, but recent training at my workplace said that this is a myth.

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

 

[RNeumann]

I reread your question and can also provide my experience with router security. The NAT technology in most (even basic) routers is such that it is near impossible for someone to hack. The way things are typically hacked is with a password- making that a vital link in the chain. We were ready to do whatever it would take to protect our data and system from hacks when we were deciding on the router/firewall. The techs we had unanimously agreed a standard router would be fine.

To have your router handle the VPN service read here-

How to: Setup VPN on an Apple Airport Extreme – VPNPick.com

Is sounds like a firmware change.

Seems like a strange solution that creates unneeded complexity and headaches. VPNs have a place - but all your data- that's overkill IMHO. No need for VPN when you are just cruising the tractor forum.

 

[vvanders]

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

As someone who is an expert on this stuff(I build software systems for a living), all operating systems do work mostly the same way. Developers make mistakes and then hackers/governments exploit them, you just tend to hear less about it on the iOS/OSX side of things.

This was just the latest one that made the big news at DefCon: Apple Patches iOS BroadPwn - Daily Security Byte | Secplicity - Security Simplified

Near a malicious WiFi access point with WiFi on(not connected, the buffer overflow was in the signal power response packet)? Boom your Apple product just got owned.

Coming back the the OP, there's no such thing as perfect security. It's just not possible, your best bet is mitigations. Do regular off-site backups, don't click on anything suspicious. You don't need to do much beyond your basic router firewall, that'll catch 99% of things out there. If a zero-day comes across your way there's not much you can do about it, hence why they call it a zero-day expoit.

 

[TN8Man]

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

The computer hardware brand used is not really the issue. Most all computer brands have susceptibility to todays significant internet threats.

For a first order, I want to stop these threats at my router/firewall to help protect all my internet communications and devices used on my home network.

The article below talks about the CIA's capability that was recently exposed by whistleblowers but I'm sure by now bad actors also have this capability and probably more. This is the type threats I'm trying to protect my home network against.

CIA’s “CherryBlossom” Can Hack Almost Every Popular Router Brand You Can Think #Vault7

 

[vvanders]

I reread your question and can also provide my experience with router security. The NAT technology in most (even basic) routers is such that it is near impossible for someone to hack. The way things are typically hacked is with a password- making that a vital link in the chain. We were ready to do whatever it would take to protect our data and system from hacks when we were deciding on the router/firewall. The techs we had unanimously agreed a standard router would be fine.

To have your router handle the VPN service read here-

How to: Setup VPN on an Apple Airport Extreme – VPNPick.com

Is sounds like a firmware change.

Seems like a strange solution that creates unneeded complexity and headaches. VPNs have a place - but all your data- that's overkill IMHO. No need for VPN when you are just cruising the tractor forum.

+1 on not needing a VPN. Unless you're worried about your ISP doing packet shaping and limiting your bandwidth to certain services(like Verizon was doing recently with Netflix). There's some stuff in the works to let your ISPs read your traffic and sell information based on that which would be another reason but generally it's a huge hassle to setup and your internet will be slower.

As long as you're using HTTPS(lock in the top bar) everything is encrypted using a public/private asymmetric encryption which is enough for almost any use.

 

[vvanders]

The computer hardware brand used is not really the issue. Most all computer brands are susceptibility to todays significant internet threats.

For a first order, I want to stop these threats at my router/firewall to help protect all my internet communications and devices used on my home network.

The article below talks about the CIA's capability that was recently exposed by whistleblowers but I'm sure by now bad actors also have this capability and probably more. This is the type threats I'm trying to protect my home network against.

CIA痴 鼎herryBlossom Can Hack Almost Every Popular Router Brand You Can Think #Vault7

I hate to break it to you but if you're looking to defend against stuff like CherryBlossom then it's just not going to be possible. 99% of that stuff is based on zero-day exploits that will work if they can deliver the payload along the exploit vector(like the wifi power signal packet above in Broadpwn). The developers can't fix software that they don't yet know is broken.

If you want to defend against that stuff you're best bet is to lobby congress to keep the NSA from hoarding exploits they discover and instead work with companies to fix them so our infrastructure is better defended. There's no such thing as an "offensive" software capability that can't also be equally exploited by anyone else out there with the time and/or money.

 

[houstonscott]

As someone who is an expert on this stuff(I build software systems for a living), all operating systems do work mostly the same way. Developers make mistakes and then hackers/governments exploit them, you just tend to hear less about it on the iOS/OSX side of things. This was just the latest one that made the big news at DefCon: Apple Patches iOS BroadPwn - Daily Security Byte | Secplicity - Security Simplified Near a malicious WiFi access point with WiFi on(not connected, the buffer overflow was in the signal power response packet)? Boom your Apple product just got owned. Coming back the the OP, there's no such thing as perfect security. It's just not possible, your best bet is mitigations. Do regular off-site backups, don't click on anything suspicious. You don't need to do much beyond your basic router firewall, that'll catch 99% of things out there. If a zero-day comes across your way there's not much you can do about it, hence why they call it a zero-day expoit.

U.S. Army Installing Apple Computers - Schneier on Security I don't want to belittle you expertise, but a very close family member was the 17th employee at Apple, he designed the chips, yeah the guy who designed the CPU for a generation of computers, and the guy who invented/designed the gigabit chip in your server. I'll take his word. I don't do anything, plug and go... No firewalls, no anti anything running. No issues.