You probably have a Wi-Fi router in your home to provide internet access to all the family.

When people
drop by, they ask for the password so they can check something on their smartphone or show off vacation
photos stored in the cloud. Before long, a lot of people know your Wi-Fi password and people can
connect to your router any time they pass by your house. In an apartment building, your router’s signal
extends into neighboring apartments.
Unlike physical networks, Wi-Fi systems can extend beyond the walls of your home. Once the password
for access gets out in the world, it is very difficult to control who can access your home network.
Therefore, you need to consider implementing some changes and routines that protect you from
intruders, snoopers, and internet carpetbaggers.
You have two major security issues to deal with. The first is that you need to control who can actually
get on your network. The second problem is that of the signal footprint. If people outside your home
can pick up a signal from your router, they can also capture data and reap all of your passwords.
Here are some simple but important tasks to improve the security of your network.
1. Make a complicated router password
If you give visitors the password to your Wi-Fi, they can enter it and gain access your home network
indefinitely. If you have kids and their friends come over, they will probably want the password, too, and
when they go home, they can tell it to their parents or siblings.
If someone you know well asks you for access to the Wi-Fi while they are visiting, it is hard to say
no. However, you can make it difficult for people to tell the password to others. Make your password
a random sequence of letters, numbers and special characters, mixing uppercase and lowercase so no one
could ever remember it. Fortunately, once a password is successfully entered into a device, it is not
visible, so the people you give it to won’t be able to read it off to tell someone else. Ideally, the
password should be 20 characters long, but if you find that tiring, you could get away with 12
characters.
Of course, it will be impossible for you to remember the password, so you will have to store it
somewhere. You can keep it in a hidden file on your computer, or write it in a notepad that you keep
in a locked drawer. Although a complicated password is not a sophisticated security measure, it can be
enough to enable you to limit who exactly has access to your network. If you trust someone enough to
let them into your home, then it isn’t unreasonable to assume they are sufficiently trustworthy and
not likely to hack your network. However, when you give someone the password, don’t write it down
for them; read it out instead, or offer to enter the password for them.
See also: How to make and remember strong passwords
Limit access to the password
Although it seems reasonable to give access to the Wi-Fi to your children, their friends, and your
friends, you shouldn’t feel obliged to give out the password to everyone that enters your home. For
example, a visiting salesman is a complete stranger and no matter how well dressed they are, you don’t
know what their plans are and you can’t trust them. Someone who is on your property to perform a
service, such as a plumber, a gardener, or a decorator doesn’t have the right to ask for the password to
your Wi-Fi. In these instances, you should be prepared to say “No.”
Commercial visitors shouldn’t need to access your Wi-Fi router in order to get information off the internet
for their work. Their employers should provide them with a data plan or a USB modem if their
business model includes storing data in the cloud.
Change the password frequently
There is no hard and fast rule about how often you should change the router password. However, you
should to change it on a regular basis. Memorizing a new email or online banking password can be
annoying because you have to log in all the time. But because Wi-Fi routers typically only require you log
in once to be allowed indefinite access, changing a Wi-Fi password is less of a nuisance.
Make changing the router password part of your monthly routine. On the first of the month, after
breakfast, change the Wi-Fi password. If you have a lot of people in and out of your home—during a
renovation, for example—change the password weekly. Remember to update the note you kept of the
password.
See also: Password generator tool
2. Change the router’s admin credentials
You can access the console of your router from any device connected to the network.
Most manufacturers set up the administrator account on routers with the same username and
password for every piece of equipment they sell. This is different from simply connecting to the
network; it grants you control over the network configuration. With a bit of know-how, anyone connected
to the router can guess or Google its login credentials. This makes you vulnerable to a hacker or a young
overachiever.

If someone gets into the admin console, they can change the admin password and lock you out. So,
change those credentials before some smart-assed friend of your daughter does it. Without access to the
administrator account on your router, you will not be able to perform any tasks to improve your
Wi-Fi security.
The default username and password may be printed in a booklet that came in the box with the router or
you may be able to find it in the support pages on the Wi-Fi manufacturer’s website. It might even be
displayed on the login screen for the router. If you can’t find the username and password anywhere try
sys/admin, system/admin, admin/admin, user/user, system/password, and admin/password for the
username/password combination. If none of these work, look for your router in this list of default router
administrator passwords.
When you find the right combination, you need to look around the menu system for the account
details. Change the password of the admin account to a random string of letters and numbers and
make it at least 12 characters long. Don’t forget to write that new password down in a safe place before
you log out of the console. Because most router consoles are accessed via web browser, a password
manager can take care of this for you.
3. Change the network name
As explained in the previous section, router manufacturers produce the same settings for every item
of a product line that they produce. Often, a manufacturer will install the exact same administration
software on all of its router models. That consistency makes life easy for hackers.
Free network detection software lets hackers see all the surrounding Wi-Fi networks. The hacker
doesn’t need to know which home the signal comes from because he doesn’t need to break into your
house in order to get into your network. Each network is identified by a name, called an SSID.
Router manufacturers often put the brand name or model of the router in the SSID. If you got a router
from your internet service provider, the ISP might change that SSID when to show their own name
instead of the manufacturer. If you bought the router yourself, its SSID will probably identify the
manufacturer or even the model of the router.
A hacker can use the information that appears in the SSID to look up the default username and password
for the router with little effort. Change the SSID so that it doesn’t give away the router brand or
model. Don’t choose an identifier that includes your name, address, or telephone number. Don’t use any
other personal information in the name. So, “10BullLane,” “JBDecker Network,” and “Homenet-
12281975” are all bad ideas. Avoid making political statements, don’t use offensive language, and
don’t provoke hackers with challenges in your SSID. Just make it bland.
Related: Top 10 Intrusion detection tools
Hide the network
Your router doesn’t have to broadcast its SSID. If you block your router from sending out its
identifier, your home Wi-Fi becomes a hidden network. Those devices that already have connection
data stored will still be able to connect, but passers by won’t see it. In many cases, the network list that
others see will include a line that says “Hidden network.” Without knowing the name of the network, it is
impossible to connect to it.
Making it impossible for unknown devices to connect to the network presents a problem if you buy a new
gadget. However, you can temporarily turn on the SSID broadcast to let your new device see the
network. Once you have set up a connection with the password, make the network hidden again. Hiding
the network makes it easier to block visitors from getting on the network. If they can’t see your router
in their list of available networks, they will be less likely to ask for the password.
4. Strengthen Wi-Fi encryption
A number of freely available hacker tools can crack weak Wi-Fi encryption, which could allow an
attacker to intercept, see, and modify your online activity. Three types of Wi-Fi protection systems are
commonly used to secure transmissions so only the end user’s device and the Wi-Fi router can read the
contents of a transmission. These are Wired Equivalent Privacy (WEP), Wi-Fi Protected
Access (WPA) and Wi-Fi Protected Access 2 (WPA 2). Of these three, you should be using WPA2. In
fact, you need a strengthened version of this system, which is called WPA2 AES. This uses the AES
cipher to protect transmissions and that encryption method is impossible to crack.
You can change the Wi-Fi encryption in the router console. The AES encryption option often appears in a
second pick-list. So after you choose WPA2 in the first field, you can select AES in the second field.
5. Turn off Plug ‘n Play
The Universal Plug ‘n Play methodology helps devices in your home discover the network and then
communicate with the manufacturer for firmware updates and supplies. UPnP is a key element in the
creation of the Internet of Things. This is the technology that makes household appliances “smart.”
Essentially, smart gadgets can access the internet. UPnP also provides a channel for hackers.
Your router has to cooperate with the UPnP system in order for those household gadgets to get access to
the internet. Although the creation of self-tuning devices seemed attractive at first, the absence of
password protection for most devices, or the tendency for manufacturers to use the same password for all
devices, make these smart pieces of equipment a security vulnerability.
UPnP helps a device get set up, but once you have that thing working, switch off its UPnP capabilities.
You should also turn off UPnP compatibility in your router. UPnP has enabled hackers to infect
household devices and include them in botnets. A botnet is an army of devices that can be directed to
send access requests to one computer all at the same time, thus blocking its availability. This is called
a DDoS attack and it is increasingly being used by countries such as Russia and China as a military
strategy, so UPnP is even undermining national defense.
6. Turn off Remote Management
The console of a router should only be accessible from devices connected to the network. However, a
standard router setting enables remote access. This means that you can access the console over the
internet, from another location. Unfortunately, if you can do that, so can anyone else. So, turn off remote
access.
7. Limit WPS
Wif-Fi Protected Setup (WPS) offers an easy way to get new devices to recognize the network and
connect to the router. WPS uses one of two methods.
If your router has a WPS button on the back, pushing it will send out a signal that adds the device to the
network and passes it log in credentials so you don’t have to enter a text password.
An alternative method uses an eight character numeric code entered into the network settings of the
device. WPS enables devices in your home, such as set-top boxes and games consoles, to maintain a
presence on the network even when you change the password needed for computers and phones to
connect.
WPS presents a security weakness because the code method is easy to crack. If your router has a WPS
button, then turn off the WPS code capabilities and rely on the button. If you don’t have the button, turn
off WPS completely because the code option is a serious problem for your network security.
8. Keep the router firmware up to date

The router manufacturer should update the firmware on your gateway automatically. However, just as you
should make a monthly schedule to change the Wi-Fi password, you should also regularly check for
updates. The router console should include this option. If not, make it a habit on the first of the month
to check the router manufacturer’s website for any updates and install them if they are available.
Another trigger for firmware updates should be any news stories that speak about major virus attacks.
Usually, new viruses spread because a hacker discovered a security weakness, called an “exploit.”
Hackers sometimes detect these weaknesses before the technology companies. The outbreak of a serious
attack will provoke the router producer to check through its firmware code to make sure its
equipment is not vulnerable to the new attack. If it is, they will issue a security patch. So, check on the
website of your router’s manufacturer whenever these news stories break.
9. Turn on the firewall

Chances are your Wi-Fi router has a firewall on it, but you haven’t turned it on. Browse through the
console settings to see if you can find it. If not, visit the Customer Support pages of the router
manufacturer’s website. If there is a knowledge base, you can search the site with the keyword “firewall”
and see what information arises.
Wi-Fi routers operate a system called NAT, which stands for “network address translation“. This
address manipulation means each computer on your network is allocated an address only known to the
router. It doesn’t represent you out on the internet. Instead, the router has its own internet address and that
communicates with the outside world. A very fortunate side effect of the NAT system is that it prevents
outsiders from identifying the addresses of individual devices on the network. Unsolicited traffic is
blocked before it ever reaches end user devices.
Apart from this protection, routers usually have a hardware firewall. This works a little differently than
the software variety that you probably installed on your computer. It is worth turning on.
See also: What is a firewall & why do you need one on your home network?
10. Allocate static addresses
This step is a little technical and you may find it a little awkward to implement. As explained above, all
devices on your wireless network have an address. This is called an IP address and it has to be unique.
Your computer’s IP address is only unique on your private network. This is why the router uses a public
address as well and that one represents you on the internet.
Your router allocates an IP address to each device on the network through a system called the “dynamic
host configuration protocol,” or DHCP. Hackers can manipulate DHCP to allocate themselves a
network address, making them very difficult to spot.
One of the settings in the console of your router will allow you to change the way that addresses are
allocated on your network. To stop the router using DHCP, you need to look at the Network
Configuration page of the console. The option you are looking for will probably be a drop-down picklist
and will be labeled “WAN connection type” or “address configuration.” The precise settings depend on
your model of router. However, you will see that the field is currently set to DHCP. You need to change
that to Static IP.
Before you make that change, go to all of the computers and network-enabled devices in your home
and note down the IP address that each is currently using. After changing the router to use static IP
addresses, go back to each device and allocate it the address that you noted down for it. The effectiveness
of changing address allocation is up for debate.
See also: The Definitive Guide to DHCP
11. MAC address filtering
You router’s console will contain a menu item called “MAC filtering” or “MAC address filtering.” This
option will only allow approved devices onto your network. Every device that can connect a network
has a MAC address. This is actually the identifier of the network card and it is unique throughout the
world. Therefore, no two devices in the world are issued with the same MAC address. MAC stands for
“media access controller.” It is made up of six two-digit hexadecimal numbers separated by colons. So it
looks like 00:17:5f:9a:28.
You may read that MAC address filtering is a waste of time because it can be sidestepped. This is true up
to a point. If you just want to stop neighbors hopping onto your network for free and you can’t keep
your kids quiet about the password, then MAC address filtering will provide you with the
functionality that you need. If you suspect that one of your neighbors is a hacker, then this technique
won’t put up much resistance.
On mobile devices, look in the Network Settings to get the MAC address. On computers, open up a
command line window and type in ipconfig /all. This will bring up a list of attributes of the computer,
including the MAC address. Make a list of the MAC addresses of all the devices in your house that you
want to let onto the network.
When you go to set up the filtering list pay attention to the instructions in the page because not all MAC
filtering systems are exactly the same — the layout depends on your router.
There are two modes to a MAC address filter. These are “allow” and “deny” or they may be labeled
“include” and “exclude.” If you don’t see these options, then your router’s MAC filter is of the
allow/include variety. If those options are available then select allow/include. There should be a box in
the screen where you enter a list of addresses. Usually, a carriage return is enough to separate the records,
but you may need to put a comma or a semicolon after each address.
MAC address filtering can be sidelined by a hacker who has a wireless packet sniffer. Every piece of
information that goes in or out of a device has its MAC address on it. Although MAC addresses are
allocated to the network cards of the world and are centrally controlled so that each is unique in the
world, hackers do know how to alter an address. Therefore, the hacker just has to pick one of the MAC
addresses that he sees is active on the network and then change his computer’s MAC address to that.
However, such tools are not available on mobile devices, so the hacker would have to be sitting with a
laptop within range of your router in order to pick up the signal.
12. Turn off the router
If you aren’t using your Wi-Fi, you could turn the router off. Sometimes, you might want to leave a big
download running overnight. However, most of the time, you aren’t going to be using the network
while you are asleep. It is a good idea to turn off all electronics at night and even unplug them. This is a
safety measure against sparks causing appliance fires and it also a good practice to save the
environment. Many electrical and electronic devices burn electricity even when they are in standby
mode. So unplugging everything before you go to bed will reduce your electricity bill and also help
save the planet by reducing the demand on power stations.
You could also turn off the router when you go to work. If there are a lot of people in your household, the
last person to leave the house in the morning turns the router off and the first one to arrive home in
the evening turns the router on.
The reason for this tip should be obvious. The fewer hours that your Wi-Fi system is active the less
possibility there will be of a hacker attack. It will also deny your piggybacking neighbors access to your
Wi-Fi for large chunks of the day. If your internet service is metered, this step will bring down your
monthly bill.
13. Check on port 32764
Back at the beginning of 2014, it was discovered that the firmware for certain models of router kept a
process that listened at port 32764. Having a port “open” is a security vulnerability and when the
infosec community discovered the problem, the router companies involved removed the routine that
listened for responses at that port. However, in April of that year, a firmware update introduced a
procedure to open the port again.
A port is a number that represents an address for an application. In order for a port to be open, it needs a
process listening on it. If hackers find out about obscure listening programs that can manipulate the
program in order to cause damage to the router or the network.
It seems that access through port 32764 is a requirement for a hardware supplier, called SerComm. You
probably didn’t buy a SerComm router, but this manufacturer supplies to Cisco, Netgear, Linksys,
and Diamond. You can find a list of at-risk routers here. The good news is that the process that listens on
the port can only be activated from within the network. Check if port 32764 is open at this website. If it is
open, you need to contact your router supplier for help on this issue. Just closing the port is not a
viable solution because it was opened on command without your knowledge and they can just open it
again. If the router company can’t supply you with a patch to close off this vulnerability, ask for your
money back.
14. Keep your devices healthy
The computers and other devices in your home could provide avenues for hackers to get onto your router.
Some of the devices that connect to your network will be portable. Devices such as laptops, tablets, and
smartphones are more likely to get infected because they likely connect to other networks and access
the internet in public places. There are more possibilities for virus infection and intrusion outside of
the house. Equipment that never leaves the house is only exposed to one internet access point and so is
less likely to be infected.
You also need to be careful about people transferring files onto your computers with USB memory
sticks. File copying offers an access method for viruses. So make sure that your computers have both
firewalls and anti-malware software.
Make sure that your software is kept up to date and you allow automatic updates. Patches and new
releases for operating systems and applications are often issued to plug security weaknesses.
See also: Best free Antivirus programs for Windows and Mac
15. Use a VPN

Virtual private networks are primarily used to improve privacy on the internet. However, they also offer
security benefits that help protect your router from intrusion. If you or other members of your family
frequently use Wi-Fi hotspots in public places, such as cafes, using a VPN will help protect your
devices from attack by compromised Wi-Fi hotspots. Hackers use “Man-in-the-middle” attacks to
steal data from other users connected to the same network, and they can also be used to sneak malware
onto your devices. When you bring those devices home and connect them to your network, your router
becomes an easy target.
A VPN is also a good solution to the problems raised by wireless packet sniffers. A VPN encrypts all of
the traffic from and to your computer all the way to a remote server that lies over the internet beyond
your Wi-Fi router. That means intermediaries will not be able to fool you into a fake connection and
won’t be able to get into your data stream by infiltrating your router. The protection offered by the VPN
goes through the router, so even if the encryption provided by the router is stripped off, you still have
VPN encryption to make your data unreadable.
16. Center your signal footprint
Most people keep their Wi-Fi router in the living room because that’s where the hookup is for a cable or
phone line. Living rooms often face the street, so placing your router by a front room window sends
half of your signal footprint to the outside world.
If you put your Wi-Fi router at the far wall of the living room behind the TV, the layout of your house or
apartment may mean that the other side of that wall is inside a neighbor’s house. Walls offer greater
resistance to radio waves than windows do. However, you are still giving half of your Wi-Fi coverage to
your neighbors.
Find the central point of your home and place the router there. Keep in mind that the signal area of a Wi-
Fi router is like a ball — it radiates out above and below as well as horizontally. So, if you have a two-
storey home, put the router right up by the ceiling on the lower level so upstairs gets service as well.
If your house is larger than the router’s signal footprint, centering the router in the middle of the house
will give you the maximum coverage available and prevent the signal from passing outside. If your
house is smaller than the signal footprint, at least you will have reduced the area of the street where the
general public can benefit from your internet service.
17. Create a Faraday cage
Some homes get terrible cell phone coverage. In many cases, even if you are in an urban area that should
get full bars, the signal availability drops as soon as you go indoors. This is not normal. This
phenomenon is caused by the material that went into the construction of your home. Any metal in
the construction material will attract radio signals and prevent them from passing through the skin of the
home into your rooms. This is called a Faraday cage and although it is annoying for creating bad cell
phone service indoors, it is great for trapping your Wi-Fi signal inside your house.
Construction materials that block your Wi-Fi signal from passing outside include foil membrane
insulation embedded behind sheetrock in the walls. If your home’s internal walls have that insulation,
you will have problems getting the Wi-Fi signal away from the room where the router is kept. Metal
window frames reduce the amount of signal that passes through the glass of your windows,
and reinforced concrete walls that contain metal bars will also prevent the Wi-Fi footprint from
extending outdoors.
If your house doesn’t contain much metal in its outer walls, you can integrate metals into your decoration
to block the Wi-Fi from extending outside. Ideas include aluminum cladding, which could go on the
outside of the house to protect the walls, give your house a new look, and also block all Wi-Fi. Other
ideas include curtains that contain metallic thread, copper wall coverings, a metal shelving unit,
and metal screens.
If metal wouldn’t feed into your interior design, then check out paint that blocks Wi-Fi signals. You could
also consider shiny metallic wallpaperprinted on foil.
Safe Wi-Fi
News headlines about ransomware and identity theft are worrying. The thought that someone can
intrude into your Wi-Fi feels a little like the threat of being attacked or burgled in your own home. You
don’t have to be a technical expert in order to improve the security of your home Wi-Fi network,
you just need to be a little smarter in your habits.
Simple solutions to security problems are usually the best. As you can see, none of the solutions in our
list cost money. The majority of these suggestions are common sense steps that anyone can take. Even
the more complicated ideas, such as hiding the network or MAC address filtering, only require you to
explore the options available to you in the Wi-Fi router’s console.
Make sure you keep your personal data safe from identity thieves and prevent tight-fisted neighbors
from stealing your internet by running through the recommendations in this guide.

IT Best Practices – GWCC Seminar – May 23rd. 2019

Personal Computers/Laptops
Usernames and Passwords
Users should change default/simple passwords and use strong passwords. Passwords should not be
shared. Passwords should not be written down.
Software Patch Updates
Be certain that applications and operating systems are up-to-date with patches.
Anti-Virus Software
Anti-virus software should be installed. Anti-virus software should be configured to update daily. Do not
disable anti-virus software. Frequently back up important documents and files. Back up your data
frequently. This protects your data in the event of an operating system crash, hardware failure,
or virus attack.
Physical Security
Unauthorized physical access to an unattended device can result in harmful or fraudulent modification of
data, fraudulent email use, or any number of other potentially dangerous situations. Log-off or shut down
computers when leaving desks devices, or, device is unattended. Secure portable devices in the office and
while traveling.
Unnecessary Application/Services
If a service is not necessary for the intended purpose or operation of the device, that application/service
should not be running.
E-mail Management
In general, do not open unsolicited or unrecognized e-mail. Do not send confidential or sensitive
information without proper authorization.

Beware of email or attachments from unknown people, or with a strange subject line: Never open an
attachment you weren't expecting, and if you do not know the sender of an attachment, delete the message
without reading it. To open an attachment, first save it to your computer and then scan it with your
antivirus software; check the program's help documentation for instructions.

Fraud and misrepresentation

Dishonest users sometimes attempt to forge mail messages to others to gain personal information, such as
account passwords or even credit card information. Do not ever divulge such personal data in a reply,
even if the sender looks legitimate; instead, forward the suspicious mail to the postmaster at the address
where the message originated.

Avoiding spam
Spam has increasingly become a problem on the Internet. While every Internet user receives some spam,
email addresses posted to websites or in newsgroups and chat rooms attract the most spam.
To reduce the amount of spam you receive:
 Filter your email: Your email client or web-based email provider may have other methods for
setting up email filtering. Many offer blacklisting, which prohibits mail sent from email addresses
that you list. Even more restrictive is whitelisting, which blocks mail sent from anyone except
those that are on the list.
 Don't reply to spam under any circumstance.


Be careful releasing your email address, and know how it will be used
Every time you communicate on the Internet or browse a website, there are opportunities for spammers to
intercept your communications to obtain your email address and other personal information. Otherwise
reputable companies may sell or exchange your email address with other companies, and this information
may eventually find its way to a spammer. Consider the following guidelines:
  Subscribe only to essential discussion lists and ensure that they are moderated.
 Think twice before offering your email address to a website. Check the privacy policy for that
site.

Data Security
If maintaining confidential or sensitive data, be certain that data encryption of the network traffic and any
local copy is enabled. Do not store confidential or sensitive data on external drives or media.

Restrict remote access

It is recommended that you disable Remote Desktop (RDP) and Remote Assistance, unless you require
these features. If you do, enable the remote connections when needed, and disable them when you're
finished. Note that you only need to enable RDP on the computer you intend to connect to; disabling RDP
on the computer you're connecting from will not prevent you from making a connection to another
computer.

Remove data securely

Remove files or data you no longer need to prevent unauthorized access to them. Merely deleting
sensitive material is not sufficient, as it does not actually remove the data from your system.

How can I protect data on my mobile device?

Like desktop computers, mobile devices (e.g., smartphones, tablets, laptops, and notebook computers) are
frequently used to access and store both personal and institutional information. However, because of their
portability, mobile devices are more susceptible than desktop systems to loss and theft. The following are
safeguards you can use to reduce the risk of someone accessing data when your mobile device is lost or
stolen:
 Apply appropriate safeguards to the device to mitigate the risk of information exposure due to
loss or theft.
 Wipe (i.e., erase) all data stored on any device before transferring ownership (e.g., by sale or
trade-in).

Web Browsing
Limit Web browsing to work-related sites
Be vigilant of downloading software or files from the Internet. Do not visit "adult" content sites.

Do not click random links

Do not click any link that you can't verify. To avoid viruses spread via email or instant messaging (IM),
think before you click; if you receive a message out of the blue, with nothing more than a link and/or
general text, do not click it. If you doubt its validity, ask for more information from the sender.
Do not download unfamiliar software off the Internet
Some programs will appear to have useful and legitimate functions. However, most of this software is (or
contains) spyware, which will damage your operating system installation, waste resources, generate pop-
up ads, and report your personal information back to the company that provides the software.

How can I tell if a computer virus alert is a hoax?

Two key factors make a successful virus hoax: (1) technical-sounding language and (2) credibility by
association. If the warning uses the proper technical jargon, even the technologically savvy can be fooled.
Nevertheless, if a virus alert you receive contains technical-sounding language and comes from a
seemingly authoritative source, it may also be a true virus alert.

How can I be sure that a website is genuine?

Some web links, especially ones that are a part of phishing schemes, will redirect to fraudulent web
pages; even when entering Internet addresses into your browser by hand, you might end up at a phisher's
site if the address you enter is non-secure or incomplete, or is automatically completed or redirected by
your browser.

Unfortunately, when you access non-secure websites (i.e., those sites whose addresses use an http://
prefix), you can do nothing to verify that you have not been redirected to a fraudulent site. However,
when accessing secure sites, including most commercial, financial, and university services, you can
protect yourself by making sure that the site you are visiting is actually the page you want to get to. To do
this, type the entire URL, including the initial https://, into your browser.

Be proactive
Adjusting the security settings in your web browser is a good preventive measure. For a higher level of
security, have your browser disallow:
 Accepting cookies
 Listing your name and other personal information in your browser profile
 Filling in form fields for you
This will help reduce the amount of personal information transmitted to sites at the expense of full
functionality, since many legitimate websites require you to accept cookies.

Home Networks
Wireless Local Area Networks (WLANs) and Wi-Fi allow you to access the Internet at broadband speeds
without the need for a completely wired network and allow many different workstations to use one central
access point. However, wireless networks have security risks beyond those of a typical wired connection:
since anyone within range can potentially connect to your wireless access points, you should take extra
security precautions when setting up your home wireless network. The methods listed below vary in their
effectiveness, but a hacker will probably try to find the path of least resistance to break into a network.
The more of these measures that you take, the greater the chance that someone will move on and attempt
to locate a less secure network.

 Stay up to date with patches and updates

 Choose a strong administrator password

 Disable remote administration

 Use encryption

 Change your default SSID

 Use MAC address filtering

Social Networking Sites

Social sites such as Facebook allow users to meet new people, share pictures and information, and interact
with others in online communities. The popularity of these sites continues to rise; however, unfortunately,
so does the risk of information misuse.

The United States Computer Emergency Readiness Team (US-CERT) suggests the following:
 Use sound judgment when it comes to the information you choose to share with others online, for
example:
o Avoid providing personal information that can be used for identity theft, such as your
Social Security number, your birthdate (instead, say you are in your early twenties), your
full address (instead, give only the city name), or your mother's maiden name.
o Avoid providing information that would allow a person to stalk you, such as your full
address (instead, give only the city name), your class schedule (instead, state only your
major), or your telephone number.
 Remember that the Internet is a public resource, and anyone can see what you post. In addition,
web pages are routinely archived, so don't assume a picture or information is completely deleted
from the Internet if you've removed it from an active site. Always think twice about what you
post, and what's posted about you.
 As a precaution against ill-intentioned strangers or people who misrepresent themselves, restrict
who can view your information.
 Be skeptical of the information you read about others.
 Read and understand the privacy policy of the site and be aware of how your information can be
used.