Guide to Internet Security

                      http://kb.netgear.com/app/answers/detail/a_id/1104

For a comprehensive introduction to security, try the 89 page GAO-04-467, the first link in this US Government search. While this document has issues that won't be of interest, it presents the entire security situation very well. (You might want to skip to page 12 where the detailed information begins.)

Overview
Two great truths about security are:

• It's common to over- or under-estimate how much risk you have. Computer criminals depend on you implementing security casually.
• Attacks that work usually target weak links — things you don't anticipate.

Assuming that you aren't personally targeted, moderately secure networks usually cause hackers to attack elsewhere. You can be moderately secure by ensuring there aren't any obvious weak links in your system.
Types of Security Problems
There are many goals for attacks. Don't assume your network is safe just because you don't do critical work on it.

• Snooping. Reading private mail and other personal files.
• Destroying or corrupting computer data: Making files unusable, or making a whole computer unusable.
• Stealing computer data: Taking credit card numbers, email addresses, company information, etc.
• Stopping computer from functioning properly: Blocking incoming traffic so that intended users cannot get access, etc.
• Misusing computer resources: Sending spam without you knowing it, etc.
• Pranks: practical jokes, breaking in just because it's a challenge.

Basic security practices address all of these. You don't need to implement every one of these practices. However, a secure network will implement most of these.
To Implement Basic Security Practices

1. Put a firewall between your computers and the Internet. NETGEAR routers can be configured to do an excellent job of this. For details about several security features used by NETGEAR routers see: Security: Comparing NAT, Static Content Filtering, SPI, and Firewalls.
2. Use your router to control access using MAC addresses (Media Access Control addresses).
3. Update your operating system and Web browser. For Windows users, install "critical updates". If unsure whether an update applies to your computer, you probably should install it.
4. Run virus protection programs on all computers. Set the scan to examine all hard disks. Set the scan to continuously examine all incoming files. Check for anti-virus updates frequently, but never wait as long as 2 months.
5. Contrary to much "expert" advice, there is very little risk writing down passwords. In fact, years from now you may discover you need them to access old files. Never leave a password at its default value. Passwords should not be simple: use characters, numbers, and symbols. It's better not to use names or dates you find easy to remember: your birthday, your dog's name, your username backward, etc.

6. Good: kB!3ccsiiz_8 or 4*4zbmn-BXY
   Very Weak: april2003, cutegirl, me, stonesforever

7. If you have a wireless network, use WEP or WPA encryption. See What is WEP Encryption for Wireless Networks? for a brief overview of WEP.
8. If it's practical, use WPA encryption instead of WEP (available on newer NETGEAR equipment). See What's New in Security: WPA (Wi-Fi Protected Access) for details.
9. If communicating with other VPN sites, such as your business, use VPN.
10. Do not use a DMZ. (By default this is feature is turned off.)
11. Limit the shared folders on your network. (Or turn off file sharing entirely.)
12. Turn up your Web browser's security. In Internet Explorer: Go to: Tools > Internet Options > Security > Default Level > Security level for this zone. With Internet selected in the top box, make sure the slider is set to at least Medium. Internet pages will display with few problems at this level. Setting the slider to High will be most secure, but some pages will not display.
13. Avoid sending personal information over the Internet. Credit cards are a particular risk: Use a well-known payment system such as PayPal, or send credit card numbers and the expiration date in separate email messages, etc.
14. When browsing, don't accept software — even if with a certificate — unless it's from a company you think is trustworthy.
15. DO NOT respond to spam. DO NOT answer messages like "Click on this link to be removed from our mailing list" — except if it is a company to which you actually gave your email address.
16. Remove your network from the Internet — or turn it off — when not being used. Many people regard this as extreme, however it is also extremely secure.
17. If you have a wireless network, do not broadcast unnecessarily to where the public might access it — any signal strength above the red indicator is strong enough for full throughput, so don't boost your inside signal more than you need.
18. Running a public server (for example one that hosts games for other people to use, or one which serves Web pages for public viewing) causes additional concerns. Understand the server thoroughly. Read about recent issues in online newsgroups.

For more explanation of these security practices — if you need the reasons for the recommendations, or to know when particular features are important, see The Reasons Behind Security Features. That document also includes other, less critical security improvements.