Security Update: Why Malware Protection on a Device is Not Enough
There are several different names for security software you can install on your devices. Malware protection, anti-virus, and endpoint protection are a few more common ones and each is slightly different so it is important to know the differences when you purchase one. Having some form of malware protection is extremely important when it comes to the safety of your device. However, simply having malware protection is not enough.
This post discusses a security update, including some information you might not have thought of, and why malware protection on a device is not enough.
Security Update: Why Malware Protection on a Device is Not Enough
Malware protection is very important in protecting your local device, but the reason it is not enough is because everyone should have layers of protection that begin much sooner.
Think of all the protections you take with a car or home. Sure you have insurance in case something unavoidable happens, but there are lots of other things you also do to protect this investment. With your car, you make sure you are paying attention while driving, you keep the windows clean and free of debris so you can properly see out them, you maintain proper air pressure in your tires and rotate them regularly, you check your brakes and rotors. All of these things are done even though you have insurance and these are helpful to prevent you from needing that insurance.
The same principles apply to your computer devices, in other words, you should add layers of protection that are working before unauthorized users or applications can even see your device. This starts with your firewall or router, the device you have that provided internet access to your business or home. This device often has built-in protections you can enable and there are also simple things you can do to add security.
Passwords
Change the default password on the firewall or router that connects you to the internet. Where possible, change both the user id and password. Leaving these as the defaults allows nearby users to attempt these standard account credentials and possibly gain access to your network. This is probably the most overlooked item that people can do to better secure their network and it can usually be accomplished in less than 10 minutes.
WiFi/secondary networks
If the device also provides wireless, there are several things you can do to add layers of security. The reason it is so important to add security to WiFi is because it is being broadcast and does not necessarily stop at the walls of your home or office. Other people within the vicinity can find your network and try to gain unauthorized access to it. Once they are on the network, they can scan to see all the connected devices and then try to hack into those.
- The first thing you should try to do is update the default wireless SSID broadcasted by the device. These typically include the name of the device or the name of the provider, etc., but most devices will let you modify the name. Do not use your last name or address when updating the name, instead use something that another person could not use to identify it belonged to you.
- The second thing you should consider is setting your wireless network to not broadcast its SSID. You will still be able to connect to the network, you would simply need to enter the SSID and password to connect to it. The benefit is that only you and those you shared the SSID with would know it was there which reduces the chances someone might try to gain access to it since they cannot see it.
- The last thing you should try to do is to split your wireless networks. It is a really good idea to split your wireless networks into at least two different networks so that you can put devices that you store and access critical data on one, and smart items like appliances or visitors on another. This helps protect the environment with the most important data by separating it from the other network. Smart devices are famous for not having strong security so this adds a layer of protection.
Other possible settings
There are lots of other settings that may be possible for you to implement, and which ones you have will be dependent upon the type of device you have that connects you to the internet. A home user device will not have the same security settings available as an enterprise device, but the more security settings you take advantage of, the better off you will be.
- Block IP addresses after failed login attempts - this setting allows you to set a specific number of acceptable failed login attempts before blocking the user's IP address. Additionally, you can usually control how long the person is locked out for, whether in minutes, hours or days. This setting is a good deterrent against hackers because it will take much longer for someone trying to hack into your network than if they have unlimited attempts without being slowed down.
- Disable unused ports - there are a total of 65,536 available ports that applications can use to connect to devices. Obviously, not all of these are needed, so disabling those not in use on your network is a great way to increase your security. An internet search can provide you with the most commonly used ports.
- Enable IDS/IPS functions - intrusion detection systems (IDS) and intrusion prevention systems (IPS) are a great layer of security to add if it is available. IDS is a set of protocols that is perpetually watching for someone trying to gain unauthorized access to your network and devices. If it finds something, IPS can join in and attempt to stop this attack. When correctly implemented and configured, these two work in cooperation.
- Use DNS filtering - products like Cisco Umbrella are DNS filtering services that check DNS queries made when user's click on links to verify they are not sending the user to a known bad site.
Malware protection is an important layer of security for your devices, but there are other layers you should also add. The device that provides internet access to your network should also be secured. This includes changing the default user id and password, updating the wireless SSID or not broadcasting it, and having multiple wireless networks and separating less secure devices. Additionally, where available, block IP addresses after failed login attempts, disable unused ports, enable IDS/IPS functions and use DNS filtering. Any layers of security you add to your network will make it harder for users to gain unauthorized access and better protect your data.
As always, spending some time to become familiar with the security options of a device can save lots of time later by protecting your data!