Information Security health check

This checklist will help you find and eliminate some insecurities easily, allowing you to concentrate your resources on more difficult problems. Note that being able to tick every item on the checklist does not guarantee security of your information, just as you don't necessarily have a problem just because an item remains un-ticked: the checklist is only a first step but certainly an important one.

If you need more detailed explanation of any items on this checklist, or more information about the implications of your results, contact Mark L Pappin (or on +1 615 422 5657) for a free followup consultation. Mark also provides personalised advice, assistance, and consulting services for $100 per hour.

Note that this checklist is appropriate only for common home or small-business computer networks and equipment. If what you've got doesn't fit here, then you might still get some value from the list, but you don't qualify for the free followup.

Hardware

Some devices implement several of these functions within a single box.

Modem
Firewall / Router
Wireless Access Point
Ethernet switch
VoIP Analogue Telephone Adaptor
Print sharer
Network Attached Storage device
IP camera
media centre
games console
ebook reader
smartphone
desktop / laptop PC

Every hardware device

These checks should be performed on every separate device.

update firmware to latest version
change admin password from the default

use a "good" password
whatever you do, don't use one of the 25 worst passwords of 2015

Backup the configuration to a file on your PC.

Firewall / Router

As the point of contact between inside and outside, the Firewall / Router can not only protect you against attack from the outside world, it is also the best place to protect the outside world from any problems which may affect your systems despite your best efforts.

select a non-default IP address range aa={0..255} bb={16..31} cc={0..255}
enable firewall with packet filter

default deny
allow all ICMP in and out
allow NTP UDP port 123 in and out
allow DNS TCP/UDP port 53 in and out
block SMB TCP/UDP ports 135, 137, 138, 139, 445 in and out
block SMTP TCP port 25 out, except to your ISP's email server
block Telnet TCP port 23 in
block SSH TCP port 22 in
block FTP TCP port 21 in
block SIP TCP ports 5xxx in
disable UPnP

Backup the configuration to a file on your PC.

Wireless Access Point

Protect yourself against laptops in parked cars.

enable WiFi Protected Access (WPA2) with Pre-Shared Key (PSK)

use a long key (password)
use a use a "hard" key ("good" password)
whatever you do, don't use one of the 25 worst passwords of 2015

select a non-default SSID
enable MAC address filtering to limit allowed wireless clients
reduce WiFi transmit power

Backup the configuration to a file on your PC.

PC software

The most configurable device is often also the most vulnerable. Fortunately it also has the widest range of protective measures available, many of which are free of charge.

choice of Operating System, like Ubuntu Linux, Fedora Linux, or FreeBSD, for example.
latest updates from the Operating System vendor, like MS Windows Update, Ubuntu upgrades, Fedora updates, or FreeBSD updates.
up-to-date anti-virus like ClamAV or avast! Free or AVG FREE
message encryption like GnuPG
disk encryption as discussed in this article
remote-backup like BackBlaze or SpiderOak
alternate web browser like Firefox, Chrome, or Opera
alternate email client like Thunderbird
secure command tool like PuTTY

Backup all documents (and saved device configurations) on your PC to at least 2 different external devices.

General

Ultimately, breach of Information Security is not a problem caused by or solvable with technology. The weakest link is often a human with legitimate access but inadequate knowledge.

know about each wired device permitted on the network
know about each wireless device permitted on the network
know what information is stored
know who should, and who should not, have access to that information
be aware of vulnerabilities
be aware of types of attack

Why is Information Security important?

In a perfect world, where everyone behaved in a way that benefits others at all times, there would be no need for information security, or for locks on doors either. It's important to keep information secure because of the bad things that can happen if we don't.

Securing information can be thought of as maintaining 3 properties:

Confidentiality

information is not disclosed without authority
Integrity

information is not modified without authority
Availability

access to information is not withheld without authority

IP addresses

The common subnet mask of 255.255.255.0 will be used here.

192.168.cc.xx
cc can be any value from 0 to 255. Select a value at random from 2 to 254 inclusive.

Most consumer devices use 192.168.0.xx or 192.168.1.xx.
172.bb.cc.xx
bb can be any value from 16 to 31. Select a value at random.

cc can be any value from 0 to 255. Select a value at random.
10.aa.cc.xx
aa can be any value from 0 to 255. Select a value at random.

cc can be any value from 0 to 255. Select a value at random.

Each device on the network needs a unique address with xx between 1 and 254 inclusive. A common convention is to use either the first or last valid address (xx = 1 or 254) as the IP address of the Firewall / Router, and have each other device on the network configured to use this as its "default gateway".

Google security survey results

Fine print

All services here are provided on a best-effort basis with no guarantee beyond statutory warranties unless otherwise previously established by contract.

If any supplied service does not meet your expectations, contact Mark as soon as possible to discuss rectification or refund. A full or negotiated partial refund will be offered if rectification has already been attempted and you are still not satisfied.

These web pages are hosted on . I also use Free DNS. Markup validated as and .