Securing my home setup

[Smythie15]

Hi, i have been watching Hak5 for a couple of months now and filtering through all the great videos. Fantastic education! Now, i have a small home network of 1 main desktop pc, one medium dektop pc, various laptops on wifi, 2 smart phones, 2 printers. I also have many pc's come through my house as i repair them etc. My question is, what is the best way to screw down security for my setup. I also run a off the shelf wireless modem\router for my ADSL2. I am going to set up my own cloud system, my own router, a VPN as shown on the Hak5 episodes and that's about it for now. Can you guys suggest anything else i sould install\set up, be it software and or hardware to make my system tighter than a constipated fishes ring? Naa, not that much, but at least good enough to keep most unwanted peoples and thingies out. I also run virtual box on my main machine with 2 or 3 versions of windows and 3-4 versions of linux mainly for learning purposes. the main machine runs win7 x64. all computers run AVG free\Malwarebytes and i run ccleaner every so often. With all the foreign computers i get through this place in a year i am amazed that i am not cleaning out infections from my computers all the time but rarely have to at all unless i do something i KNOW will compromise my system, but then i just get rid of it anyway. I have very little money, a few computer parts, a couple spare laptops and a netbook. Any suggestions would be greatfully accepted.

Thank You.

Gary Smith

Land Down Under....

[overwraith]

If I could I would implement some sort of VLAN'ing on my network, it probably would have fixed a few things. Allowing everybody to see everybody else's traffic isn't necessarily a good thing if one host is compromised. Depends on your interoperability needs.

Actually home routers and such are fairly well set up out of the box these days. NAT and Firewalls are pretty good at keeping threats out. What most worries me about my home net is more physical security related, however my situation is probably a bit more unique than yours. I would like to get some padlocks, and change out the door locks because dummies keep leaving the combo locks combinations unscrambled.

My dad keeps turning on all his switches, and routers, and virtual servers, etc, I open up my network sharing center and literally do a double take, wtf did my computer just get plugged into? Not a sec risk, but I should probably go through and port scan/map all his stuff, and check the logs on our router more often because there isn't that much verification going on. It would be nice to make a script/web UI on my home net which could aggregate all the security observations concerning the net.

This sounds a little bit academic, but perhaps you should analyze your threat environment to determine what the biggest threats actually are. Most times homes aren't the targets of hacking, unless some bot herder wants your info and CPU cycles, and you have a weakness for spammy sites. Businesses are probably the most targeted, that's where the credit card numbers are.

Edited November 21, 2015 by overwraith

[barry99705]

If your router has a dmz function, enable it. Then use the dmz network for the computers you work on. Keep them off the home network.