Computer Home Network

Posts Tagged ‘Network Security’

Make Your Wireless Home Network More Secure

February 24th, 2010

How can I Secure My Wireless Home?

So you now have a wireless network in your house. Thanks to the wizards in the wireless router’s software you were able to easily setup your wireless network. You can now enjoy the convenience of having a wireless access to other computers in your house and to the Internet.

However, your home network is now open to malicious eavesdroppers and unauthorized users who want to access the Internet for free through your home Internet connection.

But what measures can you take to start beefing up your network security while you’re still building your know-how on how to mitigate threats against your network both from the Internet and from around your physical wireless perimeter.

Turn Off Router When Not In Use

A simple but sometimes inconvenient measure that you can use is just to be conscious of network security always and to make it a habit to turn off the wireless router when it is not in use. Aside from saving a small amount in electricity cost, it will at least minimize the time that your wireless network is exposed to any unscrupulous person who may want to snoop on your network or use your Internet connection to access the Internet.

You don’t have to plug and unplug from your convenient outlet every time you want to turn on or turn off your wireless router. Buy an extension cord with a switch for turning the electric power on or off and plug your wireless router to the extension cord. This way all you will need to do to power on or off your wireless router is to turn the extension cord switch on or off. (Quite an ingenious tip I would say, eh?)

Disable Router’s DHCP Service

One way to make it less easy for others to make use of your home network is to disable the DHCP server on your wireless router. A DHCP server dispenses network settings to wireless computers to enable them to avail of network resources. However, it also makes it one step easier to make use of your network resources for selfish ends. If you only have a few wireless computers on your network, you can just configure their wireless network settings manually.

You only need to give to each wireless computer a unique Internet Protocol address and subnet mask belonging to the class of private addresses available for anyone’s use. Then, you can set its default gateway to the Internet Protocol inside network address of your wireless router which is already set by the router manufacturer. (You may also want to change the default router’s address for added security.)

Your wireless router is by default configured to act as a DNS server agent so you can just use your router’s Internet inside network protocol address as the DNS server of all of the wireless computers in your network. All of these network settings can be found or changed by looking at the computer’s wireless network settings (Internet Protocol settings).

Router Default Setup Not Secure

If you have just used the wizards in setting up your wireless router, then no security setting has been turned on and your network will look like a sitting duck waiting for hackers to break into. Your first order of business is to set your wireless network encryption to the highest level provided by your wireless router. You can also use a long pass phrase that contains numbers, letters and special characters. To help you remember the pass phrase, keep a copy in your wallet as well as in your cell phone or PDA. You can also use an off-line computer that is not connected to the network to store your passwords.

Turn Off Network Name Broadcast

Another way of making it harder for others to access your network from outside your house is to stop your wireless from broadcasting its network name. You can do this by disabling SSID broadcast in your wireless router’s configuration settings. You can access your router’s configuration files by using a computer that is connected through cable to your router. You can also use the wireless computers in doing this but there is a danger that you may lose connection if you make a configuration mistake.

Enable Router’s Firewall

One way of protecting your network from attacks from the Internet is to enable your router’s firewall. Routers use the Stateful Packet Inspection strategy to keep the hackers at bay. In simple words, it makes sure that packets entering the router from the Internet are valid and is related to requests made by computers inside your network. Packets that have no business entering the network are stopped by the router and subsequently discarded.

You can also prevent your router from answering ping requests from the Internet by disabling this feature in your router’s configuration settings. People in the Internet have no valid reason why they need to know your router’s Internet WAN address other than they want to do snooping or unauthorized access to your network. The only people that need to know your router’s Internet address is your Internet service provider and they already know it.

Turn Access Control On

To prevent outsiders from using your network to gain access to the Internet for free, you can enable machine address filtering in your wireless router’s network setup. To do this you have to find out the machine address of each wireless computer and include these addresses on the list of computers to be allowed to use the network in the wireless router’s configuration settings. This will make sure that only the wireless computers inside your house will be able to make use of your Internet connection to access the Internet. However, you need to include in the wireless router’s allowed list the machine address of your friend’s laptop if he wants to access the Internet from your house. This may prove to be a little bit inconvenient but that’s the price we have to pay for having our network protected from unauthorized access.

Change Router’s Default User Name and Password

The default user name and password for most wireless home routers are widely known in the Internet. Immediately change these two credentials after you have successfully logged on to your wireless router. Make up a user name with random letters and numbers and make it as long as you can memorize preferably not shorter that six characters. Make up a difficult to guess password using random letters, numbers and special characters. Use a long password that should preferably not be shorter that eight characters.

Check Router Status Every Now and Then

Finally every now and then check your router’s status and see which computers are connecting through your wireless network. You should be familiar with the Internet Protocol addresses of the computers in your wireless network and if you see that there are computers listed that you don’t know, then it’s time again to make a review of your security measures and make any corrective action to restore your network’s integrity.

By following the above suggestions, you would be able to make your wireless home network more secure. And if you want to learn more about fixing computer problems, safe wireless computing, video making on Windows computers, and creating free web sites on the Internet, check out my articles and video tutorials by following the links shown below.

By: Aureo Castro

No comments »

Posted in Article

Tags: Cord Switch Dhcp Server Dhcp Service Dhcp Settings Electricity Extension Cord Habit Home Internet Connection Network Resources Network Security Network Settings Perimeter Router Software Selfish Ends Unauthorized Users Unscrupulous Person Wireless Access Wireless Computers Wireless Router Wizards

Securing Your Wireless Home Network Through MAC Filtering

February 18th, 2010

One problem with wireless networks is that people who have wireless devices that are within the range of your network can access them. Even if you have set up a password for your wireless network, that password can also be hacked and access to your network can be gained. One way to further tighten up your network security is through MAC filtering.

MAC filtering is a network security procedure that only allows access to registered MAC addresses. A MAC address is the unique ID of a network device; no two computers or network device has the same. What this means is that only registered and authorized machines can access your wireless network. So even if they somehow managed to break or hack your password, they won’t still have access if their address is not registered. This is a very effective way to ensure the network security of your wireless home network.

What you need to do is enable the MAC filtering function of your wireless router or access points. Most routers at present have this function. Next, you need to input the MAC address of the computers in your home network. Getting the MAC address is different from one operating system to another, but this should be found in the properties of the network device. Check your computer’s manual or technical support for the procedure on getting the MAC address.

So, if you’re very particular about the network security of your wireless network, then one thing you can do is to enable MAC filtering in your network.

By: Tiraton Athiwat

No comments »

Posted in Article

Tags: Access Points Break Password Hack Password Mac Address Mac Addresses Mac Filtering Mac Network Network Password Network Security Operating System People Routers Security Procedure Technical Support Two Computers What This Means Wireless Access Wireless Home Network Wireless Networks Wireless Router

Network Security – Penetration Testing Explained

December 23rd, 2009

A penetration test (in the IT vernacular referred to as a “pen test”) is also known as “ethical hacking”, and this network security tool provides an essential function in vulnerability assessment. By actively seeking out and deploying attacks and penetration efforts against your network, you are more likely to uncover vulnerabilities and be able to take action to block holes in your security and pre-empt attacks on the perimeter defences.

Penetration testing includes both script-based and human-based attacks on the network in order to seek out and exploit vulnerabilities. The difference between this and say, criminal hackers looking to cause mischief or theft of data, is that you control the “attacker”. The “attacker” reports back to you on whether they were successful and if so, how to stop such an attack from being successful in real-life. Penetration testing will reveal network security holes but more than this, it will be able to provide you with a realistic risk assessment including the impact on your business should such an attack succeed. Knowing what such an attack may cost your business will provide you with the ability to quantify the business risk and determine whether you do in fact, need to implement a solution.

“Black Box Testing” involves a penetration test where the attackers have no knowledge of the network infrastructure. They are working from what a real, external hacker would be using – online connectivity and any human intelligence or reliance on human nature, in order to discover vulnerabilities.

“White Box Testing” involves attackers who have full knowledge of the network infrastructure and are seeking out vulnerabilities and scenarios to take advantage of perceived weaknesses.

An intermediate form exists, known as “Grey Box Testing” where some knowledge is provided, known also as “partial disclosure”.

The aim of these differing forms of testing is to compel imaginative ways to hack into the network, compromising network security. While having full knowledge of a system may lead the ethical attacker to use an obvious defect in network security, they may pass over and completely miss a less obvious but more severe vulnerability. Blind or black box testing does not allow for precise testing of certain components of the network because they don’t know how the network is established but, this form of testing does lead to more imaginative attack scenarios being developed and hence, a more realistic prospect of stopping a real attacker with mischief in mind.

Penetration testing should be a regular scheduled activity and performed at least once a year and every time the network infrastructure is added to or changed. Penetration tests are also a serious component of risk audits conducted to determine network operation and integrity. Script-based penetration testing is relatively inexpensive because of the level of automation involved and is eminently suitable for white box testing. Black box testing, on the other hand, is labor intensive because it involves real people emulating real life hackers and such a penetration test will involve more than simply running an online attack against the network, for instance, rummaging through company trash for computer information, and this dramatically increases the cost.

By: Lawrence Reaves

No comments »

Posted in Article

Tags: Attacker Attackers Business Risk Criminal Hackers Ethical Hacking Human Intelligence Human Nature Mischief Network Infrastructure Network Security Partial Disclosure Penetration Test Penetration Testing Perimeter Defences Realistic Risk Assessment Scenarios Security Holes Security Tool Vernacular Vulnerability Assessment

Back to Top

Valid XHTML 1.0 Transitional | Valid CSS 3