As my parents get older and so do my grand parents, I’ve found I need to implement more controls around their digital life to ensure my inheritance stays in the appropriate bank accounts 😄

All joking aside, there are plenty of consumer or open source tools that can provide a similar level of protection that we use today in the enterprise IT space to help us lock down the computers of those in our family who may be more susceptible to internet scams. The list below assumes some technical abilities or willingness to learn the products implemented but should be attainable for those also outside of the IT industry. As always, please remember: I am NOT your lawyer or financial advisor or know anything about your threat profile so please take care and ensure the option is valid for your situation.

Depending on the location of family members you may want to use solutions that have “cloud based consoles” so that you can manage a large amount of devices no matter where they are. The goal is to provide “Defense in Depth” so that if one protection fails hopefully another protection catches the malicious content. I also recommend working with your family members and going through the Digital Defense and Identify Theft Guide as well.

- DNS Resolver -

A DNS server stands for Domain Name System Server and translates a web site address, such as TheZombieByte.com to an IP address. This process, allows the browser on your computer to access information and websites hosted around the world. By setting your DNS settings on your computer or router to one of the services below you can improve the speed of your web requests as well as protect yourself from various security threats like phishing or malicious websites. These services also offer parental controls to ensure safe browsing for the family.

  • OpenDNS Home or Umbrella Prosumer
  • DNSFilter (a little more technical geared towards small businesses)
  • CloudFlare for Families
  • NextDNS
    • Super easy to setup and has apps for phones and laptops so they are are protected outside your home network

- Additional Sites to block by DNS -

Grand parents seem to be more susceptible to the scams where a criminal will need remote access to their computer to fix a problem or remove a fake virus. These generally start through a phone call or through a chat box on a illegitimate website. By manually blocking the below you can drastically reduce the likely hood that an attacker would be able to remote into your family member’s systems. While this list doesn’t cover ALL solutions, it covers some of the more commonly used products in situations like the one described. If you are using a DNS Resolver from above, like NextDNS, a block page will com up which can also provide an additional notification to the person that they shouldn’t be going to this website.

  • Remote Access Solutions:
    • *.logmein.com
    • *.simple-help.com
    • *.zohoassist.com
    • *.anydesk.com
    • *.nomachine.com
    • *.imperosoftware.com
    • *.deskroll.com
    • *.fixme.it
    • *.parallels.com
    • *.naverisk.com
    • *.syxsense.com
    • *.dualmon.com
    • *.techinline.com
    • *.securelink.com
    • *.islonline.com
    • *.netop.com
    • *.goverlan.com
    • *.sysaid.com
    • *.dameware.com
    • *.remotedesktopmanager.com
    • *.litemanager.com
    • *.screenconnect.com
    • *.devolutions.net
    • *.getscreen.me
    • *.beamyourscreen.com
    • *.nchsoftware.com
    • *.showmypc.com
    • *.iperiusremote.com
    • *.remoteutilities.com
    • *.aeroadmin.com
    • *.realvnc.com
    • *.uvnc.com
    • *.remotedesktop.google.com
    • *.radmin.com
    • *.gotomypc.com
    • *.anyplace-control.com
    • *.remotepc.com
    • *.mikogo.com
    • *.tightvnc.com
    • *.splashtop.com
    • *.ammyy.com
    • *.logmeinrescue.com
    • *.teamviewer.com
    • *.gotoassist.com

- AntiVirus -

AntiVirus is software that is installed on your computer to prevent, detect, and remove viruses and malware.

  • Windows Defender
    • Built into windows PCs and Free
  • Bitdefender
  • Sophos Home
  • Cylance

- Web Extensions -

These are extensions you can install into Chrome, Edge, and Firefox to improve your web browsing experience.

  • uBlock Origin
    • Free Ad Blocker that can be customized to block ads, tracking, or specific URLs.

- Email Protection -

Add additional protections to emails so that if a phishing email is sent to someone in your family, they are less likely to click on the malicious content. While a lot of the free email services do their best to protect you against scams and malicious emails, those that offer a subscription or smb tier often have additional functionality or access to premium block lists.

  • Microsoft 365 Family
    • Requires a outlook.com, hotmail.com, live.com, or msn.com account
    • Provides Message Encryption and you can send email/attachments that are password protected or prevent them from being forwarded to someone else
    • Scans attachments for viruses and malware against their premium service instead of the free consumer service
    • Enables SafeLinks, which rewrites the URL in emails allowing Microsoft to check if the link is malicious or likely to download viruses or malware onto your computer before sending you to the website.
    • You get the benefit of having the full Office suite available on all you devices
  • GMail is one of the few services whose phishing protection is the same on the free tier as it is in their premium Google Workspace service. While the phishing protection is excellent, they don’t have any URL rewrite ability to check for malicious links.

- Backups -

No matter how many protections you put in place, at some point someone in your family will eventually get infected with a virus, malware, or ransomware. In situations like this having an automated backup of all your documents, pictures, videos and music will allow you to completely restore the computer to a known safe state without losing those important documents.

  • CrashPlan
  • BackBlaze
  • Dropbox
  • OneDrive
    • If you have Microsoft 365 Family from above you get 1TB of space (per person) and it seamlessly integrates with the windows platform to automatically backup the files you select.
  • Synology Nas or USB drive
    • You can use the built in windows or mac utilities to backup to an external drive on a schedule.
    • Caution: IF you don’t have the device connected 24/7 you may not always have the latest backup on the device. However, IF it is always connected, it may also be at risk of infection if ransomware or malware hop to it.

- Password Managers -

A Password Manager is a secure place to store all your passwords. They help generate strong and unique passwords for all of your online services. For an overview of why passwords should be long and unique please watch this wonderful excerpt from an interview of Edward Snowden by John Oliver (https://youtu.be/yzGzB-yYKcc). The gist of the interview is that you should be leveraging passphrases (15 characters or more) for all your online accounts and each account should use a unique password that way if one service is compromised none of your other accounts are easily compromised. In addition many password manager services also have services that will notify you if one of your accounts has shown up in a breach. They also have web browser extension that will auto fill the username and passwords for you into the appropriate forms when logging into websites. The Password to your Password Manager needs to be passphrase that you can easily remember but strong, since it is guarding all your secrets.

  • Dashlane
  • Bitwarden
  • 1Password
    • Really good family option where you can have a personal vault and a shared family vault

- MFA Apps -

Multifactor or 2 Factor Authentication helps protect your accounts if your password becomes compromised as you will need both a password and a special time sensitive code to access an account. While a code sent to you via text message is better than nothing, those can still be intercepted or spoofed. If you have a designated authenticator app then the codes stay local to your device and work even if your cellphone is not connected to the internet or the cell network.

  • Authy
  • Microsoft Authenticator
  • Duo Mobile
  • YubiKey Authenticator

- Web Cam Covers -

With the pandemic, we have moved more to interacting over video and with that getting a web cam cover is essential. For older folks it is much easier for them to physical cover the webcam during a call then to disable video in a video conferencing application. Having a web cam cover on your camera can also prevent an attacker from taking pictures of you in compromising positions when the device is located in potentially intimate places (like a bedroom), but be aware that audio could still be recorded.

- Firewalls -

There are 2 types of firewalls: Physical and Software. Physical firewalls are dedicated devices that sit between you and the internet. Software firewalls are applications installed on to your computer that monitors your connections both inbound and outbound to/from your device. I recommend turning the firewall on for all your devices and enabling outbound connections but disabling all inbound connections except for explicitly defined applications. Ideally you will have your computer both behind a physical firewall (provided by your router) and have the firewall software enabled on your computer.

  • Software firewalls
    • Windows Defender Firewall is built into Windows Devices.
      • Will prompt you to allow a connection through the firewall if needed.
    • Mac also has a built in firewall into all of its Devices as well
    • Many AntiVirus programs come bundled with their own software firewall
  • Hardware firewalls
    • Ubiquiti DreamMachine or USG
      • Has extra features for monitoring for blocklists, analytics, and often have VPN capabilities as well.
    • Any consumer router from Asus to Google Mesh to Netgear has this functionality built it and usually on by default

- HoneyPot/Deception -

Put tripwires around your digital content that can alert you if someone is accessing sensitive data on your network or your computer. The goal of this is to put a special file or link in a location that no one but you should be accessing. If the special file is open or the link is clicked, you will get an email when that the file is opened and you know someone is snooping around your computer. These honey pot files should be put in places like a Tax folder or even just in your normal documents folder. The honey pot files should also be named something that would be interesting to an attacker or a snooper, something like passwords.xls or bankinfo.docx, anything that would be enticing to open.

- More Advanced Tools -

For those who want even more control or insight into their devices. These options take addition setup and are likely unnecessary for those who are not interested in tinkering around with IT.

Domains:

Buying a custom domain name like TheZombieByte.com can provide you with a unique name place on the internet. You can purchase yourname.com (or a variation on it) for future projects you may want to host on the web or just have a vanity email address of me{@}yourname.com. This could also be used for branding later in life so that people can’t create a website in your name and use it to impersonate or slander you in the future if you plan to have a public persona in the future.

  • Namecheap
    • Custom domains for email and can provide a catch all email address to forward to a personal email account
    • Can provide a DDNS (Dynamic DNS) so that you can map a your changing home IP to a name like myhome.TheZombieByte.com
      • Great for NextDNS and connecting your home router to their service via IPv4 Link
      • Great for connecting back to your Home IP if you have a physical firewall enabled with VPN.

EDR and Logging:

Provide more detailed logging about what processes are running or connecting on your computer.

  • OpenEDR
  • Sysmon + Humio Cloud
  • Little Snitch for Mac