ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Best Practices for Securing Your Home Network

Updated on May 23, 2009

Information Technology (IT) departments in large corporations are increasingly allocating more of their annual budgets to security for one simple reason--the value of an organization's data far outweighs that of its physical assets. While you may not be running a corporation on your home network, your data may be your most valuable asset as well. Fortunately, there are some simple and straightforward steps you can take to minimize the risk of losing that data. As long as you remember that there is no single solution to security, but rather that it requires a multi-layered approach, you should be well on your way to safer networking.

Common home network topologies

Let's start by examing the two most popular methods for connecting your home network to the Internet.

  • Software Router. A single computer on your home network is connected directly to a cable/DSL modem. You use your operating system's Internet connection sharing tool to share your Internet connection with other computers on your network.
  • Hardware Router. A router is installed between the computers on your home network and the cable/DSL modem. The router provides Network Address Translation (NAT) to share your Internet connection with other computers on your network.

Regardless of which scenario you choose, the practices we'll outline in this article are generally applicable.

Definition: A router is a tool that examines network traffic and determines whether the traffic belongs to the local network or another network. As its name suggests, it "routes" traffic to the appropriate network.

Enable your firewall

Every modern operating system on the market today provides some sort of firewall. These firewalls are built into the operating system and are typically pre-configured for you. Of course, you can also purchase third-party firewalls that provide additional functionality. Regardless of which topology your network uses, you should make sure that your OS firewall is enabled and configured correctly.

For example, shown below is the Firewall built-into Windows Vista and Windows 7. As you can see, the firewall provides three default network profiles: Domain, Private, and Public. For each profile, you can specify whether the firewall should be turned on or off, and whether inbound connections and outbound connections are allowed or blocked. If you click on each profile tab, you can see the default settings for each network profile.

Definition: A firewall is a set of rules that determine which types of communications can occur between computers, applications, services, and networks. Typically, the rules are configured to allow unrestricted outbound access but limited inbound access.

 

Windows Vista / Windows 7 Firewall
Windows Vista / Windows 7 Firewall

USE DHCP sparingly

Routers generally have a built-in DHCP server that assigns an IP address to each device on your network. While this relieves you of the burden of having to assign IP addresses to individual computers manually, it also makes your internal network more vulnerable.

For example, let's say you have a wireless router and its integrated DHCP server is enabled. If a client computer is in the broadcast range of your router, it can request an IP address and, if assigned one, can join your network. In this case, eventhough the client computer is not physically located on your home network, it now can behave as though it were.

Definition: DHCP is an acronym for Dynamic Host Configuration Protocol. When a client device requests an IP address, the DHCP server automatically allocates one from a pool of available addresses.

We recommend that you assign all your wired devices static IP addresses and allocate only enough DHCP addresses to satisfy your wireless devices. For example, if you have desktop computers and notebook computers, assign your desktop computers static IP address and reserve enough IP addresses for your notebook computers, as the latter are mobile and may need to join networks other than your home network.

Some routers support a technology known as static DHCP, which maps an IP address to the Ethernet address of a network interface card. For example, if the Ethernet address (also known as the MAC address) of one of your network cards is 00-30-1B-BD-74-81, you can create a static mapping such that this network interface always gets the IP address 192.168.11.204. If a rogue client like we described above requests an IP address, the process fails because the client's MAC address is not in your table of static DHCP assignments.

Definition: Static DHCP is a special type of DHCP that provides a one-to-one mapping between IP addresses and Ethernet addresses.

 

Static DHCP mapping between IP addresses and Ethernet addresses
Static DHCP mapping between IP addresses and Ethernet addresses

Secure your hardware router

If you're using a hardware router, make sure you login with the vendor-supplied administrative credentials, and then change them by providing a strong password. Many routers come preconfigured with the user ID admin and a weak password. One company I'm aware of uses admin for both the user ID and the password.

Also, many routers come preset with IP addresses, such as 192.168.0.1 or 192.168.1.1. You should change this default setting as well. Typically, changing the third octet to something different (for example, 192.168.27.1) should suffice. In this example, all your network devices would then be on the 192.168.27.x network, where x is a unique number between 1 and 254 assigned to a particular device.

Secure your wireless network

By their very nature, wireless connections are unsecure because there's no physical barrier between connection points. To secure your wireless network appropriately, you need to focus on two areas:

  • Controlling access to your wireless network.
  • Securing data carried on a wireless connection.

Hide your network

Regardless of whether your wireless access point is integrated into your router or it's a separate device connected to your wired network, it has a network name known as a Service Set Identifier (SSID) or sometimes Extended Service Set Identifier (ESSID). If this identifer is enabled, your network name is broadcast to the public. By turning off broadcasting, you can hide your wireless network from prying eyes. Doing so requires more effort on your part when connecting to your wireless network, but it also lessens the chance that a client device outside your network will attempt to connect to your access point.

Restrict access by hardware address

An access control list (ACL) is a list of Ethernet (MAC) addresses that are allowed to connect to your wireless network. If the client computer's MAC address isn't in the ACL you create, then the computer's connection attempt is denied. To create the ACL, you'll need to go to each client device on your network, determine it's MAC address, and then enter it into your access point's configuration utility. Again, this requires some effort on your part, but it's another layer of security you can add to your home network.

Require authenticated sessions

Operating system providers face a constant challenge of keeping their products secure yet making them easier for users to manage; needless to say, they don't always achieve that goal. One such instance is the fact that, in most cases, the operating system saves your login credentials automatically when you first set up a wireless connection. We recommend that you change the default setting to require a prompt for your credentials each time you connect.

Encrypt your data

Even if you've addressed access issues using the practices discussed so far, you still need to think about the data that travels across your wireless network. How would you feel, for example, if you were purchasing an item from an online store and someone was sniffing out your credit card information by captuing the data stream? To prevent this kind of cyber crime, you need to encrypt your data. Most routers support Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), the latter being significantly more secure than the former. In the figure shown below, you can see that we've chosen WPA/WPA2 Personal for our wireless security.

Wireless settings on Apple's AirPort Extreme and Time Capsule
Wireless settings on Apple's AirPort Extreme and Time Capsule

Keep up the good work

Now that you've put these recommendations into practice, it's time to maintain them. Part of this job entails applying the operating system updates that both Microsoft and Apple provide via automatic online updates. It also includes keeping your router firmware up-to-date.

Enjoy your journey!

Comments

    0 of 8192 characters used
    Post Comment

    • santoion profile image

      santoion 

      9 years ago

      Very good hub !

    • Susan Ng profile image

      Susan Ng Yu 

      9 years ago

      I see. Thanks, froejoe. I'll try that.

    • Dame Scribe profile image

      Dame Scribe 

      9 years ago from Canada

      Fantastic info! :) it is a concern of ours too since my sons have a hard time with their xbox, lol :) thank you!

    • froejoe profile imageAUTHOR

      froejoe 

      9 years ago from New York

      The Linksys software you install on your computer is only to help you set up your initial connection to the router. You need to consult your Linksys documentation, find out what the default administrative login credentials are, and then log in to the router. To do so, just enter the router's IP address (e.g. 192.168.1.1) into your web browser. Once you're connected to your router's administrative page, look for the firewall setting or tab and confirm that it is enabled.

    • Susan Ng profile image

      Susan Ng Yu 

      9 years ago

      I have a Linksys router and it's supposed to have a built-in firewall, but I don't know how to enable or configure it.  I've installed the software for the router on our computer but I can't find an option to configure the router firewall anywhere. :O

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)