8 Layers of Security Every Computer Should Have

Sue Marquette Poremba
Slide Show

The 8 Keys to Security

Check out Sue's eight essentials for protecting the computers on your network.

Every time you connect to the Internet, you are putting your computer -- and the information stored there -- at risk. As Roger Thompson, chief security officer with AVG Technologies told me:


The single most important thing to understand is that 99% of all attacks now originate from the Web. When you start a web browser, it starts from a trusted place .... _inside_ the firewall, so that creates a trusted tunnel thru the firewall, and if a victim visits a website of hostile intent, the attack code is able to go right through the firewall, and has a chance of executing on the pc.

So what do we need on our computers to protect our data? Thompson says the best way to set up computer security is through layering. Even if one area of protection is only 75 percent effective, the increasing layers will close all the holes. Those layers should include the following:

  • Firewalls. Firewalls protect the computer from outside intruders. According to Microsoft, there are multiple options for firewall: hardware, software and wireless router firewalls.
  • A traditional scanner, such as antivirus, antimalware, and antispyware software. This protects computers from viruses, Trojans, worms, rootkits and similar attacks. Today, these programs are usually bundled into one. Because there are thousands of malware variants released daily, it is hard for the software companies to keep up. A lot of users feel safer with multiple scanner programs, finding that what one program may miss, another may catch.
  • A specialized Web-scanning layer to block most of the attacks immediately. The Web application scanner tests Web servers for dangerous files and other problems.
  • A behavior-monitoring layer. According to Thompson, a behavior monitor watches for malicious behavior. For example, a new program that installs itself so that it survives a reboot, and also starts monitoring keystrokes, is very suspicious to a behavior monitor.
  • Newest version of your favorite browser. IE8 might not be perfect, but it is a lot safer than IE6, which is still the browser of choice on many computer systems.
  • Network-based restrictions and user management software. One infected computer can destroy the network, so better safe than sorry when it comes to the Web sites your employees can visit while on the conpany's server.
  • Data encryption software. Keep your data safe by encrypting it.
  • Online backup system. This gives you access to your data in case of theft or computer malfunctions.

Add Comment      Leave a comment on this blog post
Mar 27, 2010 2:05 AM Stuartconsiderit.co.uk Stuartconsiderit.co.uk  says:

Most of these layers apply happily in a home-user environment, but layers like Online Backup can lead to data leaks and security issues in a business environment.

One of the most prudent layers of security that haven't been mentioned is the IT Policy in general - that crucial document you get all employees to read, and agree to abide by. Security doesn't always have to be implemented at the software or hardware level, but can be highly effective when the users behaviour is actually adapted.

Mar 27, 2010 7:07 AM Grim Bracken Grim Bracken  says:

Some good advice here. However, I would not trust my data to an online backup. Home backup solutions, NAS storage with RAID are pretty cheap now. Couple that with a second backup device and you can keep your data safe without trusting the cloud. Move the second backup offsite and you're even safer.

Mar 27, 2010 7:12 AM Isaac Isaac  says:

Not to be a fanboy, but I haven't thought of any of those issues since I got a Mac. Maybe windows 7 fixes the history of violence, but it seems that unix based operating systems are superior when it comes to safety.

Mar 27, 2010 7:16 AM Bill Bill  says:

Why no love for Firefox? IE8 is still not as good as just getting Firefox.

Mar 27, 2010 7:18 AM Isaac Isaac  says: in response to Grim Bracken

How about several cloud locations, and all of them encrypted? "Cloud" storage is the specialty of these companies. It is their sole purpose to keep your data safe and available. I agree with no trusting it as the only backup, but as another tier of safety.

Mar 27, 2010 7:28 AM Lou WOods Lou WOods  says:

Nice, I think if people took more care on the internet and utilized privacy/anonymity services like www.Ultimate-Privacy.net it would make a difference. Invisibility is a good thing


Mar 27, 2010 7:58 AM aikiwolfie aikiwolfie  says:

"browser of choice". When are the people who write these articles going to realise there is a difference between the "browser of choice" and the "browser bundled by default"?

Traditional anti-virus scanners just aren't doing the job any longer. Using the excuse that thousands of new variants are released every day is just weak tea. All of the traditional scanners currently on the market come with heuristic algorithms which are supposed to detect potential threats. But don't.

The real reason computers today are still so vulnerable to attack is because Microsoft still puts profit before security. So long as security is a bolt on after thought Windows PCs will always be vulnerable. So long as Microsoft continues to add ugly hacks to it's OS to support third party applications, Windows PCs will always be vulnerable. So long as Microsoft developers continue to use poor coding practices like making low level sub-routines dependant on higher level sub-routines Windows PCs will always be vulnerable.

Basically a massive part of the PC security problem is Windows (the dominant OS) and the Microsoft culture of profit before security.

Mar 27, 2010 9:06 AM Heunemann Heunemann  says:

Good article but one thing it fails to mention is the production of Malware has become easy and automated.  The Bad guys test their malware against anti-virus engines to ensure they can penetrate their signature and behavioural defenses.  Then they feed their code onto software that generates variants.  The timeframe between capture analysis and siganture release is at best hours in many cases its days before the AV companies are able to respond.  Av-test.org data shows that the number of unique malware samples has risen from about 3000 per month in 2006 to 20,000 per month in 2009 multiply thise numbers by the number of vairants and its no wonder that the most popular aV products have an 80 percent miss rate.    When you look at the payload of teh malware more often than not these days its a keylogger.  This article should recopmmend 9 layers tyhe 9tth layer being a keystroke encryption program that encrypts your keystrokes between the keyboard and the application (browser) so if your system does get infected your keystrokes wont be stolen.  I'm affiliated with Encassa makers of CoDefender.  Its free for firefox and IE and will have man inthe browser protection soon.  You can get itys from download dot com search for codefender

Mar 27, 2010 9:08 AM Smithwill Smithwill  says:

The notion of security can be very mushy if one neglects taking the time to outline EXACTLY what is the intended use of the computers, software and Internet. Without these goals and a means of educating users along with policing and enforcing the objectives, the threat of compromise is very large and very likely to occur.

Layers of security is prudent. Having a consistent process to monitor "use" along with a transparent reporting scheme provides more than enough information to "manage to the mean and keep the network secure and clean." Prose aside, when there is everything to gain and nothing to hide, proactive IT & Business management will be embraced by everyone. It's not the technology that makes you secure, it's everyone striving for the same objectives in a clear and concise manner.

Mar 27, 2010 9:13 AM tim tim  says: in response to aikiwolfie

The best security tool, and the worst, is still the gray matter between the ears.  The vast majority of malware that i deal with is "installed" by stupid clicks. 

The most recent was visiting questionable sites looking for an edge in NCAA pools.

Of course the website "must install this app to access the information you want."

Mar 27, 2010 9:31 AM Dug Fresh Dug Fresh  says:

This is a terrible article. It offers no suggestions as to what applications fulfill the roles required for each level. The AV level is not so hard to figure out as there are several popular applications to choose from. However, the article would be immensely improved if, for example, when it says you need a behavior monitoring layer, it offers examples of behavior monitoring layer applications! A google search returns no useful results. What the point of telling people they need something but then not bothering to explicitly detail exactly what that is they need? Useless!

Mar 27, 2010 10:12 AM FM HIlton FM HIlton  says: in response to Dug Fresh

It is indeed a pathetic excuse for an article.

Just how do you protect your computer from all the known evil, and by which programs?

BTW, I wouldn't trust on-line storage for anyone. Do you hand out your bank account to just anyone on the street who tells you they'll take care of it?

Bet you don't. That's why you don't store your data on-line, no matter how "trustworthy" the company says it is. Besides, who knows where they're sending your data? The government? Nigeria? The IRS?

Most people are pretty dumb and trusting when it comes to on-line security, which makes articles like these redundant.

The people who know about this kind of problem are already doing it, and the ones who don't, couldn't care less and don't know any better. Don't waste your breath or words on them. They're too stupid to know when not to press "free".

You want to educate them, try writing in-depth about the problem, not glossing over with key words.

Mar 27, 2010 10:22 AM MrktMind MrktMind  says:

Nah, sandboxing is much better than layering. Run your browser in  a virtual machine (VMWare) then it doesn't matter how many viruses you get - they can't get to your main machine plus one click of a button and they are all gone. No more playing the cat and mouse game - send me all the viruses you want cause they will all be gone when I click the button at the end of my surfing session. No more updating anti-virus programs everyday or trying to dig out a virus that made it past the anti-virus software. Also, get Acronis True Image Home - just in case you get a virus on your main (host) machine - you can restore your entire C drive (OS, programs, everything) with one click - takes about 15 mins. to totally restore the C drive.

Mar 27, 2010 10:36 AM don02562 don02562  says:

The most popular browsers are the most vulnerable. Since most browsers are alike, using chrome or opera would not be difficult to become familiar with.

Mar 27, 2010 11:27 AM Larry Larry  says: in response to MrktMind

Actually there are ways for malware to be able to attack a vmware host that can be done from within a guest using things such as cloudburst.


Mar 28, 2010 1:09 AM Asher Asher  says: in response to Heunemann

Tried to install Codefender, but the wizard wouldn't complete installation under Win 7. Notice that you don't show Win 7 as supported for your software. Any idea when it will become available?

Mar 28, 2010 1:35 AM ganjalius ganjalius  says: in response to tim

exactly! i haven't run an anti-virus program in over 10 years, because I always seem to have a slow computer, and they use too many resources to the point that its redundant to even use them.

I simply do not have any viruses.

My security tip would be to use Chrome, do not install ANY plugins/software/add-ons/etc from ANY site unless its from a trusted company and the URL is correct, ie Microsoft, Google, Yahoo, big companies.

Clear all startup items from msconfig, and clear most if not all of the services (non-ms).

Just my thoughts.

Mar 28, 2010 2:22 AM Hamranhansenhansen Hamranhansenhansen  says:

This only applies to computers with Microsoft Windows on them. The headline should read " Every Microsoft Computer Should Have."

Running a virus scanner is not recommended on a Mac or Linux computer because there are no Mac or Linux viruses. You end up losing a significant amount of performance for nothing.

If you're going to talk about what every computer should have, things like "Unix user accounts" and "open source core OS" would be important. You find both of those on Mac and Linux but not Windows. So this list is very Microsoft-specific.

Mar 28, 2010 6:29 AM Patrick O'Connor Patrick O'Connor  says: in response to Isaac

Windows has been 'unix based' ever since the NT s/w branch merged with thier idea of 'home computing' (Windows 9x/ME).

It's only secure using Mac at the moment because there's not a significant financial gain in breaking it (too few users). If everyone jumped ship to Apple it would be in difficulties pretty quickly.

Mar 28, 2010 8:33 AM StevetheNerd StevetheNerd  says: in response to Isaac

A common misconception is that Unix/Linux/OSX are more secure... in fact recent history has proven that Apple ignored the problems that were inherently present in unix making it more vulnerable to Malicious attacks...

Offsite/Online backups to encrypted data centers are more secure than leaving the data on your home PC, and in the case of a catastrophic failure are

Mar 28, 2010 8:48 AM Rich Rich  says: in response to StevetheNerd

I recall a day when js pop-ups were my biggest concern.. nowadays its standard to have 8 different programs protecting your pc .The only virii I ever had were ones I downloaded myself. If you don't download anything chances are slim that you'll get a virus.

Custom logo and web design @ www.digipaw.net

Mar 28, 2010 10:15 AM matt matt  says: in response to ganjalius

so, it takes 8 layers of security to safely use a PC nowadays?

In upwards of 2-7 pieces of software running at all times?

Nobody thinks that's a bit.....silly?

Mar 28, 2010 10:46 AM phil phil  says: in response to matt

absurd. many of those points are redundant, many impractical, and a couple just ill-advised for your average machine.

Mar 28, 2010 11:29 AM Sean Sean  says:

Do people pay for antivirus solutions? I haven't ever paid for one, choosing instead a combination of the free products that are already out there (firefox, avg, adaware and spybot) plus a little common sense to successfully avoid infection on my windows machines.

My wife and kids have been educated to avoid malware, and between them and my router's firewall they do a good job of keeping the bad guys at bay.

FWIW I don't run any antivirus software on my Linux machines. Maybe the answer is instead of burdening low income people with expensive licences the answer is to set them up with free software for them to use, modify and adapt to their needs.

Mar 28, 2010 12:50 PM Jay Jay  says: in response to Bill

Firefox is better than IE8 but having outdated Internet Explorer even in the background is a security threat. I use Firefox but always keep IE up to date.

Apr 2, 2010 12:46 PM Virus Removal Services USA Virus Removal Services USA  says:

I feel that protection is the first most thing for our PC from virus so go and take it before your computer data is blocked and you get fired

Apr 20, 2010 1:08 AM smith smith  says:

Hey Sue Marquette Poremba,

Thanks for sharing such a nice article,points which you mentioned about 8 layers of security are quite interesting and informative.

information security is the spotlight today,failure is not an option,for more information on security check this link  http://www.eccouncil.org/certification/certified_ethical_hacker.aspx

Jun 16, 2010 2:28 AM Fences Fences  says: in response to Virus Removal Services USA

Cloud computer is the way of the future... Just had my computer crash and even backing it up via hardware was a struggle!  Wouldnt life be easier if we could just log into our desktop from anywhere?

Aug 19, 2015 8:33 PM mark jason mark jason  says: in response to Sean
wow sound's great ..so what are those procedures on how to put those things in my laptop computer.. Reply
Oct 21, 2015 4:58 AM Anna Carvalho Anna Carvalho  says:
Good post, but I think that you've forgot the most influent one - your own hands, which are responsible for downloading viruses. Those hands also can remove them, and after visiting my website you would know how to get rid of them in a few minutes! Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.