Anyone who works from home should be required to set up a secure wireless network. If your company has telecommuters who lack network skills, help them to configure their networks for security. If your staff is more comfortable supporting particular routers, put together a list of recommended routers. If you or your employees use VPN connections, consider recommending or requiring routers that include support for multiple VPN connections. With this type of router, multiple VPN connections can run from home at the same time. Remember that a VPN connection has end-to-end security, even on a public network.

Stopping Phishing and Social Engineering

Phishing—the term for tricking users with official-looking e-mails warning of dire consequences to their credit card, bank or PayPal accounts, and directing them to phony websites that perform identity theft—is alive and well, but there have never been more defenses against it. Microsoft's latest browser, Internet Explorer 7, as well as rival Mozilla's latest, Firefox 2.0, contain antiphishing features that compare URLs to known phishing websites and provide reporting tools for flagging suspected phishers. If you're still running older versions of IE or Firefox, it's time to upgrade to the latest version. For additional security, report suspicious websites to antiphishing websites such as PhishTank and PIRT Squad; PIRT Squad also attempts to take down phishing sites.

However, you don't need high technology to help stop phishing—a little common sense works wonders. Don't click on links provided by a bank or other institution; log in manually. If you're wondering about any link in an e-mail or on a website, remember this trick: To find the real destination of a link, hover the mouse over the link.

Phishing is simply the latest way to perform one of the oldest hacking techniques in the book: social engineering. To stop hackers from pretending to be from the "help desk" or "the network provider," verify the identity of people who can access sensitive information, such as calling the employee's supervisor or using challenge questions with predetermined answers. If you must give a password to someone so they can fix your problem, make sure you change it immediately. The Security Focus website is an excellent resource for developing countermeasures against phishing, social engineering and other threats.

Using Your Operating System's Tools

Microsoft Windows XP Service Pack 2 and Vista both offer a variety of tools that can be used to help detect and stop intruders. As mentioned previously, both feature an easy-to-use firewall that can be set up in a "no exceptions" mode for use in public places, while providing access to shared resources on a more secure network. Both also feature support for EFS (the Encrypted File System) in their business editions to provide user-based security for sensitive files.

However, Windows Vista includes several additional intrusion-stopping features. It includes the Windows Defender antispyware tool (available as a download for Windows XP); antiphishing features in Internet Explorer 7 (available as a download for Windows XP) and in its new e-mail client, Windows Mail; a new browser add-on manager; website and activity reporting via Parental Controls; a new internal design featuring address space layout randomization, which changes the address space used by system functions to help prevent successful attacks; and, in Enterprise and Ultimate editions, BitLocker full system disk encryption to prevent data theft through laptop or desktop (or drive) theft.

Sealing the Holes

Although Windows Vista goes a long way toward sealing the security leaks in Windows XP, you can take steps to make your system even more secure. Make sure you install security updates as soon as they're available via Windows Update or Microsoft security bulletins. You can see the latest security headlines for Windows at the TechNet Security Center. Use and update antivirus and antispyware packages on a regular basis to help prevent software-based attacks.

Mark Edward Soper discusses security features in Windows Vista in his latest book, Maximum PC Guide to Microsoft Windows Vista Exposed, available now from Que Publishing. He is also the author of Absolute Beginner's Guide to Home Networking and other books, and blogs on Windows and other tech subjects at Maximum PC's website.