Guidelines for Home / SOHO Computers

Guidelines for Mac Home / SOHO Computers

Updated 9/29/15

In the fall of 2014 Aging Safely Inc, i.e. Dotti & I, switched from Windows Computers to Macs. It wasn’t as painless of a transition as we hoped, but it went very well. This document is a re-hash of the PC / Windows Guidelines that I have posted for years but with a Mac focus.

The following guidelines are ones that Dave Snow has developed over his more than three decades in the computer industry. Many he learned the hard way. Like everyone in the computer industry he is still learning, so these guidelines aren't perfect and are still a work in progress. These are the policies that the Snows use for their SOHO (small office home office) computers. You are welcome adopt these guidelines for use on your own computer systems at your own risk. The order here is in approximate order of importance!  

Have a Backup Plan - Follow It - Test It

If your computer has data that is valuable to you then you MUST back that data up! Data might be Music (MP3's, AACs), Photos (Jpeg's), Tax and Business Records, correspondence, email, your calendar or many other things. Computer hardware can break, computer software can have bugs, systems can get infected with a virus, and a fire or disaster can damage your system. If you don't have a backup, you will have lost that valuable data.

Today with the massive amount of data that users keep on their computers DVDs are no longer a viable backup media for many people. On our Macs we each have an external 3 TB Seagate USB3.0 drive ($119 @ Costco), 50% of it is dedicated for backups.

For smaller systems, a similar strategy to ours might be developed using DVDs or an external hard drive. Note: DVD Burners can be purchased for about $30 - $40 and External Hard Drives for $80 - $130 at www.NewEgg.comDVD-R Media is now down to $.30 a 4.7 GB disk. Backing up you computer doesn't have to be expensive - not backing it up can be VERY costly!

The following is the strategy that we use for our SOHO systems:

  • OSX (the Mac operating system) comes with a very good backup program called “Time Machine.” It backs up any files that have changed every 15 minutes. It keeps: hourly backups for 24 hours, daily backups for a month, weekly backups until it runs out of space and then starts deletes the oldest backups.  On my system I am only using about 500 MB of the 1,500 MB of backup space that I have allocated after a 18 months!
  • Time Machine backups the changes so frequently, also provides the equivalent functionally of Windows System Restore.
  • Test that the backup strategy is saving the correct files. First by looking at what is being saved. Recently I screwed up and tried to test an upgrade from OSX 10.9 to 10.10 on a spare disk. Do to my own screw-up I messed up my system disk.  All I had to do was reboot with while holding the option (alt) key down and select to restore from Time Machine’s backups.  About an hour later I was back to where I started before my error --- Painless!
  • With a good backup program, you can restore anything from a single file to all of your data. If the disk dies, you may have to reinstall the OS and applications as well then restore the data from the backups.
  • Part of the data that must be backed up at least once are the software keys and keep them with your off-site backups.

·       Since fire, lighting, theft and other “physical disasters” are possibility, I do an “offline backup” of both systems to a couple old 250-500 GB removable disks and store them in our fire safe.  I try to re-do this once-per-quarter.  It is at least a starting place, if we ever have such a disaster. Today (Dec 2014) I just did a “full offline backup” and it took about 150 GB.  This took about 90 minutes. Dotti’s system will take less space and time.

Have a Firewall to Isolate Your Computers/LAN from the Public Network

High-speed always-on broadband networks are the source of both useful information and computer hackers. Your computer should be isolated from the network by a hardware firewall. Apple’S OSX, and Microsoft’s Windows have built-in software firewalls. Anti-Virus programs often include firewalls as well. These firewalls are better than no firewall, but a hardware firewall is a far better solution. I recommend them even for SOHOs with a single computer.

Small Wi-fi routersare available from NewEgg.com or Amazon.com for about $60. If you select an 802.11b/g/n wireless router be sure to enable WPA2 encryption and select a secure password. Be sure to record this password, since you will need to input into the router and each computer on your local network. Be sure to select and set a secure password for the administrator account on your router as well. See Default Router Passwords for the manufacturer's default passwords.

Be careful with routers supplied by cable and phone companies. In my area Frontier FIOS installs all of the routers with all of the account and password information printed on the router, visible to everyone! While this is much better than leaving it blank as others often do, it is still poor security protocol, and has the potential to make it easier to hack into.

If you ever plan to use VPN into or out from your LAN, then pick an IP range that is different from every place that you might connect with. I recommend setting the LAN IP randomly between 192.168.50.1 and 192.168.240.1 Most of the consumer grade routers default to low IP numbers in the 192.168.0-12.1 range. Some routers also use the 10.0.0.1 range. Again it is not the actual address that matters, but not having the same address on both ends of a connection.

Try not to open up any ports beyond the firewall's secure defaults. If you must use Remote Desktop, Remote Terminal, VPN, File Sharing and/or other protocols that allow connections from outside your network to inside your network enable them only when you are using them, limit them to one account and have secure passwords on all accounts. Remember the reason that you have the firewall is to block outside connections! The more holes you open up in any firewall, the less secure it is! Also check that the WAN port can't be ping'ed. Normally today this is the router's default. Enable this feature only when troubleshooting as hackers can easily detect that your computer exists when this is enabled.

Keep Your Operating System and Applications Current

Apply the operating system patches soon after they are released.  Both OSX and Window have good automatic update systems.  It is harder to keep applications up to date.  Adobe’s Flash is frequently updated because of yet-another security patch.

Have a Good Anti-Virus Program - Update & Use It!

Fry's often has Anti-Virus software on sale for about $20 or less after the rebate.  They aren’t as good about doing this for Macs. I was able to purchase a Kaspersky package that was good for 5 devices (Mac, Windows, iPad etc.) for a reasonable price.  Once is a very long while they have a “Multi-device” version on sale that includes Internet Security for Mac.  If you are a Mac user, buy it when you see it, and keep it until your is about to expire.

Email used to be the number one way to spread viruses, spyware, and other attacks. Know how your email provider handles virus protection. If you are getting viruses by email, change your email provider to one that scans all of your mail.

Since our computers are always on the Anti-Virus programs gets updated daily and complete scans are done at least weekly. If you only power your computer up for short periods, then you must manually force the Anti-Virus updates, scans and Operating System updates to happen, do this on a schedule every week to two at the most.

 

Have a Sane and Secure Password Strategy

Have at least three username / password - pin pairs. One for really important accounts such as your bank and brokerage accounts. Have a second for public web sites that are not as important. Have a third one for your computers and web sites and other things that you manage. Many people may need a couple more pairs if the complexity of computer usage is higher than normal.

 

Note: Getting the system administrator’s username and password was how the now-famous Sony hack of December 2014 started!  Don’t allow logins from outside of your local network as the default!  Stay away from enabling by default any remote login tools that pass through your firewall! TeamViewer, GotoMyPC, MS’s Remote Desktop and VNC are just a few of the many out there.  If you need such a tool to have a friend help you with a problem, try using a tool, such as TeamViewer, that you can run the executable, fix the issue and when you exit the program nothing is left running. Note: TeamViewer is only free for “non-commercial usage”.

Develop a password strategy and stick with it. Passwords should be at least 10 characters; should have at least one uppercase letter and a number both located somewhere in the middle. Decide in your plan, how frequently that you will change them and follow that plan. The frequency of change depends on the risk of discovery, the damage that could be done if compromised, and how much of a pain it will be to change a password in multiple places.

Most systems also accept .-_!# (period, dash, bang, hash and underscore) as password characters. These are good to use, but don't get too fancy by using other punctuation (@$%^&*+=/?><{}[] etc.) or you may find that the Operating System or application interprets these characters rather than making them part of the password.

Usernames are usually not case-sensitive and passwords usually are. Do not write passwords where others can find them. If you need to record them, in case of an emergency, keep them on paper locked up with your other important papers.  Always have a password for your local computer even if it is in a physically secure location. The password is one more thing for a hacker to have to defeat when entering via the network.

It used to be that I had a very long and complex password for my Wi-Fi network.  Today, with all of the Wi-Fi devices that I have and guests to my home have, I have had to simplify it greatly. I don’t like this but it is a reality! Wi-Fi was easy to hack into in the past, and this just makes it easier.

Don't Download Programs from Unknown Sources

You can usually trust your major hardware manufacturers and software houses to have virus-free and usually spyware-free software. If you don't know and trust the source, then don't download it! Be suspicious of attachments, even from your friends. Safe computing isn't always easy! Be very careful with sites that want to download and install some ActiveX feature or some viewer to look at content on their site. If they want anything other than Adobe's Acrobat Reader or Flash Viewer, Microsoft's Media player or Apple's QuickTime Viewer, I don't load it. Watch out for E-vites, and electronic cards that actually execute, they have the potential to be a real virus.

SPAM I used to think that there is no really good solution for SPAM. ISPs and Anti-Spam tools either don't filter enough, or filter out VALID emails. I had been looking for an acceptable tool that works.. Since my ISP and Anti-Virus software are both scanning the email for viruses and Spyware, SPAM is only an inconvenience and no longer a serious danger. 

While looking for a new email provider in 2008, I came across Google Apps and switched to them for our email services.  They currently offer 10 accounts / domain and 15 GB+ mailboxes / account. They do have a maximum attachment size of 20 MB. The price is right - FREE.   After several years, I can say that Google doesn't burn any mail, that mail from open relays goes to the spam folder, contacts is the whitelist and filters can be used for the blacklist.

I am very happy with Google's spam filters.

Label Network Hardware boxes

If your computer setup includes lots of little network/computer boxes such as External Disks, DSL/Cable Modem, Broadband Router, 802.11b/g/n Wi-Fi Access point, VOIP phone adapter, cordless telephone, etc; then each should be clearly labeled with colored labels at the box, power brick and power cord. If the box has a MAC address then display it on the label. Often these boxes have similar connectors with widely varying AC and DC voltages. Plugging one into the wrong box can be disastrous! By having each box and cable with its own colored labeling, you reduce the risks of miss-plugging one.  Also label the Ethernet and phone cables if you have several.

De-frag Your Disks Periodically

OSX does a nice job of keeping your files “De-Frag’ed” and no tools are needed.  Windows still needs a lot of work in this area. Each year Windows’ defrag and backup tools seem to have fewer features – Yuk!

Keep a Copy of all Software Kits On-line

On my Misc Disk I have a Kits directory tree where I store a copy of all of my software on-line. I structure it in chunks that are less than 4 GB so I can burn them to a DVD - if required. This keeps the software on-line when I need it, allows me to load and update it easily from multiple computers.  If you set your folders viewing options to include "show hidden files and folders" you can usually copy a complete CD/DVD to the hard drive and install the software without any problem. Since most the applications I use are downloaded over the Internet, this is where I copy them. If the software has a key, I type it into key.txt and place this file in the top-level directory so that I don't lose it. If and when I burn a CD or DVD, I write the key on the disk along with the title and date. I also write the key on the CD/DVD that I purchase, so I don't lose it.

Proof of Purchase

Since many software products, such as anti-virus software, offer competitive rebates and upgrade rebates keeping proof of purchase of software products becomes important. I scan the receipt, UPC code, Software key, Disc, and front of the manual and logos that may used in the rebate code into a Jpeg or PDF file and store it with the kit on-line. Then when a product wants proof of purchase for a rebate I have something.

Keep Your Computer Clean, COOL, Well Ventilated and Physically Secure

Physically Secure includes not allowing your kids or grandkids to play games or install software from an account with Administrator privileges. We have a Kids Account for the grandchildren on the computer that we allow them to use. This way the can't install or delete software. Any trash that they leave on the desktop is on their desktop not ours. This way they can't see or delete any personal files or information.

Upgrading Your Computer - Moving to a New Computer

Mac / OSX make upgrading to a new physical system really easy.  What isn’t so easy is testing that a major OS upgraded won’t break the non-Apple applications that we count on such as: MS Office 2011, QuickBooks for Mac 2014, Parallels Desktop etc.  I ended up installing OSX 10.10 on a spare disk and testing it there.  I couldn’t to an exhaustive test of QuickBooks and some other software, but I could at least test that it did fail miserably or require a newer version.

SOHO's Should Have a Disaster Plan - Test It When You Upgrade Your Computer!

A Disaster Plan outlines how you would recover your equipment and data after a disaster so that you could continue operations with minimum interruptions. It is basically a list of the steps that you would need to restore a usable set of capabilities.  The Test-It and the Backup Strategy above, is really disaster planning. Only when you know how that you can recover can you know that what you are backing up is the correct stuff. If one of our computers totally fried, we would need to the following to recover it:

  • Replace or repair any damaged hardware (1 day to replace locally - 1 week on-line - ~$1,800/system  (Computer, monitor, printers, etc.)
  • Install the Operating System and Backup Program from the off-site backup and software keys (.5 day).  With a good system image that time should be greatly reduced, however I still store software kits and keys as if I didn't have any image backups.
  • Restore the data from the most recent Full Backup, available on-site or off-site. (1-3 hours)
  • Install the remainder of the applications from the On-line Kits or CD/DVDs, if required. (.5 day )
  • Test that it works. Figure out what information was lost, and how best to deal with that loss. Hopefully, the loss should only be the new data since our last backup and the disaster, and much of that we could recover via other means.

After recovery was complete, it is likely that we would have a newer faster more capable computer system and lose very little data. This is all because we planned ahead and do backups regularly.

A computer or two is the easy part of a disaster plan. The hard part has to do with the physical plant. (Building, phones, phone lines, other required services, employees, paper documents, etc.) That is outside of the scope of these guidelines. This is an area that even many Fortune 500 companies don't do very well.

Note: www.AgingSafely.com's  web hosting systems are located in a secure data center in the mid-west, backed up daily, have off-site backups, hot-spare hardware and a disaster plan. The level of care, physical security, network connectivity and 24 hour staffing that they receive is much greater than is recommended here for SOHO systems. The facility we selected to house them was selected for these very reasons.