Recently, I taught a workshop about setting up a home computer network at our local computer club. That event reminded me that it’s been a long time since I have written about network security.
For a quick summary, you should prevent anyone from using your network other than you and those individuals you trust to access the files and printers on your computers. Period. No if’s, and’s or but’s.
Why is this important? Because it’s a whole lot easier to prove that someone did something, than to prove that they didn’t.
You should lock down your network, whether a wired or a wireless network, to prevent others from using your computers or your Internet connection.
They might attack other computers (e.g., banks, corporate or governmental computer systems) or host or provide (or even connect to) files, videos or images that are illegal to access. If you want to read a real-life horror story on the last one, check out this article on the Herald-Tribune‘s web site.
But, let’s take a step back…
We all are running, or should be running, current anti-virus/anti-malware software and running a firewall program on our computer. This is true whether we are using a dialup connection to the Internet, a wired networking connection or a wireless connection.
We know the basics about configuring our wireless router to secure our wireless connections:
- use an SSID other than the default one (so we’re absolutely sure we’re connecting to your network and not a neighbor’s router),
- set the MAC Address Filtering function to only allow connections from the MAC Addresses of our own wireless adapters,
- set the password on our router to something other than the default,
- and set the encryption of the wireless transmissions to WPA2 (which is the best consumer-level encryption currently available).
If we’re running a wired router, we should change the password from the default, also. Why? Because there are actually malware programs that could run on your computer that try to access routers by the default passwords. If they get in, they change the DNS settings to route all communications through their servers so they can record or modify the data being sent.
But, what if you’ve only got one computer connected to your cable modem, and don’t plan to have a home network. You should still use a router. You can probably buy a wireless router cheaper than a wired-only model (supply & demand), so just turn its wireless functions off.
By using a router, you protect your computers from being able to be contacted directly by a computer somewhere across the Internet. Computers (servers are computers, too) can successfully reply to a request from your computer, but they can’t directly contact your computer to initiate communications with it.
Why not? It’s because the router gets the public IP address. The local computer has a local network address assigned to it by the router. The router knows how to send an outbound request to the Internet and knows which computer requested information, so it knows where to send the response.
However, a computer on the Internet side of the router can’t initiate a contact with a computer on the local side of the router because it can only touch the Internet side of the router.
So, those are our other New Year’s Resolutions: (1) keep our wireless networks secure by locking down the access to them, and (2) keep our computer(s) safe by using a router to isolate our computers from contact initiated by the Internet.