Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Lessons Learned in the PracticallyNetworked Forums
Up for discussion and debate this week is a
helpful Dos and don'ts list for wireless network security, how to find and fix
IP conflicts on your network, and also inconsistent and slow cable modem speeds.
Practically Networked Forums Spotlight highlights several of the most
active or interesting topics from the more than 25,000 posts in the
Practically Networked forums. From here you can follow the links to each
discussion of interest to offer your own advice, or to ask your own question to our
forum members if you happen to be in need of a little networking guidance
Practically Networked Forum Statistics
For September 17, 2007
Registered Members: 10,680
Count - September 04, 2007
Registered Members: 10,630
This Week's Highlighted Topics
Practically Networked Forums > Practically
Networked > Wireless Networks Thread: Wireless Security - dos and don'ts
For quite some time now the PracticallyNetwork Forum moderators have been
maintaining discussions that can help you in set up and configure
different aspects of your network. The Wireless Security reads like a great FAQ
and is an excellent starting place for those interested in topics such as home
wireless network security, passwords for file sharing, MAC ID filtering and much
Fact : Many users with a new
wireless network do not implement any security (users = home and
Wireless networking is designed to be 'plug and play'. Microsoft
and wireless vendors support this in their products. However the
result is a wide open network. Implementing security is
essential asap when your wireless networking is working for you.
This becomes more valid as more of us buy wireless and overlap
our wireless networks.
- Use MAC authentication. Most wireless routers provide for you
to identify the MAC addresses which are allowed to connect.
- Use encryption. All wireless devices have WEP. Use at least
WEP. Better still is WPA if you have it.
(Note that MAC and WEP are not secure from an experienced
hacker. WPA is essential for the best security).
Do not disable the SSID broadcast function. Most routers/APs
will allow you to do this and its true that it hides you from
the average wireless user, but there is a big downside. If you
are in the proximity of another wireless network which does use
broadcast (they all do by default) then XP will drop your
connection and offer you the available networks. And it will do
that forever until you enable your broadcast again. MS think
this is good thing, you may not. But its a fact.
MAC ID filtering is a completely
worthless exercise, and gives a false sense of security for those
that don't understand wireless security.
Why do I say this? Because all MAC ID filtering does is check your
MAC address before giving access to your network. It provides zero
There are 2 types of attacks someone can do to your network: passive
A passive attacker sniffs & stores your WiFi network traffic- your
e-mail, the web sites you visit, and your IM - everything broadcast
over the air . and can sift through it at a later date to pull out
anything they see as interesting. For example, if you access a POP3
e-mail account over WiFi, every time you send/receive mail, you are
broadcasting your username & password over the air. As a hacker, I
can capture this information and once I get access to your e-mail, I
can know everything about you, and you.ll never know that I.m there.
As a passive attacker, I can sniff your network from a mile away
with a $49 directional antenna, and you.ll never even know that I.m
there. MAC ID filtering does nothing to stop passive attacks because
it provides no encryption.
An active attack is when I join your network, and start accessing
resources (bandwidth, files, or devices) as part of the network. MAC
ID filtering blocks access to the network if the MAC ID isn.t
registered with the access point. The fallacy of MAC ID filtering is
that it.s hard to crack. Because MAC ID filtering doesn.t block
passive attacks, I can sniff your MAC address, change my MAC ID to
be the same as yours, and join your network as you. From a hacker.s
perspective, I just got a free license to masquerade as you.
Anything I do on your network or the Internet looks like I.m doing
it from your PC and your IP address. :-)
Don.t be lulled by MAC ID filtering. It provides no protection
against passive attacks on your network, and puts up a 30 to 60
second barrier from actively attacking your network. WEP filtering
is a little more secure, but I would hardly say it makes you secure
99% of the time.
Are those two steps (MAC authentication and WEP) secure enough to
stop worrying about security issues?
Is there something else we new wireless network users should be
How about turning off File and Printer Sharing for Microsoft
If so, how are we supposed to share files and printers?
Practically Networked Forums > Practically
Networked > General Discussions Thread: IP Conflict
Forum member Clopez7361 is running a large
network and asks our forum readers how to find an IP conflict within the
network. Forum member davis suggests looking at the DHCP server running the
network and to check log files for the conflict, while another member suggests
that Clopez7361 double check the number of computers and make sure they aren't
over the limit for a single subnet.
Can anyone tell me if there is a command
that I can use to find the IP Conflict that I have on a network of
about 250 computers?
The best place is to look at the DHCP
server that is running your network and check the logs to find the
conflict. There isn't really a command that i know of that will pop
up the conflicting address.
Best place to start looking is for servers on your network running
static IP addresses, and making sure those addresses are put into an
exception list in your dhcp server, or the server statically assigns
those IP's to the specific MAC's.
"About 250 computers?" Um, that's near
the limit for a single subnet. Are they all on the same subnet?
Could you have, maybe, 255 computers?
Practically Networked Forums > Practically Networked > Sharing Thread: Windows File Sharing with TCP/IP
Forum moderator Greenstead has a general
checklist which is a handy guide for those troubleshooting Windows File
Sharing with TCP/IP. In this forum thread, Greenstead along wioth other members
post some excellent advice and things to check for those planning to share files
between PCs in a peer-to-peer network.
This is a general checklist for sharing
files between PCs in a peer to peer network. There can be other
reasons for problems but I think most people new to networking and
finding sharing a problem will find the answer somewhere in this
These checks are all necessary for sharing to work with TCP/IP.
- PCs which are not XP must have
- Each PC must have a unique computer name.
- Each PC must have a network share defined.
- ALL NICS must be on the same subnet (e.g. IP 192.168.0.* subnet
- XP PCs must have Netbios over TCP/IP enabled (only essential for
XP to talk to W9X PCs).
- MS Client and file & printer sharing must be enabled on each NIC.
- All NICs must have their node type = anything except p-node (peer
to peer, or point-point). Check at cmd prompt with Ipconfig /all
(XP/W2K) or winipcfg (W9X).
- XP's ICF firewall is permanently disabled. (Only necessary for pre
- All 3rd party firewalls are disabled, uninstalled and deleted
(until connection is working).
- PCs have the same workgroup (helps, but not essential).
Allow 15 mins after rebooting a PC for that PC to appear in the
workgroup, or for it to see all other PCs. Or you can search for the
PC by its computer name.
If all the above checked out and still a problem check these:
- Realtek cards have been known to be a problem with IRQ conflicts.
Move the Realtek card to another PCI slot.
- Check your Services are Started on all PCs: Workstation, Server,
TCP/IP Netbios helper, Computer Browser.
- You only need TCP/IP. NWLink NetBIOS, NWLink IPX/SPX/NetBIOS
Compatible Transport Protocol ->are not needed and can confuse
things. Remove them.
- XP gives access to its shares via the Guest Account. (Note, the
local guest account in user accounts which should be off).
Net Guest Account access is enabled by default in XP, but check it:
At command prompt:
>Net user guest
Should return a line with 'Account active yes'.
If not active use:
>Net user guest /active:yes
(Still leave the user guest account off)
See link for explanation of guest account: http://support.microsoft.com/kb/300489/
Check XP Security policies:
- Access this computer from the network: add guest
- Deny logon locally: remove guest
- Network access:Sharing and security model... -> Guest only
- Deny access to this computer from the network-> check Guest is not
You might also ad that XP does not like
to recognize other computers/users whose name is two or more words
in length with spaces or other characters between the words. This
can be a particularily aggrivating issue when mixing win 98 and xp
machines on a network.
I've only been running a wireless
network for 4 days, and was wondering why I could access my
notebooks files from my PC, but not the other way around. The answer
'MS Client and file & printer sharing are checked on each NIC' was
not enabled on my network card on my desktop
I'll also add that thanks to your posting RE: establishing a home
multimedia wireless network, I was able to watch a movie on my
desktop streamed from my laptop.