Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Safety First: 16 Steps to a Healthy Network
To maintain network security takes diligence and the integration of strong security practices into our daily lives.
By Ronald V. Pacchiano 05/23/06
In this day of identity theft, malware, spyware, viruses and spam, it's more important than ever that we all take steps to safeguard our data against unauthorized access. Even though there are numerous resources available to help us accomplish this, software alone can do only so much. To maintain network security takes diligence and the integration of strong security practices into our daily lives. Yet most of us don't do this, even though we know better.
Computer criminals count on us to implement security casually. Yet it is possible to be reasonably secure with just a little bit of effort. While it's impossible to anticipate or stop every possible attack on your system, there are steps that you can take that should help to minimize your exposure.
In the sprit of protection, here are a few general security suggestions for making your online experience a bit safer and more secure. You don't need to adopt all of these practices, but obviously the more you do the more secure your systems will be.
Put a good hardware firewall between your computers and the Internet. NETGEAR, D-Link and Linksys each make good and inexpensive routers. Most are easily configurable and some even provide VPN and wireless capabilities.
In addition to the hardware firewall used on your network, you should also consider using a personal firewall on your system. These are really effective because they monitor not only what's coming into your system, but also everything trying to get out. Products like ZoneAlarm, BlackIce Defender, Norton Firewall and Trend Micro's PC-cillin are all excellent and inexpensive choices.
Use your router to control access to the network by enabling MAC (Media Access Control) addresses filtering. This limits which systems can gain access to your network by only allowing systems you specify access. While it's true that this technique is far from foolproof, it is often enough to thwart the casual user.
Run Windows Update often. If you're unsure as to whether a security update applies to your computer it's better to err on the side of caution and just install it. Better still, turn on Window's automatic update feature on your system. This way you won't forget to do it and you'll know your system is always current with the right updates.
Run virus protection programs on all computers. Set the scan to examine all hard disks and to continuously examine all incoming files. Check for anti-virus updates frequently, daily if possible.
Never leave a password at its default value. Passwords should not be simple: use characters, numbers and symbols. It's better not to use names or dates you find easy to remember: your birthday, your girlfriend's name and so on. This is an example of a good password: kB!3cgsiz_8 or 4*4zbmn-BXY. Ideally, passwords should also be updated at least every 90 days
If you have a wireless network, make sure you have at least WEP or WPA/WPA2 encryption enabled. As with the password, make sure you're using a strong encryption key at the highest bit level possible; typically 128-bit. If your hardware supports it, I would recommend using WPA/WPA2 instead of WEP. It's a much stronger security protocol.
Never place your primary PC in your routers DMZ or Demilitarized Zone. A PC using this address is wide open to the world. Unless you have a reason to use it, your router's DMZ feature should be disabled. Typically this feature is disabled by default.
Limit the number of shared folders on your network or turn off file sharing entirely. If you must use it, make sure that you set the folder rights to allow only specific users to gain access to its contents. Avoid using the Everyone rights whenever possible.
Turn up your Web browser's security. In Internet Explorer: Go to: Tools > Internet Options > Security > Default Level > Security level for this zone. With Internet selected in the top box, make sure the slider is set to at least "Medium". Internet pages will display with few problems at this level. Setting the slider to "High" will be the most secure, but some pages might not display properly.
When browsing, don't just blindly allow software to be downloaded and installed on your system- even with a certificate - unless it's from a company you think is trustworthy or it's a component you might actually need. A good example of this would be something like Macromedia Flash.
DO NOT respond to spam. DO NOT answer messages like "Click on this link to be removed from our mailing list" - unless it is a company to which you know you actually gave your e-mail address to.
Running a public server (for example, one that hosts games for other people to use, or one which serves Web pages for public viewing) causes additional security concerns. Never do this using your primary PC. Use a system that can be dedicated to the task and never use that system to store any personal information. This also applies to applications like MIRC or KaZZaA. Try not to use these on a system that contains sensitive information as these could also expose you to risk.
For the truly paranoid, you could even go so far as to disconnect your system from the Internet - or turn it off altogether - when it's not being used. This can actually be accomplished pretty easily by just disabling your network adapter. While this might be seen as extreme by some, no one will deny that it is also extremely secure.
Whenever possible, remote access should only be performed over a VPN connection. VPN's are one of the most secure communication methods available today.
And this last one is a personal pet peeve of mine. Resist the temptation to have your system automatically retain your account passwords. I know it's convenient, but it's also equivalent to having no security at all.
Many of these features only have to be configured once or can even be set to run automatically. The more transparent the process can become the more likely you'll be to implement it. These simple techniques and practices should go a long way to making your online experience more secure. Remember, data is your most valuable asset. Do whatever you can to protect it.