From time to time, I look for home/small office network & PC security tips/guides. Some are OK, but a lot tend to descend into paranoia before really getting to grips with the basics. So, here are a few thoughts of mine that might help to get you started.
To start with, we'll look at how your PC is connected to the internet. As a user that fits into the category I'm aiming this at, you'll probably have a broadband router that your ISP provided with their 'package'. This probably has vulnerabilities that need to be addressed. The first thing to change is the default admin user password. When you connect your router to a PC via an Ethernet cable and type in the appropriate IP address or URL into your web browser, you'll either be asked for a user/password or will be presented with a basic info page with links that require a password to open. This password is usually a default one that's the same for all routers from that ISP/manufacturer and is probably something stupid like 'password' or 'admin'. Find the option to change the password and change it to something nice and secure! Also, find out how firmware updates get applied to your router and make sure it's up to date. If your router is a Wi-Fi model, make sure it's set up to use the best encryption you can use on your intended network taking into account the devices that will be required to connect to it.
With the network side of things pretty much sewn up (You might want to come back to it later...) we'll move on to your computer. A fundamental point to consider is how secure/vulnerable the operating system and software is that you will be choosing to use. How well you choose at this point will have a bearing on how much you need to be concerned about potential breaches later on. If you intend to go with a system and software that you are familiar with through work/school etc. then in all probability you're trading off familiarity against security. The reasoning behind this is twofold. Firstly, the ubiquitous desktop operating system and it’s associated applications are not as secure by design as your other options. My personal recommendation would be to choose open source wherever possible as “given enough eyeballs, all bugs are shallow.”
The next point is when setting up your machine, choose reasonably secure passwords. There is a lot of advice available about choosing passwords. Suffice to say, choose something with numbers and letters in that’s not too easily associated with you. Make sure you set up user ids for day to day use separate from admin/root that is only to be used for making system wide changes such as installing software, performing backups etc. Don’t be tempted to take the ‘easy’ way out by using your admin/root user for the day to day stuff. You could end up regretting it…
Once your system is up and running, make sure that you apply any available updates! Make a regular point of checking that your system remains up to date. If it ever gets to a point where security patches are no longer available, switch to an operating system that is supported. As and when you want to install new software make very sure that it is from a reputable source. Ensure you keep your applications up to date. On some systems this means, as a rule, stay with the official repositories as you will (Or at least should.) benefit from both a trusted source and security updates when these become available.
On those systems where it is deemed to be necessary, install an anti-virus/malware solution. On UNIX type systems, I’d recommend an a/v app be installed if there is likely to be a need to scan files that are to be sent to or received from a Windows machine. Similarly, install some sort of firewall. On Linux machines, something like Firestarter or Guarddog could be used to ‘automagically’ configure iptables if required. To see how visible your network is to the outside world, visit a site like Gibson Research Corporation and perform a test with ShieldsUp or the equivalent to check all your ports are either closed or preferably stealthed. If any are open, make sure you know why and have taken steps to secure them. It’s at this point that you may need to go back to your router (If that is how you connect to the internet.) and do a bit of tidying up. If you have a NAT router then you should be able to control how visible your local network is.
Congratulations! At this point you should have a system that is better secured than average. All that remains is for you and your users to remain vigilant by considering the reputability of any websites you visit and anything you download. Be careful of email attachments and mails that could turn out to be ‘phishing’ attempts. There are other, more advanced measures you can take but as mentioned you should be in a better than average state to start from.