Defense in Depth is a security strategy that focuses on having multiple layers of protection for your network and computers. The theory is that if one layer is breached, there are still more protection layers in place that an attacker must go through before they get to your computer. Each layer slows the attacker down as they try to overcome it. Hopefully the attacker will either give up and move on to another target or they will be detected before they can achieve their goal.
So how do you apply the concept of defense-in-depth strategy to your home network?
You can start by building virtual layers of protection for your network and the computers and other network devices behind it.
1. Purchase and install a Personal VPN account to a VPN-capable wireless or wired router
Virtual Private Networks (VPNs) allow for the encryption of all the traffic entering and leaving your network. They allow you to create a encrypted tunnel which can protect your privacy, provide anonymous browsing and have other great features as well. VPNs aren't just for rich corporations anymore. You can purchase a personal VPN account for as little as $5 a month from sites such as StrongVPN, WiTopia, and OverPlay.
The more sophisticated VPN providers allow you to install their VPN service on your VPN-capable internet router so that every device on your network is protected. Since the router does all the encryption and decryption work, you don't have to install VPN clients or reconfigure any of your PCs or mobile devices. The protection is virtually transparent, you won't notice anything except for some delay caused by the encryption and decryption process.
2. Secure Your DSL/Cable Modem behind a Router with a Firewall
Whether you opt for a VPN account or not, you should still use a network firewall.
If you only have one computer in your home and it's plugged directly into your ISP's DSL/Cable Modem then you are asking for trouble. You should add an inexpensive wired or wireless router with built-in firewall capability to provide you with an additional outer-layer of protection. Enable the router's "Stealth Mode" to help make your computers less visible to attackers.
3. Enable and configure your wireless/wired router's and PC's firewalls.
A firewall won't do you any good unless it's turned on and configured properly. Check your router manufacture's website for details on how to enable and configure your firewall.Firewalls can prevent inbound attacks and can also prevent your computer from attacking other computers if it's already been compromised by a malware infection.
You should also enable the firewall provided by your computer's operating system or use a third party firewall such as Zone Alarm or Webroot. Most computer-based firewalls will alert you of applications (and malware) that are trying to communicate to devices outside of your network. This could alert you to malware trying to send or receive data and allow you to shut it down before it does any damage. You should also periodically test your firewall to make sure it is doing its job
4. Install antivirus and anti-malware software
Everyone knows that virus protection is one of the basics that no one should be without. We all groan at paying $20 a year to update our antivirus software and many of us let it lapse. If you don't want to shell out cash for AV you can always opt for some of the great free products that are available such as AVG and AVAST.
Besides antivirus software you should also install anti-malware software such as MalwareBytes which checks for malware that is commonly missed by many antivirus programs.
5. Install a second opinion malware scanner
You should always have a secondary malware scanner because even the most popular antivirus / anti-malware scanner can miss something. A second opinion scanner is worth its weight in gold, especially if it finds something dangerous that your primary scanner missed. Make sure the secondary scanner is from a different vendor than your primary scanner.
6. Create strong passwords for all your accounts and network devices
A complex and lengthy password can be a real turn off to a hacker. All your passwords should be complex and long enough to avoid being broken by hackers and their rainbow table password cracking tools.
You should also ensure that your wireless network access password is not easily guessable. If it's too simple, you could end up with hackers and/or neighbors getting a free ride from leeching off your internet connection.
7. Encrypt your files at the disk and/or OS level
Take advantage of your OSes built in disk encryption features such as BitLocker in Windows, or FileVault in Mac OS X. Encryption helps to ensure that if your computer is stolen that your files will be unreadable by hackers and thieves. There are also free products like TrueCrypt that you can use to encrypt partitions or your entire disk.
There is no one perfect network defense strategy, but combining multiple layers of defense will provide redundant protection should one or more layers fail. Hopefully the hackers will get tired and move on.