Computer network security advice for the real world. What you need to worry about and what you can do about it

           
computer network security advice



Overview

Security is the state of being protected from harm or undesirable situations. In the computer world the concern is that no one should be able to get into your system that you don't want to. They shouldn't even be able to know you exist or find you if this can be avoided. Even if they gain access to your system or transmitted data, it should be useless to them and they should not be able to do any harm.

A wired system is harder to get into since the hacker would have to get physical access to your system or trick you into allowing them in.

Wireless systems require more effort to protect since they depend on broadcasts that can be accessed by others.

All systems have to be concerned about viruses, adware, phishing and undesirable content since the door to these things is opened by typical Internet usage. Undesired user access also has to be blocked by setting up a firewall that only lets things in and out that were requested or purposely sent out by the owner of the system. Firewalls should be enabled on each computer and the router. These issues are covered in the computer Internet security aricle.

What you need to worry about and what you can do about it

All networks need to be designed from the start with the proper security features in place. A wired network is a closed system and, therefore, has less problems than a wireless system and its requirements are discussed below.

Wireless networks present more problems than a wired network because they broadcast signals and data from one device to another. That presents 2 problems. 1 - strangers that have wireless adapters and are in range of your network can mooch off of your bandwidth. This will steal some of your network's power and you might find that the game your playing is being interrupted with unnecessary glitches and delays. 2 - hackers are lurking waiting to intercept Your transmissions to get private information, to use or take over your network or install harmful software. There are a number of things you can do for all problems but the main solution is to activate strong secure encryption (scrambling of your data in a way that systems that have the password know how to unscramble).

The following are security concerns:

  • Your router can be hijacked Malicious people are looking to get into your system. If they find your ip address and gain control of your router, they will basically own your network. The standard username and password of most popular routers are well known.

    Solution

    If the wrong people can get into your router, they can login and own it if your username and password are not changed from the default. You should change them and pick a good password for it.

    Disable wireless administration which means that your router can be logged into and controlled from a wireless connection. This is not a good idea since you are safest if the only machine that can change the router is one connected to it. The same applies to remote administration which would allow your router to be controlled from a machine out of your network. If you anticipate having to do this because you travel frequently and know you will need to make changes, then you can ignore this extra level of protection. Otherwise, turn it off.

  • your network can be found by those that you don't want to know about it

    Solution

    The name of your network is called its SSID (service set idenifier). If you don't change this name, it will be named as the brand of your router such as Linksys, SMC or Netgear. This name is commonly known and its being unchanged announces that the network that it is attached to hasn't been tweaked for safety. It's a good idea to change this name.

    Some people suggest you turn of SSID broadcast which makes your network name appear to anyone within reach. The problem with this is that it doesn't really stop all broadcasting and the professionals know how to find you anyways. Even though this will discourage the casual bandwidth thief, it makes your life more difficult and is not worth doing.

    Click here for details of changing your router password and setting the SSID for Linksys router.

  • anyone can connect to your network Most networks are set up with DHCP (Dynamic Host Configuration Protocol) which automatically assigns a network address to any computer that connects to the network. They join your network if you haven't blocked them with encryption.

    Solution

    You can limit which machines can connect to you by using MAC filtering. A MAC address is a unique number assigned to any piece of hardware.

    You can get the MAC addresses of all your computers and set up a table to only allow the MAC addresses that you specify to connect.

    This is really not worth doing except for very special cases. It doesn't stop hackers because they can figure out your MAC addresses and make their machine imitate it. The non professionals are blocked by better methods which you have to do anyways. Here is a case where MAC filtering makes sense.

  • WiFi broadcasts outside of your home or office This puts your network in reach of anyone close enough or with a strong enough antenna.

    Solution

    The main solution to this problem and to most of the others listed here is to implement strong and secure passphrase protected encryption.

    There are 3 types available WEP, WPA and WPA2. It's worthwhile not considering anything less than WPA2 which is the best. Either buy WPA2 equipment from the start or upgrade to it. If you can't, at least use one of the other 2.

    Once you have done this you've done the best thing and some other methods that people suggest take work and don't pay.

    • positioning the Router or Access Point in the middle of your house or setting the router to limit its power. Hackers will have powerful antennas and this won't stop them and it might make reaching some parts of your house more of a problem.
    • assigning preset static IP addresses to devices. As usual, the wrong people can figure out the ip addresses that you are using and imitate them
    • MAC filtering was already discussed above.

It makes sense to turn Off the network during long periods of inactivity.

Useful Links

Dlink Security Setup

Linksys SSID and router password set up

Insightful article on what really works.

Easy Home Network Roadmap



Return from Computer Network Security Advice to Easy Home Network
Return from Computer Network Security Advice to Ask the Computer Doc home

7/14/2010



footer for Consumer Electronics and Computers page