Advanced Security

Update March 2020

This section is not for beginners but have a read anyway. I’ve already covered the basics of having Antivirus and preferably an Internet security suite. If you are running Windows 10, IMO, you don’t really need any other antivirus or Internet security suites because Windows 10 security looks after the security in a “holistic” manner.

Advanced security is mainly about “layered Security” but it is not all that difficult. If you have read the “Basic Security” bit, you will see me talking about having the door of your home open for all and sundry to just walk in invited or not. Ok, when it comes to computers you might not know that they don’t have just one door; they have 65000+ doors which can all be considered “back doors” e.g. doors that can be got in with just a little knowledge.

The doors on a computer are actually called “Ports”. A lot of these Ports are legitimately used as part of the normal operation of your PC when connected to a network such as the Internet, I could go on and bore you to tears but I won’t. The way to protect those Ports (open doors) is to close them – that was easy!  Unfortunately some Ports have to be left open for legitimate network traffic so what you need is a sentry or doorman standing guard at these doors. The sentry would in effect check the credentials of anyone trying to come through the door (port).

The way you would do that is to have something called a “Firewall”.(built-in to Windows10)  At the most basic level your PC would have a firewall as part of an Internet security suite that you have installed (Windows 10 has this built-in) but that is only one layer of defence.  At the advanced security level, you would have a separate Firewall. You would of course also have secure passwords and carry out the free common sense actions that I’ve talked about in the basic security.

Ideally your ISP would provide you with something called a router / Internet Gateway and if you are lucky the router will include a built-in Firewall which basically closes all Ports to incoming network traffic but allows legitimate traffic through. This system could be described as “Border protection“. Think of it as having a sentry on your garden gate and then the security you have on your PC would be like having a sentry on the door to your house so there you have a 2 layer protection.

Most ISPs now supply WiFi routers (we will ignore the security pitfalls of WiFi for the time being) and most of these have a built-in firewall. Unfortunately some of the really basic (not always cheap) WiFi routers only have very basic Firewall facilities (NAT see firewalls) but the better ones are more configurable to allow you to get the best security.

If your ISP don’t provide a router (WiFi or not) or the router is very basic; you have 2 choices.

  1. Buy a router with combined firewall, WAP and 4 port switch.
  2. If the ISP provided router is very basic, you could use that and then build your own firewall by using an old PC.

Visit the Firewalls page for little more info.One of the advantages of having a router with built-in 4 port switch and WAP is that you can share your Internet connection with several PCs. (A lot of households tend to have more than one device they need to connect to the Internet and WiFi is now the most often used. If the router / Internet gateway doesn’t have a WAP (Wireless Access Point) you can get a stand-alone WAP and use an Ethernet cable to connect it to the router.

When choosing a router /Internet Gateway, look for something called SPI (Statefull Packet Inspection) – no don’t ask it will take a while to explain that! In addition look for “Content filtering“, this allows you to filter out websites with undesirable content.

If you fancy building your own hardware firewall, hop over to Free Hardware Firewalls.

So to recap :- Advanced security is all about “Layered Protection”. Your ISP supplied router / Internet Gateway would be layer 1 (Border protection). If you then had a “free” hardware firewall, that would be layer 2 (LAN Protection), if you then made use of the “software firewall” (built-in to Windows and Linux) that would be layer 3 (Device Protection) Provided that everything is setup correctly, your devices would be very well protected against intruders.

Note, Firewalls have some use in protection against malware / viruses but an Anti Virus/ Anti Malware product would need to be used in addition to the firewall.(Windows 10 has this anti virus/anti malware built-in)

Have fun.