Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Troubleshooting Q&A - November 17, 2004
Can You Ever Be Truly Safe and Secure Online?
You avoided going with a broadband connection for as long as possible, fearing the effects of the always-on nature of cable and DSL modems. Now it's time to hang up the dial-up service. Here are some security tips to ease your trepidation.
By Ron Pacchiano
Q. For years now I have resisted the temptation to get a high-speed Internet connection for my home. I couldn't really justify the extra money when my dial-up connection was more then adequate for my needs. However, the primary reason that I didn't get it was simply because I was concerned about my computer being connected to the Internet all of the time. I mean with all of the stories in the news these days about identify theft and fraud, I didn't really see the need to take the chance of someone gaining access to my system and stealing my personal information.
Recently, though, I became involved in a project for my company that requires me to spend a lot more time online. I also have to review a number of large documents, which means that my dial-up connection is no longer sufficient. So now I MUST get a broadband connection.
I understand that there are products that I can purchase that would help prevent anyone from gaining access to my PC, but I'm still nervous about it. I discussed the matter with our IT guy and he assured me that everything would be OK. He said that most hackers won't even bother with me and focus mostly on larger, more recognizable targets. He's kind of incompetent, though, and I don't really respect his opinion in this area. So my question is, is what he's telling me true? Will a firewall be enough to protect my PC from attack or is there anything else I can do to make it more secure? Thank you.
A. One of the biggest misconceptions is that hackers will target only large companies. The truth is computers get attacked for a variety of reasons. Some of these include the following:
Snooping: Reading private mail and other personal files.
Destroying or corrupting computer data: Making files unusable, or making a whole computer unusable.
Stealing computer data: Taking credit card numbers, e-mail addresses, company information and so on.
Stopping computers from functioning properly: Blocking incoming traffic so that intended users cannot get access, etc.
Misusing computer resources: Sending spam without you knowing it, etc.
Pranks: practical jokes, breaking in just because it's a challenge.
The bottom line, don't think your network is safe just because you're not that important or well-known. Assuming that you aren't personally targeted, moderately secure networks usually cause hackers to attack elsewhere. Yet attacks can come from many different sources and your computer should be equipped to deal with each of these types of attacks. For example, your network firewall (like the one built into your router) is your first line of defense.
A hardware fire shouldn't be your only defense though. Your PC should also have a software firewall installed on it. The hardware firewall protects entry on to your network; the software one will protect your PC itself. It doesn't end there. Many threats, like virus, trojans and spyware must also be dealt with. This is why anti-virus software such as Norton Anti-Virus and good spyware detection packages such as Ad-Aware and Spybot Search and Destroy come in.
However, software alone can do only so much. You must also implement and maintain good security practices. Computer criminals depend on you to implement security casually. However, with a little effort, you can be moderately secure. Remember, there is no way to anticipate or stop every possible attack on your system, but there are steps you can take that will minimize your exposure. So here are a few general security suggestions for making your online experience a bit safer and more secure. You don't need to implement every one of these, but the more you do, the more secure your network will be.
Put a good hardware firewall between your computers and the Internet. NETGEAR, D-Link and Linksys each make good and inexpensive routers. Most are easily configurable and even provide VPN and wireless capabilities.
Use your router to control access using MAC addresses filter (Media Access Control addresses). This limits which systems can gain access to your system by only allowing systems you specify to use your network.
Update your operating system and Web browser. For Windows users, install "critical updates." If unsure whether an update applies to your computer, you probably should install it.
Run virus protection programs on all computers. Set the scan to examine all hard disks and to continuously examine all incoming files. Check for anti-virus updates frequently, daily if possible.
Never leave a password at its default value. Passwords should not be simple: use characters, numbers and symbols. It's better not to use names or dates you find easy to remember: your birthday, your girlfriend's name and so on. This is an example of a good password: kB!3ccsiiz_8 or 4*4zbmn-BXY
If you have a wireless network, make sure your using WEP or WPA encryption. As with the password, make sure your using a strong encryption key at the highest bit level possible. Typically 128-bit. If your hardware supports it, I would further suggest that you use WPA over WEP. For some information on the differences between WPA and WEP you can refer this recent Q&A column.
Never place your primary PC in your routers DMZ or Demilitarized Zone. A PC at this address is wide open to the world. Unless you have a reason to use it your router's DMZ feature should be disabled. (By default this is feature is usually turned off.)
Limit the shared folders on your network (or turn off file sharing entirely).
Turn up your Web browser's security. In Internet Explorer: Go to: Tools > Internet Options > Security > Default Level > Security level for this zone. With Internet selected in the top box, make sure the slider is set to at least Medium. Internet pages will display with few problems at this level. Setting the slider to High will be most secure, but some pages will not display.
Avoid sending personal information over the Internet. Credit cards are a particular risk: Use a well-known payment system such as PayPal, or send credit card numbers and the expiration date in separate email messages. However, since using your credit card online is sort of a way of life for many of us, I would suggest that you at the very least limit the number of credit cards you use online. Try to use only one for online purchases and give it a low credit line ($500-$1000). This way at least the damage is limited.
When browsing, don't accept software even with a certificate unless it's from a company you think is trustworthy.
DO NOT respond to spam. DO NOT answer messages like "Click on this link to be removed from our mailing list" unless it is a company to which you know you actually gave your e-mail address.
Running a public server (for example one that hosts games for other people to use, or one which serves Web pages for public viewing) causes additional security concerns. Never do this using your primary PC. Use a system that can be dedicated to the task and never use that system to store any personal information. This also applies to applications like MIRC or KaZZaA. Try not to use these on a system that contains personal information as these could also expose you to risk.
Finally, for the truly paranoid, remove your network from the Internet or turn it off altogether when it's not being used. While this may be seen as extreme, it is also unquestionably extremely secure.
I hope you find this helpful. Good Luck!
Use our feedback form to
submit your questions on home or SOHO networking
issues. We cannot guarantee to answer every question we get, but we’ll
consider them all.