G'day all,
I'm starting this occasional set of HOWTOs to give people some insights into commonly touched on topics in IT.
Due to the nature different hardware (typically, your home router / gateway), you may have to refer to your user manual to find out how to do (or if your hardware supports) specific tasks on your setup. This is to only give you a general overview on what you could do to secure your home network.
Preventing them getting in the first place
This typically applies to those networks who have a wireless access point, as wired networks are secure in this sense save someone physically plugging themselves into the network
> Enable Wireless Encryption - this comes in several flavours: WEP, WPA, WPA2. It is preferable to use WPA/WPA2 if your wireless router support it, as WEP can be cracked by those with sufficient time and motive on their hands. That said, some encryption is better than no encryption. Treat the pre-shared key that you create like a password. You make it hard to guess, but easy enough to remember. You should also consider changing it periodically (like a password).
> Change your SSID - the SSID (or Service Set IDentifier) is what is broadcast to the world in order to make it easier for you to find your own network. The sad reality is that most people leave their network with the default name (eg., NETGEAR, LINKSYS) which I would personally say make them more of a target for a wardriver. I would change this to something that you would easily recognise but does not in anyway personally identify you or your place of residence. Try to find a name that isn't conspicuous either, if you want to make yourself even less of a target.
> Hide your SSID - if you are able to, you can disable broadcasting of the SSID. This means that a person wishing to connect to the network must have BOTH SSID and pre-shared key (think username). That said, if you live in an area with a lot of networks there may be problems if multiple networks exist that do this. DO NOT attempt to use this method by itself, as it is considered unsecure by the seasoned hacker. It will, however, stop the 15 year old script kiddie from touching your network at all. It should be used in combination with encryption.
> Centralise the router in the building - as this has two benefits. Firstly, you keep maximal range throughout your house. Secondly, it limits the amount of range that is available outside your house for hackers to peep through on.
So they've got in, what now?
How to limit damage
> Use MAC authentication - a Media Access Control layer address is like a 'fingerprint' (quotations because it can be spoofed) for the physical hardware. It is in the form 00:1a:2e:4f:d3:g1 - a 48-bit address that identifies the hardware on your network. MAC authentication is essentially a table that only allows a pre-defined list of address that will be allowed to access the network. It can also used to give everyone fixed IPs over DHCP (a concept known as 'Static DHCP'). While a hacker is able to 'spoof' MAC addresses, he will have to go through a possible 2^48 combinations before he'd get anywhere (unless he has a packet sniffer, which may render this security moot).
>> you can get this address in Windows by going Start > Run > cmd. In the black window, type in 'ipconfig /all' (without quotes) and look up the physical address for the appropriate network device. In Linux/OS X, open up Terminal and type in 'ifconfig'.
> Keep an eye on 'attached devices' on the web interface - if you feel that your net is slow. It may indeed be a problem with your ISP, but a quick look won't hurt.
> Password protect the router Web Interface - as this is the core of your network and it can be accessed wirelessly. Some newer models allow you to disable access to the web admin panel through wireless, which you should enable if practical.
> Turn off file and print sharing - if practical. If you do need to share files and folders over a network, ensure that you password protect these with a STRONG password. Also, ensure that the Administrator account on your computer is actually password protected. Too many times have I seen networks with either no password or a simple password for this account; this account has absolutely FULL access to your computer. You can change this password by going to Control Panel > Users. You can even disable this account. Ensure you password protect your own account as well, as someone who guesses your user name will also have full access (as most people have full administrator privileges on their own computers).
If you need any specific help regarding any of these, or if I'm made any omissions (easy at 4am!)...please do not hesitate to contact me!
Home
Help
Search
Login
