network security advice for the real world. What you need to worry
about and what you can do about it
Security is the state of being protected from harm
or undesirable situations. In the computer world the concern is that no
one should be able to get into your system that you don't want to. They
shouldn't even be able to know you exist or find you if this can be
avoided. Even if they gain access to your system or transmitted data,
it should be useless to them and they should not be able to do any harm.
A wired system is harder to get into since the
hacker would have to get physical access to your system or trick you
into allowing them in.
Wireless systems require more effort to protect
since they depend on broadcasts that can be accessed by others.
All systems have to be concerned about viruses,
adware, phishing and undesirable content since the door to these things
is opened by typical Internet usage. Undesired user access also has to
be blocked by setting up a firewall that only lets things in and out
that were requested or purposely sent out by the owner of the system.
Firewalls should be enabled on each computer and the router. These
issues are covered in the computer Internet security aricle.
What you need to worry about and what you
can do about it
All networks need to be designed from the start
with the proper security features in place. A wired network is a closed
system and, therefore, has less problems than a wireless system and its
requirements are discussed below.
Wireless networks present more problems than a
wired network because they broadcast signals and data from one device
to another. That presents 2 problems. 1 - strangers that have wireless
adapters and are in range of your network can mooch off of your
bandwidth. This will steal some of your network's power and you might
find that the game your playing is being interrupted with unnecessary
glitches and delays. 2 - hackers are lurking waiting to intercept Your
transmissions to get private information, to use or take over your
network or install harmful software. There are a number of things you
can do for all problems but the main solution is to activate strong
secure encryption (scrambling of your data in a way that systems that
have the password know how to unscramble).
The following are security concerns:
- Your router can be hijacked
Malicious people are looking to get into your system. If they find your
ip address and gain control of your router, they will basically own
your network. The standard username and password of most popular
routers are well known.
If the wrong people can get into your router,
they can login and own it if your username and password are not changed
from the default. You should change them and pick a good password for
Disable wireless administration which means
that your router can be logged into and controlled from a wireless
connection. This is not a good idea since you are safest if the only
machine that can change the router is one connected to it. The same
applies to remote administration which would allow your router to be
controlled from a machine out of your network. If you anticipate having
to do this because you travel frequently and know you will need to make
changes, then you can ignore this extra level of protection. Otherwise,
turn it off.
network can be found by
those that you don't want to know about it
The name of your network is called its SSID (service set idenifier). If
you don't change this name, it will be named as the brand of your
router such as Linksys, SMC or Netgear. This name is commonly known and
its being unchanged announces that the network that it is attached to
hasn't been tweaked for safety. It's a good idea to change this name.
Some people suggest you turn of SSID broadcast
which makes your network name appear to anyone within reach. The
problem with this is that it doesn't really stop all broadcasting and
the professionals know how to find you anyways. Even though this will
discourage the casual bandwidth thief, it makes your life more
difficult and is not worth doing.
Click here for details of changing your router
password and setting the SSID for Linksys router.
- anyone can connect to your
network Most networks are set up with DHCP (Dynamic
Host Configuration Protocol) which automatically assigns a network
address to any computer that connects to the network. They join your
network if you haven't blocked them with encryption.
You can limit which machines can connect to
you by using MAC filtering. A MAC address is a unique number assigned
to any piece of hardware.
You can get the MAC addresses of all your
computers and set up a table to only allow the MAC addresses that you
specify to connect.
This is really not worth doing except for very
special cases. It doesn't stop hackers because they can figure out your
MAC addresses and make their machine imitate it. The non professionals
are blocked by better methods which you have to do anyways. Here is a
case where MAC filtering makes
- WiFi broadcasts outside of
your home or office This puts your network in reach
of anyone close enough or with a strong enough antenna.
The main solution to this problem and to most
of the others listed here is to implement strong and secure passphrase
There are 3 types available WEP, WPA and WPA2.
It's worthwhile not considering anything less than WPA2 which is the
best. Either buy WPA2 equipment from the start or upgrade to it. If you
can't, at least use one of the other 2.
Once you have done this you've done the best
thing and some other methods that people suggest take work and don't
- positioning the Router or
Access Point in the middle of your house or setting the router to limit
its power. Hackers will have powerful antennas and
this won't stop them and it might make reaching some parts of your
house more of a problem.
- assigning preset static
IP addresses to devices. As usual, the wrong people
can figure out the ip addresses that you are using and imitate them
- MAC filtering
was already discussed above.
It makes sense to turn Off the network during long
periods of inactivity.
Dlink Security Setup
Linksys SSID and
router password set up
article on what really works.
Easy Home Network Roadmap
from Computer Network Security Advice to Easy Home Network
from Computer Network Security Advice to Ask the Computer Doc home