This tutorial is part of our tutorial series on WordPress Security. In the previous section of this tutorial, we showed you how to set up a computer backup system to protect your device’s valuable files and data. In this tutorial, you will learn how to add a physical layer of security between your computer and the internet to make hacking into your computer more difficult.
How To Add A Physical Layer Of Security To Your Computer
Here are several ways to add a physical layer of security between your computer and the internet to make hacking into your computer more difficult:
Use A Router
A simple and very effective way to add a physical layer of security between your computer and the internet is to use a router.
A router is a small computerized box that connects between your home network and your ISP’s (Internet Service Provider) DSL/Cable modem. A router provides wired and wireless Internet connections to all laptops, computers, tablets, and smart entertainment components within your home or business network …
Most people already use a router to connect to the Internet, but if you’re not, then it’s a good idea to consider doing so. It doesn’t have to be expensive. If you use a laptop, you can opt for a good quality wireless router.
Using a secure router will help make it harder for people surfing the web or driving around your neighborhood looking for opportunities (called ‘wardriving’) to access your machine.
If you plan to install a router, here are just a couple of things to keep in mind:
- Choose a router that offers WPA2 encryption (not WEP, or WPA). WPA2 is far more secure than the other methods.
- Avoid routers that come with built-in Wi-Fi Protected Setup (WPS) if possible. Although WPS makes it easier for non-technical users to set up their own WiFi, it also provides hackers with an easier opportunity to obtain the PIN access that would give them control of your router.
- Change the default username and password on your router.
- Keep your Service Set Identifier (SSID) Number Broadcasting on (see below).
- Allow MAC address filtering. Each Wi-Fi component has a unique identifier called the MAC address, and access points and routers keep tabs on all the MAC addresses of devices that connect to them. Many products allow owners to type in the MAC addresses of their equipment, so the network will only allow connection from those approved devices.
- Position the router appropriately. If you work from home or in a densely populated area, just be aware that Wi-Fi signals can leak outside your home or business premises. Try and determine how far the signal reaches and position your router in the center of your home or office to prevent the signal passing across streets or into different neighborhoods.
- Disable Wi-Fi auto-connect. Most computers have a setting that allows them to connect to any open wireless network. Disable this setting and always connect directly to your home or office network. Use the auto-connect only if necessary, such as during temporary situations (e.g. when traveling), or if you are working in secured premises.
- Assign fixed IP addresses to wireless devices. If possible, turn off DHCP and assign a static IP address to your computer. Although DHCP is easier to configure, it is also easier for hackers to find IP addresses and intercept. Use a private range for the IP address so the computer is not vulnerable to being reached from the Web.
- Enable the firewall on your router. In addition to a firewall on your computer (see below), make sure that if your router has a firewall, it is enabled. This will offer an additional level of protection and security.
An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other. The SSID on wireless clients can be set either manually, by entering the SSID into the client network settings, or automatically, by leaving the SSID unspecified or blank.
Some newer wireless access points disable the automatic SSID broadcast feature in an attempt to improve network security. This, however, will not deter hackers, and may even provide them with an opportunity to lure unsuspecting users into logging into a false WiFi network disguised as the access point with the SSID turned off.
Use A Firewall
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet …
(source: Microsoft.com – What Is A Firewall?)
Without a good firewall, viruses, worms, Trojans, malware and adware can all easily access your computer from the Internet.
To learn more about protecting your computer from viruses, worms, malware, adware etc., see the tutorial below:
Microsoft Windows comes with a built-in firewall, but depending on your security needs, you may also want to consider adding a physical firewall to your computer setup.
Firewalls – Hardware Vs Software
There are benefits and differences to consider between using hardware and software based firewall programs.
For instance, a hardware-based firewall:
- Provides a “first line of defense” against common forms of attack coming from the outside world.
- Can generally be effective with little or no configuration.
- Protects every machine on a local network.
One of the downsides of using a hardware-based firewall, however, is that it typically only recognizes and blocks bad stuff coming into your system; it often can’t tell if bad stuff (like an email virus) is going out of your computer.
A software-based firewall, on the other hand, runs directly on a computer, and so:
- It knows a lot more about the traffic coming in and out,
- It can tell whether the traffic is legitimate or malicious (by consulting a regularly updated database).
- It can allow or block a program’s ability to send and receive data, or ask you to confirm whether to allow or block if it isn’t sure about the nature of the program.
In a nutshell, a software firewall is able to take a closer look at malicious traffic and intercept it before it leaves your computer.
The main downside to software firewalls is that they only typically protect the machine they’re installed on, so you would need multiple licenses to protect multiple computers.
Use An Encrypted Virtual Drive
Modern technology makes it possible to encrypt all of your online activities (e.g. what videos you watch online, what files you download, who you chat online with, etc …), so it’s no surprise that you can also encrypt data on your computer.
If you need to take computer security to a level where you really want to make it difficult for anyone to access sensitive information such as logins, bank account details, financial data, legal documents and correspondence, etc., then you should consider saving your files to an encrypted virtual drive (EVD).
EVDs require entering a correct passphrase or password in order to encrypt data and access the encrypted information. Without the correct password, all encrypted data will remain encrypted or unintelligible to those viewing it.
You can encrypt an entire disk drive or just some files. If you only encrypt some files, sensitive information can still be leaked through other areas, such as your browsing history, system logs, and temporary files. If you encrypt the whole disk and forget your password, then you will have to reinstall everything.
For this reason, we recommend keeping only the most sensitive data on an encrypted drive while you work, and making a regular backup of those files on an unencrypted drive and then storing the unencrypted drive in a remote location.
If you use Windows, you can create a virtual, encrypted drive on your computer by simply configuring some internal settings. See the link below for a tutorial on how to do this.
To learn how to create and encrypt a virtual hard drive using Windows , visit the site below:
You can also purchase external drives and encrypt these using software.
Here are some popular encryption software programs:
USBCrypt encryption software is specifically designed to protect removable USB drives with passwords.
USBCrypt is easy to use and offers a wizard-style interface that guides you through the steps of selecting a password and encrypting your external USB drive. USBCrypt lets you encrypt external drives with strong encryption algorithms .
Drives protected with USBCrypt can be used with other Windows computers without USBCrypt software installed on them, as well as other types of external drives, such as FireWire drives, Zip drives, and other types of rewritable drives. USBCrypt also offers the option of creating a “spare key” file on your main computer, which you can use if you forget your encryption password.
To learn more about USBCrypt, visit the site below:
TrueCrypt is a popular open source software that provides automatic, real-time (on-the-fly) and transparent encryption.
TrueCrypt can create a virtual encrypted disk within a file and mount it as a real disk, encrypt an entire partition or storage device such as USB flash drive or hard drive, or encrypts a partition or drive where Windows is installed.
Screenshot tutorials on how to create encrypted drives are provided in the software site’s documentation section.
Development of TrueCrypt was discontinued back in 2014 and has subsequently not been maintained. A number of security flaws have been uncovered and as a result, we recommend looking at the list of free alternatives provided below:
To learn how to migrate existing data encrypted by TrueCrypt, visit the site below:
Now that you know how to add a physical layer of security between your computer and the internet to make hacking into your computer more difficult, the next step is to learn how to harden your computer security.
To learn more about hardening your computer security, see the tutorial below:
See Also …
- Computer Security Guide For WordPress Users
- Creating A Computer BackUp System
- Keeping Your Computer Operating System Up-To-Date
- Additional Computer Security Tips
- SSID – Service Set Identifier
- What Is A Firewall?
- Firewalls – Hardware vs Software
- How To Create A Virtual Hard Drive In Windows 7
- Using Virtual Encrypted Disks Over Windows Partitions
- TrueCrypt Is Discontinued. Try These Free Alternatives
"If you're new to WordPress, this can stand on its own as a training course and will stay with you as you progress from beginner to advanced and even guru status." - Bruce (Columbus, Ohio)