Best Practices for Keeping Your Home Network Secure by NSA

The National Security Agency released a document in April 2011 about "Best Practices for Keeping Your Home Network Secure." The document is 10 pages long and goes into greater detail, but I have outlined the many topics. There are some important ideas suggested and worth considering for your home network. 

1. Migrate to a Modern OS and Hardware Platform
   Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP.
2. Install a Comprehensive Host-Based Security Suite
   A comprehensive host-based security suite provides support for anti-virus, anti-phishing, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. 
3. Limit Use of the Administrator Account
   The first account that is typically created when configuring a Windows host for the first time is the local administrator account. A non- privileged "user" account should be created and used for the bulk of activities conducted on the host to include web browsing, email access, and document creation/editing. 
4. Use a Web Browser with Sandboxing Capabilities
5. Update to a PDF Reader with Sandboxing Capabilities
6. Migrate to Microsoft Office 2007 or Later
   If using Microsoft Office products for email, word processing, spreadsheets, presentations, or database applications, upgrade to Office 2007 or later and its XML format for storing documents.
7. Keep Application Software Up-to-Date
8. Implement Full Disk Encryption (FDE) on Laptops

1. Maintain an Up-to-Date OS
2. Keep Third Party Application Software Up-to-Date
3. Limit Use of the Privileged (Administrator Account)
4. Enable Data Protection on the iPad
5. Implement FileVault on Mac OS Laptops

1. Home Network Design
   The Internet Service Provider (ISP) may provide a cable modem with routing and wireless capabilities as part of the consumer contract. To maximize the home user's administration control over the routing and wireless device, deploy a separate personally-owned routing device (a) that connects to the ISP provided router/cable modem.
2. Implement WPA2 on Wireless Network
3. Limit Administration to Internal Network 
   Administration of home networking devices should be from the internal-facing network.
4. Implement an Alternate DNS Provider
5. Implement Strong Passwords on all

1. 1. Traveling with Personal Mobile Devices
   a. Mobile devices (e.g., laptops, smart phones) should utilize the cellular network
   b. Regardless of the underlying network, users can setup tunnels to a trusted VPN service provider.
2. Exchanging Home and Work Content
3. Storage of Personal Information on the Internet
4. Use of Social Networking Sites
   A good recommendation is to periodically review the security policies and settings available from your social network provider to determine if new features are available to protect your personal information.
5. Enable the Use of SSL Encryption
6. Email Best Practices
   a. In order to limit exposure both at work and home, consider using different usernames for home and work email addresses.
   b. Setting out-of-office messages on personal email accounts is not recommended
   c. Always use secure email protocols if possible when accessing email, particularly if using a wireless network.
   d. Unsolicited emails containing attachments or links should be considered suspicious. 
7. Password Management
   Ensure that passwords and challenge responses are properly protected since they provide access to large amounts of personal and financial information. Passwords should be strong, unique for each account, and difficult to guess. 
8. Photo/GPS Integration
   Many phones and some new point-and-shoot cameras embed the GPS coordinates for a particular location within a photo when taken. Care should be taken to limit exposure of these photos on the Internet Enhanced Protection

1. Enhanced Wireless Router Configuration Settings
   Additional protections can be applied to the wireless network to limit access. 
2. Disable Scripting Within the Web Browser
3. Enable Data Execution Prevention (DEP) for all Programs
   By default, DEP is only enabled for essential Windows programs and services.