Guidelines for Securing your Residential Network and Home Computers
The purpose of this document is to help you understand the necessary elements
for a secure computing environment at home. The company that provides your Internet
does not provide security. Security is the user's responsibility. This document
should assist you in securing your home network.
This is not a detailed step-by-step of how to configure the different components.
The complexity and difference of each person’s home configuration makes
detailed “How To” documentation difficult.
Two broad areas of security for Home Networks
1) Residential Network - the equipment that makes
up the network in your home.
(ie…Cable/DSL modem, hub, router (router may contain wireless connection,
firewall, and/or VPN)).
2) Computer Devices - the computers that connect to your network. ie., laptop, desktop, network printers, game console, wireless PDA, etc.
Terms
Router - a device that creates multiple Internet connections if you have more than one computer that needs to access the Internet simultaneously.
Hub - a device that creates multiple Internet connections if you have more than one computer that needs to access the Internet but only one computer can be on the Internet at one time.
Firewall - either software or hardware that prevents unwanted Internet traffic from entering your network and/or your computer.
Virtual Private Network (VPN) - software that creates
a 'tunnel' to Northwestern's network from anywhere. It allows you to act 'as
if' you were on the Kellogg Network. For information and to see how to set up
the VPN connection for Kellogg, click
here or here http://www.kellogg.northwestern.edu/kis/docs/howto/network/vpn
.
If VPN comes integrated in a router, it will you to 'tunnel' back to your home
network. This means that you can connect to your home network (and computers
on your home network) from any Internet connection anywhere.
Internet Service Provider (ISP) - The company through which one can order Internet at home - Comcast, SBC, etc.,.
Cable/DSL Modem - the device provided by the Internet Service Provider to run the Internet into one's house.
Wired Equivalent Protection (WEP) - A password on your wireless connection. The WEP encrypts all the data sent from a computer to the wireless access point.
Service Set Identifier (SSID) - The name of your wireless network. If you buy a Linksys wireless router, for example, usually the SSID will be Linksys.
MAC Address - a unique number given to every network card (wired or
wireless).
If a computer has a wired connection and a wireless connection, there are two
MAC
addresses.
• To find the Mac address go to Start?Run. Type cmd. A black box
(Command Prompt) will pop up. In the first line type ipconfig /all. In the text
that appears
look for the physical address - this is the MAC address. If there is more than
one physical
address it is
Spyware - Software that is loaded on your computer, often unintentionally, and sends information about your Web surfing habits to companies. Sometimes this software can be malicious and use up the computer's resources.
Strategies for securing your residential network
1. Using and configuring a router and the importance of
firewall hardware.*
*KIS recommends that you do not directly connect into your cable or DSL modem
without the presence of a firewall. Since many routers come with firewalls,
and routers allow for multiple connections, buying a router is probably the
best value since it provides protection and expandability. KIS generally recommends
Linksys routers and firewalls. They range in price from around $75 to $200 (depending
on number of connections and wireless capability).
A router transforms the one Internet connection from the ISP into multiple Internet
connections for additional computers. Routers often come with a firewall installed
and may include other features such as wireless and VPN access. When you buy
a router, it should contain a firewall. If you do not need multiple connections
to the Internet, KIS recommends that you purchase firewall hardware to secure
your network. Firewall hardware, either in a router or stand-alone, is effective
at preventing outside attacks and hackers from entering your home network.
When you purchase a router, there will be straight-forward, simplified instructions that the manufacturer includes with the device. Follow the instructions and use the default settings during the setup. After you can connect to the Internet through the router, secure your network by:
1) Changing the user name and password for the router. If
the user name and password are left as the default, a hacker could easily infiltrate
your router and compromise all security. Make sure you write down the new name
and password so that you can re-login in the future.
2) Make sure Universal Plug & Play (UPnP) is disabled.
While setting the different security features, work slowly and precisely. Remember what steps you take and make sure that you connect back to the internet after each step.
KIS will continue to add information and helpful tips on securing home networks.
2. Configure Wireless Access Point for Protection
Routers can come equipped with wireless access. Routers emit a signal that can
extend through walls. To prevent other people from using your wireless connection
or infiltrating your network, follow the steps below.
There are different levels to securing the wireless signal in the house. The
following steps are listed from easiest to hardest. In order to have a secure
wireless setup, you should at least implement the first three steps listed below.
1) Change the default SSID (service set identifier) for
the access point. The SSID is an identifier of the wireless network. All
wireless connections come preconfigured with the manufacture’s default
SSID name. If it is a Linksys router the default name will be Linksys. Change
the SSID. When changing this name, pick something that is unique. The
first time you connect to your wireless network you will need to add this SSID
manually to each computer.
2) Disable the broadcasting of the SSID for the access
point. The default setting on access points are to broadcast the SSID so
that computers with wireless cards can automatically find the SSID and configure
the card to connect to the signal. When you disable this feature, only people
that know about the network (and type the SSID into their wireless settings
manually) will be able to detect its presence.
3) Set WEP authentication to protect the data transmission.
WEP puts a complex password on the wireless signal itself. This protects every
bit of information that is sent wirelessly from your computer to the wireless
access point. WEP can be set as 64-bit or 128-bit codes. The codes are generally
written in HEXDecimal which means the password alternates between letters A-F
and numbers 0-9. This can be generated by using a Passphrase tool found in WEP
area of the wireless device (router). If you use the Passphrase tool you must
enter the generated code into the wireless device. After establishing
a HEXdecimal code, either manually or using the Passphrase tool, you will need
to manually enter the code into wireless device.
4) Set MAC address restriction for wireless cards that
you want to access your network. Every network card has a Media Access
Control (MAC) number that is unique to only that network card. This last feature
will allow you to set which wireless card(s) can actually connect to your wireless
network. You will need to add the MAC address for each wireless card that you
want to access your network to the wireless device. This security feature is
effective because if the access point does not have the MAC address listed as
a trusted card they will not be able to gain access, even if they know the SSID
and HEXdecimal code.
Strategies for securing your computers on the network
Once you have implemented a secure environment for the components that make
up the residential network backbone then you need to protect each computer that
is connect on the network. This step is just as important as protecting the
network because each computer still has the potential to release viruses or
compromise the network. There are three things to consider when protecting each
computer on your network:
1) Make sure your Virus Protection Software (Symantec
at Kellogg) is updated and running properly.
2) Go to http://www.windowsupdate.com
and make sure all Critical Patches and Service Packs are up-to date.
3) Install firewall software such as Zone Alarm ( http://www.zonealarm.com
for free version).
4) Download anti-spyware programs such as Ad-Aware and scan computer for spyware
software that can slow down computer performance and compromise security. (
http://www.lavasoft.us for free version).
Refer to the Microsoft website on security for more detailed information. ( http://www.microsoft.com/security/protect/ )