• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Securing home network and PC

I have a client who wants maxium protection on their PC. I believe they are being harrassed and, while wanting to be able use the internet, want to ensure they have everything to protect them and their private data from persons that might actively be trying to obtain data of any kind from them.
I have been asked to review their setup and make suggestions. While I have a generall overal good idea, I want to be as comprehensive as possible.

I will also look to do things such as encrypt hard drives and other external drives and also use things like BIOS passwords.

I believe the user would also liek to explore email encryption.
But any general pointers and soures of advice would be most welcome
  • 6
  • 4
1 Solution
with someone that wants that level of protection the basics are:

1. a router with firewall that supports stateful packet inspection.
2. strong passwords for login.
3. a whole disk encryption software such as PGP or open source programs.
3. external drives should be setup so that they can be recovered offline (usually an option for whole disk encrption software) where the private key is either stored on a USB key or the company's website.

clean computing will be the largest area of concern however. locking down your PC does nothing if you are still posting everything about yourself on public websites (twitter/facebook/myspace etc) make sure that the computer user is educated about how to limit what they post so that it cannot be used against them.
afflik1923Author Commented:
ANother area I need to explore actually, is what meaures can one take to prevent people opening up social media sites in somoene elses name.

So lets say I'm doing exactly what you suggest, don't post things on twitter etc. but someone else opens up a twitter account under my name.
I asume there is nothing one can do to prevent this other then report it if it occurs, but i there anything one can do to protect against this?
Public Information security:
Use piple, wink, jookster, and ziggs in combination with some good old fashion googling to identify any online presense that may need to be removed.
Use social mentions API to track any web 2.0 any social networking sites that mention your client.
Use tineye to reverse search any photos your client has uploaded to the net, if anyone else has these same images hosted on the net, tineye will tell you where.

PC Security:
Disk encryption, there are many products, they range in complexity, bitlocker would probably be the easiest to implement.
Local firewall, windows firewall properly confirgued should be adaquet, you'll be using a stronger network firewall.
And of course patching, patching, patching.

Mobile devices:
Disable BT
Utilize a device that supports remote wipes and multiple incorrect login wipes.
Wipe exif data off .jpg files if your device adds GPS location to it.

Wifi: Discuss the risks and benifits with your client. If they do need wifi, set it up securely, there are many guides for this available online.
Either use a router with a decent firewall, or use a hardware firewall. Again, these range in price and complexity, use your best judgement.

Need more information. Are you setting them up from scratch? If they already have a email system in place, what does it currently look like?
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

afflik1923: I addressed this under the "Public Information" section of my post. The Social mention API can let you know if this happens, then your client can take immediate legal action to get twitter, facebook, etc to remove the information.
afflik1923Author Commented:
OK good post Lordy, very useful summary of information. Looking into the public secion tools you mention now.
afflik1923Author Commented:
Actually do you have any links to the websites such as

http://www.jookster.com/ (seems to be down and read that it's now dead)
or for wink (bit hard to google that one)

http://pipl.com/ - assume this is the one you mean

Also regaring the public section of your posting bascialy you are saying for the client himself (or maybe me on his behalf) to generally monitor social media etc, for any occurance coming up where his name is mentioned and then if it does occur report it.

afflik1923Author Commented:
Also do you know if any of these tools offer the facility to alert you if someone has searched for you?

Another point is some of them seems to be US geared, if you know of any speific UK informtation that is always welcome. But so far this has been very useful.
Sorry, Awhile back I was tasked with something similiar, a small client wanted me to help them control their online image, everything in that post was kind of off the top of my head. It appears that jookster is dead. I would say for people searches the following three sites, along with google, should give you the information you need.


I have never used 192.com, but it appears to be reputable and is geared only towards the UK, check it out.

The reverse image search is http://www.tineye.com/ 

The social mention link is: http://socialmention.com/
In regards to monitoring question, you can set keywords and names, and get weekly email alerts when someone used your clients name on a blog, twitter, etc.

If you use all these tools, in combination with google, you can have a much better control of your clients online presense.
afflik1923Author Commented:
Great suff. Very much appreciated.
afflik1923: Would you mind accepting my solution and assigning a grade?

afflik1923Author Commented:
Sorry for delay. Was still continuing research in this overall area and open question helped keep it in my radar of tasks (but I really should use a todo list instead!)

Many thanks

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now