The average home computer setup is significantly more complex than it was even five years ago. With the advent of broadband Internet access and inexpensive wireless network setups, we are finding more and more that the home computing environement today is starting to look more and more like small office networks.
Along with this increasing complexity, there are also comes a need for increased knowledge and understanding of the computer systems. Unfortunately, the average home user is ill equipped to handle all of these complexities. This lack of understanding leaves many home systems open to attack from the wilds of the Internet.
The purpose of this article is to provide the typical home user an overview of some basic steps that can be taken to help secure their home systems. It is not intended to be an all encompassing “do this and you will never have computer problems again” article. Rather, it will attempt to point users in the right direction when it comes to safe computing.
Home Network Overview
The diagram above shows what a safe home network could look like. In incorporates a number of different hardware and software solutions that work together to help keep the computer systems safe.
The numbers one to ten in the diagram refer to ten key components that each provide a measure of security. Each of these components deserves further description and comment.
 |
Install a Hardware Firewall/RouterThe hardware firewall/router is at the core of your system security. It is on the “front lines” when it comes to protecting your systems. It’s main security purpose is to let you get out to the Internet while keeping the Internet out of your computers. While initially expensive, their price has dropped significantly in the past number of years. In fact, I have seen them as inexpensive as five dollars. There is no real reason to not have a hardware firewall. Some of the common manufacturers of hardware firewalls include: Setup Tips
|
Secure Your WiFiComputer criminals love WiFi (or wireless network link) because it is so easy to set up wrong. Anyone with a laptop, wireless network card, and software available for free from the Internet can find unsecured Internet. Unsecure WiFi data is then often uploaded to the Internet for everyone to see. Security Tips
|
 |
 |
Install a Web Filter/ProxyA web filter controls access to certain websites or content. While no web filter is foolproof and many experienced computer users can get around them with some effort, they do help prevent people (expecially children) from accidentally stumbling on things they shouldn’t.
The filter can be a stand alone system that protects your entire network or software that runs on your computer to protect just that computer. Freeware/Open Source Web Filters |
Install a Spam FilterA spam filter looks at your e-mail and determines whether or not it is a real e-mail or junk mail. It can then deal with the junk mail according to your settings.
Just like a web filter, a spam filter can be set up to secure a single computer or an entire network. There are both software and hardware based spam filters. Freeware/Open Source Spam Filters |
 |
 |
Install and Maintain Antivirus SoftwareAfter a firewall, antivirus software is probably the most important security feature you can have on your network. If you don’t have antivirus software, stop reading and get it NOW! If you have antivirus software, make sure that you keep it up to date. Antivirus software is only as good as its last update. Do this daily if you can. Free/Open Source Antivirus Software |
Install Desktop Firewall SoftwareThe hardware firewall does not prevent spyware and viruses from getting outof your network. A desktop firewall can monitor traffic leaving your computer or programs attempting to use your internet connection. This way, if you see an odd program suddenly wanting to connect to the Internet, you will be able to make an educated decision. Freeware/Open Source Desktop Firewalls |
 |
 |
Install Antispyware SoftwareAntispyware spftware helps to protect your privacy by removing cookies and software that track you on the Internet. Spyware can also collect and transmit different types of personal information that it finds on your computer to other parties. Freeware/Open Source Antispyware |
Install Encryption/Secure Deletion SoftwareThe purpose of this software class is to prevent prying eyes from getting into your personal information. Encryption software can make files, e-mail, etc. look like jibberish unless you have the proper password or key. Secure deletion software makes sure that remnants of your files do not lurk inside your computer, even afte they have been deleted. Freeware/Open Source Encryption/Secure Deletion Software |
 |
 |
Install Password Management SoftwareLast time I looked, I have over 70 username/password combinations for various different websites and systems. There is no way that I can remember them all. The temptation is to use one password for everything but this creates a major problem is someone discovers that password. They now have access to everything!
Password management software allows me to still use one password (to open the software) but everything else can have a different, extremely complex password. While there is still an issue about one password being the key to all other passwords, the user needs to actually have your password file and password (plus, for some software, your keyfile(s)). Freeware/Open Source Password Managers |
Install and Use a Backup SystemRemember the old commercial that asked, “What are the three most important things about real estate? Location, location, location.” Well, the three most important things about computer systems are backup, backup, backup.
There are any number of problems that can occur which would cause you to lose data: hard rive crash, virus attack, accidental file deletion, file corruption. I cannot emphasize enough that you need to backup your files. Freeware/Open Source Backup Software |
 |
The Internet is an ever changing landscape. What is secure and safe today may not be tomorrow. This article is not the end all and be all for securing your home network. I hope that is does make you pause to think about how you have set up your network and maybe make some changes.
| Trackback link - http://www.dailycupoftech.com/10-ways-to-protect-your-home-network/trackback/ |
|
November 30th, 1999 at 12:00 am
[IMG daily cup of tech firewall image] Today I was looking for different firewall options for my Vista Computer and I ran across a very useful article about how to secure a home network from Daily Cup of Tech. So check it out
January 1st, 1970 at 12:00 am
October 13th, 2006 at 1:02 pm
Daily Cup of Tech - 10 Ways to Protect Your Home Network - nice look at ways to secure your home network. It stops short of the nitty gritty details of implementing some of the recommendations, but it’s a nice overview and would certainly point anyone interested in the right direction for more information.
October 20th, 2006 at 11:02 pm
Thanks for a great article! I have several of these ideas implemented on our 4-computer home network. But I still need to work out a better backup solution, and some sort of web filter.
As for the WiFi, I do have DHCP enabled and the SSID is broadcast - without these I have trouble with my laptop sometimes not connecting to / seeing the network (especially if its been on a different network at uni). But I imagine WiFi security would be more of an issue in a city/apartment setting than a private home on a culdesac.
About your fancy diagrams - what progam do you use for those? Does it come with preconfigured PC symbols, etc?
October 21st, 2006 at 9:36 am
hi again,
Can you point me to any sites that would help me setup a standalone web filter for our network?
I’ve got the modem seperate from the router/hardware firewall/wifi acess point, so I was thinking that perhaps I could have a basic system (maybe a linux box) sitting between the modem and router (thus outside the LAN). Alternatively, if the standalone web filter was on the LAN side of the router, I’m not sure how it would filter web access for all computers, since they communicate directly with the router.
Any chance you could explain a little how your home system is setup (if that is relevant)?
Thanks
October 23rd, 2006 at 1:41 pm
Sam,
Thanks for the feedback. The diagrams that I have here were created in Microsoft Visio 2003. All of the drawings were included with the application.
As for setting up a proxy server, I am planning on writing an article on that in the near future. But, to get you started with a really quick solution, check out the Squid Proxy with DansGuardian Content filtering virtual appliance.
Tim
October 23rd, 2006 at 1:43 pm
Sam,
As for my home network, it is set up almost exactly the way I have described in this article. There are a few exceptions (I have a DMZ set up for penetration testing and some VPNs set up so I can help others) but what you see is basically it!
Tim
December 7th, 2006 at 8:44 am
I was wondering what is the harm of DHCP? I let my router use it to assign the 3 ip addresses that are in my house. I just want to know what is the actual issue. I have it limited to 4 ips because I sometimes bring on a laptop and have the wifi setup to only accept the mac addresses I have listed. I think I am secure but I don’t know due to this DHCP question you have put in my head.
Any clarification would suffice.
thanks,
Greg
December 7th, 2006 at 8:52 am
There are a number of issues around DHCP, many of which you appear to have already addressed by limiting the number of IP addresses and putting on MAC address authentication. But, even with these precautions on, there are a couple of things to look at:
MAC address spoofing is very easy to do. All it would take is someone to duplicate your MAC address and they are immediately on your network.
The DHCP server is announcing information about your network, even if you do not get an IP address. This information can quickly lead a hacker into your system.
I know it sucks to have to manually set up your IP information each time you connect into your home network but, if you have a network that is consistent and you do not move from network to network, it can be a real benefit.
Tim
December 12th, 2006 at 11:08 am
[IMG ] 10-ways-to-protect-your-home-network howto-help-protect-your-children-on-the-internet-in-progress
December 15th, 2006 at 1:58 pm
I setup 2 bat files to quickly change network settings. One for my home network with a static ip
netsh interface ip set address name="Wireless Network Connection" static xxx.xxx.xxx.xxx (ip address) xxx.xxx.xxx.xxx (subnet) xxx.xxx.xxx.xxx (default gateway)and one to go back to dhcpnetsh interface ip set address name="Wireless Network Connection" dhcp. This way I can easily switch back and forth, and don’t have to remember all the settings.December 15th, 2006 at 3:38 pm
Adir,
Cool tip!
Tim
February 5th, 2007 at 6:17 pm
Security through obscurity…
Disabling your DHCP server affords little/no additional security and makes using the WAP difficult. The DHCP server advertises an available IP, the gateway address, and dns server(s) (though many routers proxy DNS now).
Once you’ve authenticated to the AP, all of this information is easily obtained. IP information is broadcast in ARP requests/replies. It won’t take long to figure out what network is being used and use a random IP. None of this requires an adapter that supports promiscuous mode.
As another reader already pointed out, MAC filtering is also easy to circumvent. Hopefully manufacturers will make this impossible some day.
SSID is easy to discover as it flies around in plaintext even if the AP is not configured to advertise it. However, inexperienced attackers won’t try to break into what they cannot see.
The point is, your WPA/WPA2 key is the only decent line of defense when securing a wireless AP. And by the way, WPA is not “cracked”. It’s vulnerable to brute force / rainbow table attacks. Use a long, non-dictionary based PSK and WPA will offer good protection.
February 11th, 2007 at 6:21 pm
I agree with the above’s comment on WPA should be used with a random appearing alphanumeric PSK.
I tend to take a word, turn it into numbers using a phone keypad as the cypher, then select a bunch of those numbers and turn them back into the first letter on the phone keypad.
So for example:
ALPHANUMERIC
257426863742
2j7g26t637g2
Note: I dont actually use this one it is just for example purposes
then as long as you remember the word you can work it back.
I refer to this as semi-dual cyphered.
March 5th, 2007 at 2:21 pm
Daily Cup of Tech » 15 Ways To Help Protect Your Children On The Internet Daily Cup of Tech » 10 Ways to Protect Your Home Network Posted in Uncategorized | No Comments »
March 28th, 2007 at 5:18 pm
Articles Pages10 Ways to Protect Your Home Network 11 Password Tips 15 Ways To Help Protect Your Children On The Internet 32 MB USB Drive Contest 32 MB USB Drive Contest Voting 35 Web Based Application Alternatives 9 Ways To Think Outside The Box About Daily Cup of Tech
April 14th, 2007 at 11:16 am
For those who want to take home or small-office network security seriously, there is a good article by Tim Fehlman at “Daily Cup of Tech”. It covers WiFi security, network firewalls, software firewalls, content-filtering web proxy, anti-spam, password management, backups, etc. [IMG 10 Ways to protect your home network] What’s missing, in my opinion, is:
May 1st, 2007 at 10:00 pm
For backup purposes, I always have at least one extra hard drive either IDE/SATA attached or a USB. I use Second Copy and have it setup to backup my important files at convenient times and at a frequency that will give me that warm fuzzy feeling. For my digital photo’s, I download them straight to my “D” drive and then backup to another USB hard drive. Keeping them off the “C” drive all together.
March 25th, 2009 at 8:59 am
wow!!! thanks for the info! its a very good info!
August 26th, 2009 at 2:53 pm
[…] your default password. This is very easy to find on the […]