76. Keep security in mind when
installing network
By Mark Alberstat
Home networks used to be a thing of science fiction, along with flying
cars and Rosie, the Jetson's maid.
Although Rosie may not be feeding your dog, Astro, computer networking in
the home is an everyday possibility now. A growing number of those
networks are wireless, taking advantage of the sharp drop in cost of
wireless connectivity equipment, commonly called Wi-Fi. These routers and
cards are relatively plug-and-play right out of the box, making
establishing your network quick and easy. The problem arises over
security features that are not turned on as factory defaults and are often
never changed by the owner. These security holes can leave your network
open to other people hopping onto your wireless network and using the
Internet over your subscription. Hackers can also enter your network, and
computers, through open networks so securing that new wireless system is
as necessary as buying the equipment in the first place.
The first security door to close is the router password. To configure
your router, most manufacturers have a web page interface with a variety
of tools. These tools are protected so that only the owner can access
them but most of these standard, out-of-the-box passwords are well known
to hackers. Changing this first line of security is easy to do and only
takes a few seconds.
Encryption is another key to security. This feature, available on all
wi-fi equipment, encrypts the information going from one point to another
on your network and un-encrypts it for the user when it reaches its
destination. If you have a variety of different pieces of wi-fi
equipment, you must find the lowest common encryption level and use that.
However, as in all security issues, the higher the level of encryption,
the better.
Another good, but far from foolproof, security setting is the MAC address
filtering. This feature tells your router what pieces of wi-fi equipment
are allowed to access your network by a unique identifier, or MAC Address,
sometimes known as a physical address. To configure this option, find the
MAC address of each computer on the network and place that address on the
list that the router allows. Any other number is denied access. The
problem with this level of security is that a good hacker can fake MAC
addresses. While you are in the router's menu for this, you might want to
count up the number of devices on your network and see if it corresponds
with the number you think should be there. If there are more, a neighbour
could already be using your network.
Each device on your network has an IP Address. This is a number that is
assigned to the device and is used when the equipment talks back and
forth. Most home networks use DHCP to assign these numbers. The D in
that acronym stands for Dynamic and means the number changes frequently.
It is safer and more secure to use static IP numbers for each device,
usually within a range, and your router will know that range. With a DHCP
network, hackers have an easier time of finding an acceptable IP Address.
If you have the network name, or SSID, being broadcast, turn it off. This
feature is designed for businesses where clients with laptops can come and
go. In a home network, this feature is not needed and adds a level of
insecurity that is easily turned off with no harm to your connectivity.
With these few security issues implemented, your home network's safety
will take a big leap to being hacker proof or shared by your neighbours.
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca. If we use your question in
a column, we'll send you a free mousepad.
Originally published 22 January 2006
