A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Setting Up a Secure Network at Home

Pointers on how to secure your home network.

A secure personal network is the first step towards secure computing. The following are a few suggestions to secure networking at home.

Choosing Wired Versus Wireless

When possible and convenient, use a wired network. Wired networks, whose signals are contained within wires, are much safer than wireless networks, whose signals are broadcast into the air. One can be safe from a number of malicious attacks by connecting a computer to the router (a device that connects networks, in this case, your local network to the Internet) via an ethernet cable, instead of connecting via wireless. Appropriate network settings, of course, must be entered into the computers.

Going Wireless at Home

If a wireless network is desired, use the following recommendations.

  • Change the default router password, if you install a wireless router. The router's manual should tell you how to do this, as it should be one of the first steps when installing a new router. The default passwords for various vendors' routers are well known, so a router is unsecure when using the default password.
  • Place the wireless router at a location within the house, such that the wireless signal stays inside the house primarily. By restricting the signal to the house premises, you avoid potential snoopers.
  • Enable encryption. Preferably enable Wi-Fi protected access (WPA), which is a relatively strong encryption technique for establishing secure connections. The other common alternative, wired equivalent privacy (WEP), is a weaker technique that is easier to crack. WPA and WEP are the two most commonly used encryption techniques implemented in wireless routers. Enabling encryption makes the connection between the users and the router secure because only users having the passkey can then access the router. Your router manual gives instructions on how to enable encryption in the router.
  • Change the name of your network, known as the service set identifier (SSID), from the default value. While not increasing security substantially, this step will hide certain details, even if only to a small extent, and it is still recommended.
  • Enable MAC address filtering in the router. Every network card in a computer has a unique identifier called the MAC address. Using this ID for membership in the network is a good way to keep unwanted people out. MAC filtering lets only those nodes communicate on the network that have their MAC address registered with the router. Authenticated nodes are registered by adding a list of MAC addresses for all computers allowed access to the network in the router settings. Although it is possible for MAC addresses to be spoofed, this method makes it hard for the malicious user to gain access. An alternative technique, DHCP (Dynamic Host Control Protocol), assigns every new user an IP address from a pool of available addresses, letting other users in unchecked.

Securing Each Network Node

Next, security must be implemented on the computers that will connect to the network, known as the "network nodes."

  • Use a good firewall. Most commercial operating systems come with a firewall built into the system, for example, Windows Firewall.
  • Use good anti-spyware and anti-virus software. Various software are commercially available.
  • Set administrator accounts differently from the user accounts, such that the typical user cannot install applications. Accounts of minors should not be given administrative privileges, and they should be monitored and supervised. For more details, refer to Keeping Security in Mind When Granting Access Privileges.
  • Regularly apply software updates. Frequently updating the system software keeps the computer up-to-date with the latest security patches and features. For more details, read When To Patch.
  • Set the privacy settings of the Web browser according to the user of that account. For minors, for example, the privacy settings could be set at high. This would help filter out inappropriate Web content such as pornography and violence. Privacy settings are easily accessed under Tools in the browser menu bar. Under tools, the Internet Options tab in Internet Explorer (or Options in Firefox) lists a section called Privacy for all related options.
  • Monitor the Web browsing activity of children. See Parental Control Software for recommended tools.

References

Share your comments, feedback or questions about this article by sending an email to: help AT mysecurecyberspace DOT com

My home page