As I sit here, recovering from multiple surgeries over the past couple of months, I have had some time to tinker with my network at home and get a few things done I've been meaning to do for a while.
1 - Update the home SMB switch to the latest firmware? - Check!
2 - Brush the cats? - Check!
3 - Cleanup the old Download folder? - Check!
4- Read my ever expanding "Articles to Read" list? Check!
5 - Wash the car? - Check!
6 - Laundry? - eh...getting there.
Article that caught my eye
One of the articles which caught my eye was an article I posted here on the site about all the Ransomware running around and how many people got caught-up in it.
I have never been hit with that type of malware (knock on wood) but I do protect my home network with a few layers of protection.
1 - I never (ever) run off the wireless my ISP router provides. NEVER. One, if you are a COMCAST customer, COMCAST will share your home router as a "hotspot". They utilize the GUEST network and SWEAR know one can ever get into your home network without authorization. Uhhhh....please forgive me if I am a little leery of that statement. I ALWAYS use a secondary wireless router and off-load the wireless aspect of the router to one I can FULLY control. I then login to the ISP router and turn off wireless all together.
2 - All of my Systems have AV AND a paid subscription to Malwarebytes. Period. Yes, I know they offer a "free" version but that version has to be run manually. The paid version runs as a service and constantly runs in the background allowing constant protection. I find this kind of protection well worth the fee.
3 - DNS protection - All my routers and PC use a protected DNS service. Using one of those services provides a lot of protection you don't even see. For instance: say you happen to type in www.amazin.com - well, that's the wrong URL and someone might have bought that URL and as soon as you hit the page that page tries to load some sort of malware on your system. If you use one of the protected DNS services, that URL is automatically redirected, at the DNS server, to the correct URL which is www.amazon.com.
Here's a quote from Open DNS: Utilizing our global network, which sees 2% of the world’s Internet requests, we have engineered a predictive security solution that anticipates and stops malicious activity before it threatens your network.
**Again, I am not promoting Open DNS at all here. But, as you can see, when you use a "protectd" DNS service they are protecting you. Why not use it? It's free!**
This article is not a "use Open DNS" article at all. It's also not an article on how bad ISP DNS services are. Actually, ISP DNS services are pretty good but, when you use one of the, as I call them, "protected DNS services" this is all they DO! All they DO is DNS which, in my opinion, makes them WAY better at blocking the bad guys than any ISP could. At it's core, this article is simply pointing out another layer of protection you can use to protect yourself against the "bad guys."
So, would you like to try it out? Would you like to see if maybe, just maybe, you're web browsing is faster? Cool. Let's give it a go!
First off, everything I am about to show you is completely reversible. ZERO harm will come to your computer. You can reset all these settings in just a few seconds.
- Windows 10 Users: In the Search the web and Windows box: Type Control Panel. Select Control Panel Desktop App
- Windows 8 Users: Use the search and type "Control Panel"
- Other Windows Users: Start - Settings - Control Panel
- In the Control Panel, select: Network and Sharing Center - double click it.
- In the left hand pane select: Change Adapter Settings.
- Double click: Ethernet Connection
- Click the Properties button
- In the window which opens, Highlight (just highlight, DO NOT UNCHECK THE BOX, TCP/IPv4
- Once you have it highlighted, click the Properties button.
- Now you are in your Network settings (see screenshot below)
- Select the button: Use the following DNS Server
- The area will highlight and you can now enter in alternate DNS servers you want to use.
- Let's use OPEN DNS (at the end of the article I will show you a list of all the ones you can use if you prefer to nor use OPEN DNS) for now.
- Look at the screen shot below and fill in the areas I have filled in. DNS: 220.127.116.11 · 18.104.22.168
- Once you have entered in all the info, just like I have above, select OKAY.
- Close all the remaining windows you had open to get to the Network settings.
We have one more things to do. We need to "flush" the current DNS cache so the new server will be used.
- Open a Command Prompt and type: ipconfig /flushdns (some of you might need to run it as "Administrator". Click here for how to do that.)
You should see the following:
Now that you have accomplished that, close the command prompt and start browsing.
**If you have any issues at all (nothing on the web works), simply follow the steps I have above to get back to the core\default network settings, and select "Obtain DNS Settings Automatically", flush the DNS as I showed you and you will be back where you were.
As I said before, I am not "promoting" Open DNS or any other Secure DNS provider over another. I simply prefer Open DNS as I pay for a subscription (and have for years) so when I have some...questions... about where the kids might have been visiting I can use OPEN DNS and see the logs. I did let the kids know I was doing it and all of the sudden things quieted down on the old router. Huh.
As promised, I am also providing a link to an article I use when I want to play around with the DNS on my home system.
https://www.lifewire.com/free-and-public-dns-servers-2626062 - look for the word "smart, secure, safe" in the name of the DNS server. Try out more if you like.
Oh, and one more free tip: If you REALLY want to "get techy" here, see which DNS server is closer to you.
- Open the page I have listed above
- Open a command prompt and "ping" one of the IP's of the server.
- Look at the TIME (round trip from your PC to the DNS server). Whichever one comes back with the lower time, that server is closer to you and probably the one you want to use.
As the bad guys get better and better at what they do, you need to do all you can to protect your network and your family.
**This article does not cover changing your routers DNS to another DNS provider, but it can be done because I did it on my home network. Now EVERY device in the house that gets a DHCP address has a secure DNS server to query. It really does help me sleep better at night.
- Get MalwareBytes - pay the money. If you don't have the cash, get the free version and RUN IT at the very least weekly.
- Limit ANY guests who use your wireless network to the "Guest" network on your router. NEVER let them into your home\personal network. If you don't know how to do it, get the manual for your router (find the PDF on the manufacturer website) and set it up. With the holidays right around the corner you have no idea where Grandpa's phone has been. Do this!
- Make sure ALL your PC's are patched! I had a heck of time getting my kids to patch their PC's. Every time it prompted them to install the patches, they would click "delay" cause they were gaming. Check their PC's and make them do it!
- Last but not least, anti-virus. With the holidays almost all of the manufactures have some sort of multi-pc deal. Find one you can afford and get a family pack (if you have a family that is). If you are limited on funds, I use the FREE AVG. Very good.
I hope this article helped you out and you find your web browsing a little faster and secure.
Later - Digital
So, I put this up not to tell everyone to do this but more as a troubleshooting method which I had to enable to get iTunes to work correctly.
This article is something all SMB's should read. The licensing changes alone should be understood fully!