Safe at Home: CISOs on Security for Home PCs and Networks

CISOs are always pushing computer security policies. We asked three of them to forget the policies and show us how they handle security on their own home computer systems.

Don't overlook: "When I'm at conferences, I generally do not trust 'shared computers' that are available for e-mail in cybercafÃ©s."The Kid Factor "We watch our kids when they surf. Our computers are in common areas like our kitchen. I encourage my kids to ask questions, and I've taken them through some basic training on dos and don'ts. My daughters chat only with known friends and not strangers online. I find my war stories from work have a big effect on their online behavior. They know where they are allowed to go, and that's where they stay. I also show them newspaper articles and occasionally take them to security conferences with me. They become ambassadors for safe online behaviors at their schools and with friends."

3. CISO of a health-care company in the Midwest

Complexity Breeds CautionOur third CISO has the most complex home computing setup and takes the greatest pains to keep intruders out. He pays detailed attention to each family member's computing needs and tailors his security setup to allow or ban various types of traffic. His setup may not seem practical for any but the most sophisticated computer user. Then again, anyone who needs a complex home network should be willing to invest the time to learn how to secure it.The SetupWhat he has: Three desktops, one personal laptop and one business laptop. Home systems run Windows XP Home Edition and Netscape Web browser.

How he connects: Cable broadband. Connects to work over a clientless, SSL-protected VPN. Home network is principally wired, but the laptop connects via WPA-TKIP (a version of Wi-Fi Protected Access with improved encryption). Network equipment includes Netgear FR114P firmware firewall in network box in basement, Netgear five-port hub and a Netgear wireless access point with virtual private network.

About the family: All family members use the computers and network. They shop extensively, bank and pay bills online. CISO doesn't allow instant messaging.

How he handles backups: CDs, flash disks, 2GB Iomega Jaz drive disks. Weekly backup of all security tool configurations.Tech TalkUses Spybot Search & Destroy, ZoneAlarm Pro, Ad-Aware SE Pro, SpyCop, AdSubtract Pro, Active Ports, Norton AntiVirus and Internet Security suite on laptop.

Does extensive tailoring and granular identification of acceptable traffic/activity to meet needs of family members. Default setting is "deny," meaning any type of Internet traffic the CISO has not explicitly OK'd will be blocked.

Uses Norton Internet Security as well as Netscape's filters for spam.PracticalsPasswords: Uses "temporal time key dynamic password for VPN wireless, complex transliterated foreign language phrases, more rapid changing of security device passwords." Security log-on information is different from e-business and work log-on information. Translation: Uses multiple, complex passwords and changes them frequently.