Advanced Home Network Security

Free can be very good!

Make use of alternate DNS servers. OpenDNS.org freely gives its clients access to its name servers. In the past couple of years DNS has been a topic of discussion in the security community. One could do all of the right things in the home or office, but due to the insecure nature of DNS and the lack of diligence of ISPs, not staying current on security fixes/mitigations you can type in a URL or click a link and still become compromised. The state of DNS security is so significant that some leading experts have proposed throwing away the DNS protocol and establishing one that forces authentication of some kind.

OpenDNS.org offers free content filtering customizable profiles for all who choose to sign up, along with tracking statistics of internet usage from your IPs.

Add an enterprise quality firewall to your home domain. The Astaro Security Gateway is a free Linux-based firewall that offers you feature such as: VPN, email spam and antivirus scanning, intrusion detection/prevention, web content filtering, and extensive logging features. The Astaro Security Gateway has been specifically marketed toward customers who are at their end-of-life with Cisco Pix router/firewall products.

ASG installs on hardware as old hardware, even as old has a 486 DX2. Software which is hosted upon the same OS that it is trying to protect can fail or have its own set of vulnerabilities an attacker can exploit. Your security software can make you unsecure, to some degree. By creating an additional defense-layer outside of your computer at the network layer, you have just created a greater hassle for anyone trying to probe you and with ASG (which has a built-in IPS) you can catch and trap something as its trying to leave your network.

Lowering Your Digital Footprint

As you may already know, The Onion Router aka ToR is the end all/be all for web anonymity for the poor man. This is to say that it is the best option out there for those who want “some” way to mask their web presence. It’s free to use and can be bundled with other software technologies to make it even more powerful and enhance your discreetness.

ToR can be built into a live Linux bootable CD/DVD or live windows PE CD/DVD of which can be outfitted with a MAC addresses spoofing changing utility (such as “MadMACs”) to enhance your anonymity. Hypothetical situation: you take a laptop into your favorite coffee shop or hotel parking lot, boot to your live-CD of choice, change your MAC address, and go to work. Because you would be using a live-CD no changes are made to your computer. Essentially your computer becomes a very potent dumb-terminal. If you are compromised, reboot your computer and move to another location, so that your traffic will originate from another IP address.

ToR Bundle is a suited version of ToR that can run independently off of a USB drive or a CD. It uses FireFox with a built-in ToR plug-in, along with NoScript and a couple of other add-ons.

ToR is not without its flaws. Those who set up exit-node servers can eavesdrop on any traffic leaving, as long as it’s unencrypted….and most of it will be. Anyone looking to do secret-squirrel activities should be very cautious about what content they are transmitting through the ToR network. Use encryption when you can. If you are going to log into a site, use TLS/SSL. If you are sending an email attachment, encrypt it….TWICE!

Using ToR to arrange a meeting or time for communications on some other channel is appropriate, but clear text transmission of documents is not. There was an unpopular incident of a private citizen alerting the world that ‘lettered agencies’, both foreign and US, were inappropriately using ToR for operational and administrative use. To prove his point, he set up some exit-nodes on the ToR network and collected hundreds of documents, user names, and passwords and other juicy details from private citizens, corporations, and government agencies.

Hardening the Greatest Security Variable…You

Staying abreast of the latest threats and mitigations is a hard task. There are many dedicated individuals who work hard to bring the public the latest and greatest information. The following are some sites that offer podcasts or videos to enable you to keep your brain sharp.

– www.GRC.com/securitynow.htm – Podcasts
If you are wanting a simple to understand AND very technical understanding of the internet, hard disk drives, SSL/TLS technology, key exchange, authentication, encryption, root kits, malware, and many other issues GRC’s Security Now will illuminate you and entertain you. Those of professional caliber IT prowess through baby novices will be able to appreciate this.

– www.PaulDotCom.com – Podcast and Video Tutorials
No normies allowed! Paul and his group of super-geeks embrace the super-sexy details of Penetration Testing and security remediation. This show is better suited for those who have a general understanding of Information Security and who are wanting to hone and sharpen their hacking skills, or those who want to understand how hacking actually works.

– www.IronGeek.com – Video Tutorials
Learn how to hack windows passwords and more! IronGeek shows you the way.

– http://revision3.com/hak5 – Webcast

Circumventing Windows Login
Crack the password by using a Linux live-CD called 0phcrack. 0phcrack automatically loads into its GUI and immediately starts cracking all the accounts on a system. It may take minutes or hours for it to find the password. When and if it does, it will display the password to you in plain text. The free version of 0phrack will work on 99 percent of passwords that are using standard characters. For passwords that have been created using spaces and other special characters, the pay version of 0phrack will be needed.

If you have no need of knowing what the password and merely want to reset it then ERDCommander, PC Login Now, or KON Boot will get the job done. ERD Commander will allow you to reset the password of any account on the system, but will not allow you to create a new user account or unlock a locked account. PC Login Now will allow you to do all of the aforementioned tasks even on hidden administrative accounts.

Of these three tools, KON Boot is the most unique. Its magic allows you to enter a system without knowing the password. Simply type in the name of the account you wish to access and you are in. When you reboot the system, all of the original passwords will still be retained. KON Boot offers you the utmost discreetness and quickness when needing to access a computer. There’s no waiting for the password to be cracked, no risking attributation of activities by resetting a password or risking account lockout by guessing the password, or incorrectly typing the right one in…Boot to CD, wait a couple of minutes for windows to load…game over.


Introducing Windows CleanUp!,  a privacy cleaner that is easy to use and can remove information about your Internet activity, while also deleting many types of junk files that take up unnecessary space on your hard drive.  Windows Cleanup! offers different levels of cleaning based on your preferences and needs. Windows Cleanup! can thoroughly remove all personal references, Internet Explorer favorites, and other information. It can eliminate all deleted files so they cannot be recovered, protecting your privacy.
Steganos Locknote – This is basically nothing more than an encrypted, secure text file.  It is self-contained, with the encrypting portion build right into the text file itself.  Safe and secure – there is no installation required.  It appears as a simple text file and opens to look just like a file in notepad.  The only difference is that the contents are encrypted and secure.

Article: Think Before You Click to Avoid Viruses and Scams – Read PC World article

If you have a wireless internet connection in your home, you should check out our section onhow to secure your wireless network for detailed instructions and advice on data encryption and wireless router security.

Print Friendly