Children security knowledge when first time use computer

Home user security: 

Disable NetBIOS 

Uncheck File and Printer sharing and client

Turn off network discovery and turn off files sharing 

choose block by default at inbound connections at window firewall at home

Allow TCP source port 49152-65535 to destination port 53 and 443 at outbound window firewall and hardware IPS at home 

Allow UDP source port 49152-65535 to destionation port 53 at outbound window firewall and hardware IPS at home

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

Files property : check Encrypt contents to secure data, if you like you can check read only attribute

Disable speaker and disable camera, disable Wifi, disable blue tooth

Disable remote help and remote connection after right click My Computer

Use normal user account instead of administrator account and then create another name of administrator account for update or upgrade or change setting and then use cmd command to hide administrator name this account

Setting - security - enable integrity

Make a D drive by partition tool, prevent using C drive

Reminder : do not think these security is enough. For detail, read previous posts.

Year 2001 I had already disabled NetBIOS. May be even earlier. 

Baseline of security may even dispose all  electronic devices. 

The real security has already begun in wireless wave since 2013.

Now is 2022.

If your computer only have rubbish, then these security measure are not for you and your home computer. You can just let the configuration in initial setting.

What if you do not have internet or you do not use Internet

domain and public profiles default inbound and outbound block, only private profile outbound allow

Then what to block at home wifi router

https://attack.mitre.org/techniques/T1571/

These C2 ports are needed to block at home wifi router. You notice that some ports greater 49152 to be blocked in home IPS and window firewall too

If your home wifi router advanced enough, you can block keywords too, but home wifi router blocking can not do when using mobile phone VPN.

Hackers usually use advertisement ID to hack, you may notice that I blocked GA_ and appflyers and googletag... etc

Mobile VPN can prevent ISP sniffing in the past. This is basic nowadays. 

What to do is using www.browserling.com, www.peekier.com or buying whole web arhive for private network use.

Hackers have already seen all that make difficult to hack. So, some of them do not play ethernet network. They play wireless wave. My next post is about LTE hackers use.