Google+ Badge

Sunday, June 29, 2008

Home Network Security, Simplified

Many home users have unknowingly become computer geeks. Not too long ago using the terms 'router' or 'wireless' signaled the presence of the enthusiast or professional. No longer. Now, routers, hubs, switches, Ethernet cards, firewalls and a bewildering array of other network related buzzwords have entered the home.

By making the installation of these devices easy and inexpensive, vendors opened new sources of revenue for themselves and offered a significant value to home users. Now multiple home computers could share resources without 'sneaker net' - physically transporting files or moving printer connections. Now the whole family could use a single network connection to the Internet, and often without having to string wires all over the house.

What users didn't get is what every networking and computer professional has early on - training in how to secure that gear from hackers.

But, don't panic. The settings from the vendor are often quite good. Now, for some guidance...

RFM is a common acronym known to computer professionals. For the sake of propriety I'll ignore the middle letter, but the first and last stand for Read the Manual. It'll give you common useful settings and configuration information. Now read it again.

ROUTER PORTS

First, change the password and if possible rename the administrator account. The person who bought the same model you did has that information, and he may not be as trustworthy as you.

Port 80 is the standard for HTTP, needed for any web browsing. 'Ports' are network numbers used by software to distinguish traffic. Open that, but only for specific IP addresses or ranges going out. That way, only known computers can generate traffic out of your home network.

That tip is imperfect if you acquire an IP address automatically. I.e. use DHCP, as most do. But many providers allow you to purchase one static address for your router. That's the one that should have access out.

Why do you care about traffic going out? Because you can infect others. Practice safe networking. Don't spread viruses. Also, if you have wireless - see below - you may not know who's on your network. Even if you don't and you're not home, no one can sneak in with a laptop and get out of your network. Yes, it's happened.

You'll have to open Port 80 for all incoming traffic, unless you want to try to track which sites have which IP address - nearly impossible.

If you use a desktop e-mail client, rather than being entirely browser based, you need to open Port 25 for outgoing mail (SMTP) and 110 for incoming (POP3, ignore the acronym meanings).

And that's ALL... usually.

Manual or desktop FTP clients, which you should avoid because of their weak security, will need another, and specialized programs will require a few others. In most cases you'll find their numbers easily discoverable. Keep them to the bare minimum. The rule of thumb with network security is: everything closed by default, allow only those truly needed and only to those who need it.

By the way, if these sound a lot like firewall settings it's because routers and firewalls have some overlapping functionality. Routers route traffic, firewalls prevent or allow it.

WIRELESS NETWORKS

If you have wireless gear, you have more to do. Some, by default, allow anyone nearby to use them to access that network and hence the Internet. That means not only the teenager in the upstairs bedroom, but the neighbor next door and the hacker parked at the curb can access resources inside your home. Yes, that does happen.

Lock down your wireless gear by, you guessed it, reading the manual to learn how to configure passwords and implement any other security features available.

It isn't necessary to dedicate your life to becoming a network or security expert in order to safeguard your resources. But having a home network connected to the Internet via a home router, puts you at extra risk compared to dial-up or single-connection users.

If you don't spend a modest amount of time to take simple steps today, someday you may spend much more after you've been hacked.