Security Checklist


Firewall/Router Settings:
  1. Admin Login: change default password; disable remote login.
  2. Universal Plug and Play (UPNP): disable unless required by a device you use.
  3. Ports: external probes test using ShieldsUP!! at www.grc.com; test results should indicate your network is stealth.
  4. MAC Address Filtering: Whitelisting only allows known devices. Look at device settings, or network settings to find the MAC addresses which will look something like this: 0f:0b:f0:00.
  5. Domain Name Servers: Change default ISP Domain Name servers with OpenDNS 208.67.222.222 & 208.67.220.220 
  6. Firmware: update for latest security fixes; if a year goes by where there are no security updates it might be time to purchase a newer model.

Wireless Settings:
  1. SSID: do not use personal information, pet's names, addresses, etc. Use a name that can't identify you in any way. 
  2. Encryption: use WPA2 and a strong passphrase (see passwords below for more details on a strong password).
  3. WiFi Protected Setup (WPS): disable; update router firmware if needed in order to disable.
  4. Internet of Things: separate WiFi network for appliances; use router's 'Guest" network for light bulbs, thermostats, etc.
  5. Bluetooth: disable when not in use.
  6. Open Networks: secure device at local level with built-in firewall, antimalware protection. Do not use for secure interaction with banking sites, etc.

Passwords:
For more information about passwords read my blog post: Pass The Word About Passwords

  1. Creation: unique, random, long, padded (add an additional character several times to the end to increase length), upper and lowercase letters, numbers, symbols. 16 to 18 character minimum (I prefer 18 character passwords to stay ahead of the computational curve).
  2. Two-Factor Authentication: something you have (a smartphone with a code texted to you, or an app such as Google Authenticator that provides a one time use code); something you know (your password). 
  3. Password Manager: app creates and securely stores passwords, credit card info, etc. Can autofill login information for websites.
  4. Annual Audit: check for strength and duplicates. Sites, that a year ago may have only allowed for a few character password may now let you increase strength.
  5. App Passwords: app specific individual passwords for devices. Trading some security for convenience, but this one use password can be revoked if the device assigned to it is lost or stolen.
Two Factor Authentication:

Sites that support Two Factor Authentication (2FA)

For more information on Two Factor Authentication read my blog post: The Two Step Verification Dance


Maintenance Tasks:
  1. Operating Systems: schedule updates to check and install regularly. 
  2. Security Software: know what security software you have and renew, update, and run regular scans.
  3. 3rd Party Software/Apps: regularly check and install updates. Don't click popups to install updates. Rather, close those and go to the software itself to check or updates so you don't accidently get malware pretending to be your legitimate software.
  4. Unused Apps: uninstall to reduce system vulnerabilities. If you bought a new computer look at the installed apps to see what 'trailware' or other software may have been pre-installed that you may not use and uninstall.
  5. Backup: early, often, and disconnect backup destination to mitigate against ransomware.


Updated: 2015-01-15