Although it is relatively easy for SOHO (Small Office/Home Office) and home users to set up their own Wireless networks, the default settings on a WAP (Wireless Access Point) usually come with no security configured.
As a result, if you leave these settings as they are, then this WLAN (Wireless Local Area Network) you are creating can leave you open to hackers who want to compromise your computer and/or steal information from it.
As a result it is essential that you take the necessary steps to secure your Wireless network.
Why do you need wireless security?
In a traditional wired network you need to have physical access to the network. You either need access to a cable that is already connected to the LAN, or be able to attach a cable to say a patch panel or switch port that will create a new physical connection for you.
With a wireless network, however, you have a radio signal that permeates the very air around us. Because of the broadcast nature of WLANs, it is far easier to access this sort of network, especially when the signal is usually powerful enough to emanate outside of a building and so potentially provide network access to those outside.
Another benefit of a cabled network is that the transfer of data between computers remains within the wires themselves. Contrast this with a Wireless network, in which the data is now easier to intercept and/or corrupt.
As a result you need to secure your wireless network in the following ways:
* Request user authentication to prevent unauthorized access to your network.
* Use data privacy to protect the integrity and privacy of the data being transmitted.
How do you secure your Wireless network?
1. Change the SSID When you configure your WAP change the default SSID (Service Set IDentifier). Don’t pick something that easily identifies you, like your name, street address, etc. Instead pick something complicated that is difficult to guess and is made up of a mixture of letters and numbers e.g. m6jvUm9mHuQfA4h5tgCH
2. Disable SSID broadcasting In addition, make sure your WAP isn’t configured to broadcast your SSID. Although this is not a secure method of protecting your network, it does mean your WLAN is not so openly available to intrusion.
3. Configure WPA or WPA2 To authorize access to your Wireless network you should choose a security setting of WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or better yet WPA2-PSK if available.
Although Windows XP supports both of these security methods, you still need a wireless adapter that supports WPA as well.
NOTE: WEP (Wired Equivalent Privacy) is the earlier attempt to secure wireless connections and it is not secure enough. If this is all your WPA has to offer then you should either upgrade the firmware on it, if this will then give you WPA, or purchase a newer device.
You also need to choose a password for WPA-PSK. Like your SSID, this too needs to be complicated and so not easy to guess.
4. Restrict access based on MAC authentication Your wireless network adapter has a physical address called a MAC (Media Access Control) address. You can take advantage of this by configuring your WAP to only allow access to those MAC addresses you want to give access to your network and so restrict which computers can get connected. Although a MAC address can still be spoofed, this is yet another obstacle to deter the casual hacker.
5. Change the administrator account/password Your WAP will come with a standard administrator account and password. So anyone who has bought the same device will know what these are. Change the password to one that isn’t easy to guess and if possible change the name of the administrator account as well.
Summary
A Wireless network is a great way to get Internet access without having to lay down cabling, but out of the box these are completely insecure.
With the threat of hackers, viruses and spyware unlikely to go away you must secure your Wireless network if you want to keep your computer and the data on it safe.
Friday, February 16, 2007
CCNA Certification Exam Training: Passwords, Cisco Routers, And Network Security
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain quite a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
Press RETURN to get started.
R1>
To get into enable mode, by default all I have to do is type "enable".
R1>enable
R1#
See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.
R1(config)#enable password dolphins
Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.
R1>enable
Password:
R1#
I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.
The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:
hostname R1
!
enable password dolphins
We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.
enable password 7 110D1609071A020217
Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.
R1(config)#enable secret saints
After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:
enable password dolphins
enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/
If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:
R1>enable
Password:
Password:
When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":
R1>enable
Password:
Password:
R1#
When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!
This is just one way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
Press RETURN to get started.
R1>
To get into enable mode, by default all I have to do is type "enable".
R1>enable
R1#
See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.
R1(config)#enable password dolphins
Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.
R1>enable
Password:
R1#
I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.
The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:
hostname R1
!
enable password dolphins
We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.
enable password 7 110D1609071A020217
Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.
R1(config)#enable secret saints
After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:
enable password dolphins
enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/
If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:
R1>enable
Password:
Password:
When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":
R1>enable
Password:
Password:
R1#
When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!
This is just one way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!
Why Most Wireless Network Security Advice Doesn't Really Work
Just about every day I read articles about wireless networks and what should be done to make them safer. Mostly I get a couple of lines in and then read no further. This is because the advice in a lot of these articles is a waste of time. Don't worry though because there's stuff you can do that's a lot less hassle and will work a whole lot better.
I'll get onto what you should do, but first of all I'm going to repeat what you'll probably read elsewhere and tell you why it doesn't help:
THINGS THAT DON'T REALLY WORK
Turning off SSID broadcast: This is often misleadingly referred to as "SSID hiding", but there's no such thing. It turns off SSID beaconing on your Wireless Access Point or wireless router, but there are other mechanisms that also broadcast the SSID over the wireless network and so you're disabling only 1 of many. Turning off SSID broadcast makes your network a lot less user friendly and won't do anything meaningful for network security.
MAC filtering: Frequently mentioned as a security mechanism and it can be used to keep leaching neighbours from using your broadband, but then encryption is a better way to achieve that and more. The problem with MAC filtering is that it can be hard to set up and maintain and the MAC address of your wireless card can be seen in the header of all wireless packets to and from your PC by anyone with a "sniffer" (a bit of traffic capturing software you can get for free on the Internet). It's then pretty easy to spoof the MAC address and gain access. It's really not worth the trouble to configure it.
Disable DHCP: Another big waste of time. DHCP allows the automatic assignment of IP addresses and other configurations. Many articles advise disabling DHCP and configuring static IP addresses to "increase security". It'll take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Just as with turning off SSID broadcast you're making your life harder for no gain. Anyone who tells you that this is a way to secure your wireless network doesn't know what they're talking about.
SO WHAT DOES WORK?
The good news is there are some simple things you can do that will improve the security of your wireless network. Here are three simple steps to improved wireless security:
Step 1 - Password protect your router
If you have a wireless or broadband router then it should allow you to access its config via a Web browser. To access your router’s setup, open a browser and enter the routers setup URL. The URL will be specified in the manual that came with the router.
The manual will also specify the default login details for your router. The problem here is that this means everyone knows what the default is so you need to change it. Once logged in it's usually pretty easy to find the link in the config to change the password.
If for any reason you don't have the manual for your router then you can search on the Internet using the term “default login for x”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.
Step 2 - Disable router access from the Internet
If your router has the option then disable access to the router's configuration from the Internet. This will mean that you can still log in to the router to change the configuration from your internal network, but nobody from the Internet will be able to log in.
Step 3 - Add strong encryption
You need to encrypt your wireless network...really. Read that sentence again if you like, it's really important. Beyond that it's pretty important to use WPA encryption rather than WEP. WEP is better than no encryption at all, but it can be cracked in only a few minutes and the tools to do this are readily available.
If you've got Windows XP (you need to apply the free update to SP2 if you haven't already) and a newish router or access point then you should have WPA available. Use as long a key as you can stand to use and make it difficult to guess. A random combination of hexadecimal characters (numbers 0-9 and letters A-F) is best.
For more on configuring encryption refer to your router or access point manual.
Businesses should consider using WPA2 in combination with a strong authentication method such as RADIUS (Remote Authentication Dial In User Service), but this isn't available on most home kit.
I'll get onto what you should do, but first of all I'm going to repeat what you'll probably read elsewhere and tell you why it doesn't help:
THINGS THAT DON'T REALLY WORK
Turning off SSID broadcast: This is often misleadingly referred to as "SSID hiding", but there's no such thing. It turns off SSID beaconing on your Wireless Access Point or wireless router, but there are other mechanisms that also broadcast the SSID over the wireless network and so you're disabling only 1 of many. Turning off SSID broadcast makes your network a lot less user friendly and won't do anything meaningful for network security.
MAC filtering: Frequently mentioned as a security mechanism and it can be used to keep leaching neighbours from using your broadband, but then encryption is a better way to achieve that and more. The problem with MAC filtering is that it can be hard to set up and maintain and the MAC address of your wireless card can be seen in the header of all wireless packets to and from your PC by anyone with a "sniffer" (a bit of traffic capturing software you can get for free on the Internet). It's then pretty easy to spoof the MAC address and gain access. It's really not worth the trouble to configure it.
Disable DHCP: Another big waste of time. DHCP allows the automatic assignment of IP addresses and other configurations. Many articles advise disabling DHCP and configuring static IP addresses to "increase security". It'll take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Just as with turning off SSID broadcast you're making your life harder for no gain. Anyone who tells you that this is a way to secure your wireless network doesn't know what they're talking about.
SO WHAT DOES WORK?
The good news is there are some simple things you can do that will improve the security of your wireless network. Here are three simple steps to improved wireless security:
Step 1 - Password protect your router
If you have a wireless or broadband router then it should allow you to access its config via a Web browser. To access your router’s setup, open a browser and enter the routers setup URL. The URL will be specified in the manual that came with the router.
The manual will also specify the default login details for your router. The problem here is that this means everyone knows what the default is so you need to change it. Once logged in it's usually pretty easy to find the link in the config to change the password.
If for any reason you don't have the manual for your router then you can search on the Internet using the term “default login for x”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.
Step 2 - Disable router access from the Internet
If your router has the option then disable access to the router's configuration from the Internet. This will mean that you can still log in to the router to change the configuration from your internal network, but nobody from the Internet will be able to log in.
Step 3 - Add strong encryption
You need to encrypt your wireless network...really. Read that sentence again if you like, it's really important. Beyond that it's pretty important to use WPA encryption rather than WEP. WEP is better than no encryption at all, but it can be cracked in only a few minutes and the tools to do this are readily available.
If you've got Windows XP (you need to apply the free update to SP2 if you haven't already) and a newish router or access point then you should have WPA available. Use as long a key as you can stand to use and make it difficult to guess. A random combination of hexadecimal characters (numbers 0-9 and letters A-F) is best.
For more on configuring encryption refer to your router or access point manual.
Businesses should consider using WPA2 in combination with a strong authentication method such as RADIUS (Remote Authentication Dial In User Service), but this isn't available on most home kit.
Network Security
Security is an essential part of maintaining any network and is the primary focus for a network administrator. While most people think that the main focus of a network administrator is to ensure that users can access data and other resources needed to perform their job functions, they don’t realize the work and attention needed to make certain all data is secure.
End users are happy as long as they get the data they need and don’t have to jump through hoops to get to it. Account names and requiring passwords only serve to keep honest people honest. There are many ways to compromise an account’s security and any decent hacker usually knows more tricks of the trade than the network administrator. The use of authentication services and/or Biometrics can improve security, but only to a certain degree.
If you’re responsible for a small operation, network security cannot be compromised. Hackers don’t discriminate; they’re looking for sensitive corporate or financial data that they can exploit. Customer and clients don’t discriminate; they’re entitled to the same service and reliability that they would get from a large corporation.
When it comes to protecting your network, there is no room for compromise. You must block any and all threats flowing around the Internet. Especially look for viruses and other forms of malware that can compromise your network and end-user systems, which could lead to data loss and expensive downtime. Spam clogs up inboxes and e-mail servers that cost businesses billions of dollars each year. Spyware and network intrusions are designed and targeted to steal valuable information from specific companies which can impact revenue and a company’s reputation. Plishing attacks exploit user habits to steal personal information.
Everyday security threats are being modified and refined, as hackers new conduits such as instant messaging, peer-to-peer connections, and wireless networks to deliver their attacks. In my opinion, the biggest headache for small businesses is the misuse of the Internet by employees. If a user visits an inappropriate site, sends or receives inappropriate content, or worse, violates confidentiality and leaks client information or company secrets, legal liability action is sure to follow. End user education needs to be top priority for all network administrators.
Insiders aren’t the most common security problem, but they can be among the most damaging to a company’s reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security professionals. If an employee is terminated, it’s crucial that all system access be revoked immediately. About half of all insider attacks take place between the time an IT employee is dismissed and their user privileges are taken away. I was in a situation where a co-worker was dismissed because of poor work performance. The IT manager arranged for all user privileges to be terminated immediately after the employee was informed of his termination. He was allowed to remove personal items from his office and computer, but was supervised the entire time. There was a tremendous amount of planning involved to coordinate this, but it work effectively.
When it comes to current employees, IT managers must keep an eye out for insubordination, anger over perceived mistreatment, or resistance to sharing responsibility or training colleagues, which are all signs someone may be capable of system sabotage or data theft. IT managers must be watchful any time someone with access to sensitive systems has a falling out with his or her bosses.
Defending against insiders isn’t easy, but knowing what to look for and understanding who you’re up against certainly helps. Managers must not only monitor system access, but also let employees know their system changes can be tracked. Employers should be wary of people unwilling to share their knowledge about systems or uncomfortable with the fact that their activities accessing systems or data can be tracked.
There are six basic security rules for Windows systems that can apply for all systems. If a network administrator follows the basic principles that will be discussed here, they can feel confident that their systems are protected.
First, the manager should be segment the network into areas of trust and provide specific controls at border areas. A basic firewall can filter access to services, and a more advanced system can inspect traffic and can detect that it is harmful. Things as simple as blocking access to TCP port 1433 and TCP port 1434 at the border firewall, allowing Internet access only to those SQL systems that must be accessed from the Internet, and patching the SQL systems could prevent viruses or worms from infecting a network.
Systems are sometimes left unpatched because there are so many to patch. Focusing efforts on the most vulnerable points will most likely achieve adequate coverage. You can find a list of the most frequently probed ports used by Windows systems at www.sans.org/y2k/ports.htm. Not all of the ports listed are used by Windows but you can make sure they are filtered at the firewall. You can also set a standard to block all ports and then unblock only the ports needed. Another good practice is to determine the open ports to ensure that they are legitimately needed.
Second, moderate the effect of spoofed ports and increasing use of port 80 by new services. The most common open port is of course port 80, so attacks directed at a web server will not be stopped by a common firewall. If a needed port is blocked, applications such as instant messaging, and streaming media will automatically use the open port. Trojans can be designed to listen on any port and can be specially designed to look like web traffic. Preventing overuse and misuse can be accomplished by using an application-layer firewall, ensure that a port is open only for specific servers, and configure systems at the host level with port filtering or IPSec blocking policies that can be set to block known troublesome ports.
Third, everyone agrees that the number one thing that you can do to improve security on a network is to keep patches current. Over ninety percent of systems that have been attacked could have been prevented if known vulnerabilities had been diminished via patches and configuration. Patching plans can be developed and used with enormous benefits. Some ways to mitigate patches are: manually, by downloading the patch, testing and applying it to a system, visiting the Windows Update Site to review the available patches, then deciding to accept or reject any proffered changes. Automatic updates can be configured to periodically connect to Microsoft for inspection and downloading of updates. Software Update Service is a free server application that when configured the system will periodically download patches from Microsoft. Microsoft Systems Management Server with update is purchased separately from Windows operating system and provides multiple management services. And, third-party patching products are available that can provide similar services.
Strengthening authentication processes can also help to secure your network. Authentication can be increased by enforcing a strong password policy. Use some other form of authentication along with this. Use technology and physical security to protect password databases and authentication material. Also you must understand that Windows authentication systems vary, and backward compatibility means less secure authentication may be used even by the most recent version of the operating system. One very important issue is to recognize that your network is only as secure as the least secure part.
Fourth, limit the number of administrators and limiting their privileges can help to secure a network. Don’t automatically give admin rights to the local PC unless there are applications that require it to run needed processes. In most cases administrative rights can be substituted with just elevated or privileged rights. Users with admin rights should be educated about not using that account to read email or surf the Internet. Instead, they should be given an ordinary account for those purposes.
Fifth, protecting systems against known attacks by means of system configurations is not a simple process. It requires knowing about past attacks and current vulnerabilities, and having an extensive knowledge of operating systems. To benefit from your configuration settings, you should not install IIS except to create an intranet or Internet web server. Don’t configure non-file servers to use File and Printer Sharing. Set strong permissions on Windows shares. (Use shares sparingly) Don’t allow anonymous access into your systems. You should also disable any Windows services, such as Telnet, Alerter, and Clipbook, (doe’s anyone use these?) Indexing services, Messenger, and Remote registry, that is not necessary.
Last, but not least I can’t stress enough the importance of developing and enforcing security policies by ways of accountability, technology and user training. The best knowledge anyone can have on security can not protect your systems if it not used. Security policies should be enforced by more than technology and fully supported by management People make security work. People support the development of culture of security, and people follow the rules because they understand them and because they are aware of the consequences. Train your users, let them know the rules, and hold them accountable.
The best laid plans will not stand if you can’t afford the resources or the support of implementing them. A crucial problem a network administrator faces is the cost of security. Security control mechanisms have expenses associated with their purchases. Deployment, maintenance, and implementing these systems in a redundant manner can increase costs significantly. When deciding on redundancy and security controls, it is helpful to create a number of scenarios in which a security breach or and outage occurs to determine the corporation’s cost for each occurrence. This should help management determine the value to the corporation of an assortment of security control mechanisms. (3) End users are that part, so anything done to strengthen it can have a huge effect on the baseline security of your systems.
Another thing to keep in mind is that user education is only effective to a point. No amount of education can eliminate careless mistakes or stop a disgruntled employee from violating a policy. Security technologies like encryption and digital right management software can act like seat-belt laws to help computer users from hurting themselves. Some steps to prevent data loss is to guard against human error by using data encryption as a safety net for honest mistakes. All laptop hard drives should be encrypted. Monitor outgoing messages. Use software to block e-mail messages or file transfers with confidential data. Ensure that security is easy to use or employees will find ways to get around it. Audit security practices on a regular basis.
End users are happy as long as they get the data they need and don’t have to jump through hoops to get to it. Account names and requiring passwords only serve to keep honest people honest. There are many ways to compromise an account’s security and any decent hacker usually knows more tricks of the trade than the network administrator. The use of authentication services and/or Biometrics can improve security, but only to a certain degree.
If you’re responsible for a small operation, network security cannot be compromised. Hackers don’t discriminate; they’re looking for sensitive corporate or financial data that they can exploit. Customer and clients don’t discriminate; they’re entitled to the same service and reliability that they would get from a large corporation.
When it comes to protecting your network, there is no room for compromise. You must block any and all threats flowing around the Internet. Especially look for viruses and other forms of malware that can compromise your network and end-user systems, which could lead to data loss and expensive downtime. Spam clogs up inboxes and e-mail servers that cost businesses billions of dollars each year. Spyware and network intrusions are designed and targeted to steal valuable information from specific companies which can impact revenue and a company’s reputation. Plishing attacks exploit user habits to steal personal information.
Everyday security threats are being modified and refined, as hackers new conduits such as instant messaging, peer-to-peer connections, and wireless networks to deliver their attacks. In my opinion, the biggest headache for small businesses is the misuse of the Internet by employees. If a user visits an inappropriate site, sends or receives inappropriate content, or worse, violates confidentiality and leaks client information or company secrets, legal liability action is sure to follow. End user education needs to be top priority for all network administrators.
Insiders aren’t the most common security problem, but they can be among the most damaging to a company’s reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security professionals. If an employee is terminated, it’s crucial that all system access be revoked immediately. About half of all insider attacks take place between the time an IT employee is dismissed and their user privileges are taken away. I was in a situation where a co-worker was dismissed because of poor work performance. The IT manager arranged for all user privileges to be terminated immediately after the employee was informed of his termination. He was allowed to remove personal items from his office and computer, but was supervised the entire time. There was a tremendous amount of planning involved to coordinate this, but it work effectively.
When it comes to current employees, IT managers must keep an eye out for insubordination, anger over perceived mistreatment, or resistance to sharing responsibility or training colleagues, which are all signs someone may be capable of system sabotage or data theft. IT managers must be watchful any time someone with access to sensitive systems has a falling out with his or her bosses.
Defending against insiders isn’t easy, but knowing what to look for and understanding who you’re up against certainly helps. Managers must not only monitor system access, but also let employees know their system changes can be tracked. Employers should be wary of people unwilling to share their knowledge about systems or uncomfortable with the fact that their activities accessing systems or data can be tracked.
There are six basic security rules for Windows systems that can apply for all systems. If a network administrator follows the basic principles that will be discussed here, they can feel confident that their systems are protected.
First, the manager should be segment the network into areas of trust and provide specific controls at border areas. A basic firewall can filter access to services, and a more advanced system can inspect traffic and can detect that it is harmful. Things as simple as blocking access to TCP port 1433 and TCP port 1434 at the border firewall, allowing Internet access only to those SQL systems that must be accessed from the Internet, and patching the SQL systems could prevent viruses or worms from infecting a network.
Systems are sometimes left unpatched because there are so many to patch. Focusing efforts on the most vulnerable points will most likely achieve adequate coverage. You can find a list of the most frequently probed ports used by Windows systems at www.sans.org/y2k/ports.htm. Not all of the ports listed are used by Windows but you can make sure they are filtered at the firewall. You can also set a standard to block all ports and then unblock only the ports needed. Another good practice is to determine the open ports to ensure that they are legitimately needed.
Second, moderate the effect of spoofed ports and increasing use of port 80 by new services. The most common open port is of course port 80, so attacks directed at a web server will not be stopped by a common firewall. If a needed port is blocked, applications such as instant messaging, and streaming media will automatically use the open port. Trojans can be designed to listen on any port and can be specially designed to look like web traffic. Preventing overuse and misuse can be accomplished by using an application-layer firewall, ensure that a port is open only for specific servers, and configure systems at the host level with port filtering or IPSec blocking policies that can be set to block known troublesome ports.
Third, everyone agrees that the number one thing that you can do to improve security on a network is to keep patches current. Over ninety percent of systems that have been attacked could have been prevented if known vulnerabilities had been diminished via patches and configuration. Patching plans can be developed and used with enormous benefits. Some ways to mitigate patches are: manually, by downloading the patch, testing and applying it to a system, visiting the Windows Update Site to review the available patches, then deciding to accept or reject any proffered changes. Automatic updates can be configured to periodically connect to Microsoft for inspection and downloading of updates. Software Update Service is a free server application that when configured the system will periodically download patches from Microsoft. Microsoft Systems Management Server with update is purchased separately from Windows operating system and provides multiple management services. And, third-party patching products are available that can provide similar services.
Strengthening authentication processes can also help to secure your network. Authentication can be increased by enforcing a strong password policy. Use some other form of authentication along with this. Use technology and physical security to protect password databases and authentication material. Also you must understand that Windows authentication systems vary, and backward compatibility means less secure authentication may be used even by the most recent version of the operating system. One very important issue is to recognize that your network is only as secure as the least secure part.
Fourth, limit the number of administrators and limiting their privileges can help to secure a network. Don’t automatically give admin rights to the local PC unless there are applications that require it to run needed processes. In most cases administrative rights can be substituted with just elevated or privileged rights. Users with admin rights should be educated about not using that account to read email or surf the Internet. Instead, they should be given an ordinary account for those purposes.
Fifth, protecting systems against known attacks by means of system configurations is not a simple process. It requires knowing about past attacks and current vulnerabilities, and having an extensive knowledge of operating systems. To benefit from your configuration settings, you should not install IIS except to create an intranet or Internet web server. Don’t configure non-file servers to use File and Printer Sharing. Set strong permissions on Windows shares. (Use shares sparingly) Don’t allow anonymous access into your systems. You should also disable any Windows services, such as Telnet, Alerter, and Clipbook, (doe’s anyone use these?) Indexing services, Messenger, and Remote registry, that is not necessary.
Last, but not least I can’t stress enough the importance of developing and enforcing security policies by ways of accountability, technology and user training. The best knowledge anyone can have on security can not protect your systems if it not used. Security policies should be enforced by more than technology and fully supported by management People make security work. People support the development of culture of security, and people follow the rules because they understand them and because they are aware of the consequences. Train your users, let them know the rules, and hold them accountable.
The best laid plans will not stand if you can’t afford the resources or the support of implementing them. A crucial problem a network administrator faces is the cost of security. Security control mechanisms have expenses associated with their purchases. Deployment, maintenance, and implementing these systems in a redundant manner can increase costs significantly. When deciding on redundancy and security controls, it is helpful to create a number of scenarios in which a security breach or and outage occurs to determine the corporation’s cost for each occurrence. This should help management determine the value to the corporation of an assortment of security control mechanisms. (3) End users are that part, so anything done to strengthen it can have a huge effect on the baseline security of your systems.
Another thing to keep in mind is that user education is only effective to a point. No amount of education can eliminate careless mistakes or stop a disgruntled employee from violating a policy. Security technologies like encryption and digital right management software can act like seat-belt laws to help computer users from hurting themselves. Some steps to prevent data loss is to guard against human error by using data encryption as a safety net for honest mistakes. All laptop hard drives should be encrypted. Monitor outgoing messages. Use software to block e-mail messages or file transfers with confidential data. Ensure that security is easy to use or employees will find ways to get around it. Audit security practices on a regular basis.
IT Network Security - The New World's Lock & Key
It's another Monday morning at the office, you've just turned on your computer and logged in - all of a sudden you start to notice that your "Home Page" is changed, your computer is very slow and finally the internet connection is extremely slow.... Your IT Network has just been Hacked!
Security in the workplace has been an issue for years yet something commonly thought of as "internal security" such as cameras and locked doors. Today the world has grown and evolved into a computer driven technology, providing innovative e-criminals the opportunity to take advantage of this situation and they are benefiting by your lack of network security knowledge and use of older technology. Now more than ever, there are important types of security needs such as Firewalls, Network Lockdowns, Key Fobs, Passwords and so on, that are needed to secure a companies sensitive records, financial information and their basic lifeline to keep them in business.
Some businesses don't know what they're exposing themselves to, but with an "opened port" on a firewall or router leading to their database or "hole" in the network, the world is able to look at your sensitive material without you even knowing until it's too late.
Last month a new company signed on with Libra IT for simple "network support" because they felt their old IT provider was not giving them the patience they feel they deserved. When our engineer did a network audit we noticed that the tape backup's have not been successful in over 2 months! With that alone a red flag should have gone up. More problems were found... much more! Every port on the firewall was open allowing anyone into the server which nullified the purpose of the firewall entirely.
And to add misery to suffering... Half the staff knew the Administrator Password!!! (Simple passwords are not enough... did you know that the most common password used today is "password" and the second most common is "admin"? Many users have half a dozen passwords to remember which is why the most common password is ‘password.' The usual solution is to write it down. But how secure is that?) This oversight allowed anyone into the system to change, delete or add anything they wanted... what if one of these people became a "disgruntled employee" later down the line? Finally we stumbled upon another serious issue that could have been disastrous... After the previous IT person was "dismissed" they were trying to hack into the system using "old employees passwords" (which worked) and decided to try and delete files as well as "hide" mistakes he made. Luckily we tracked everything they did by backing the system up successfully in case anything like this happened!
Makes you wish we could go back to the old days when we had a safe with paperwork in it or a filing cabinet with a lock on it that held our businesses most prized possessions. Today, this information is resting in your servers, networked to the staff and then to the internet for fast and easy day to day operations bringing business to what we once called "The future of doing business". With this new system that has treated us well in the past decade or so, we have neglected to see what other possibilities are growing out there such as network hacking, malicious script sent through email in the form of humour from a trusted source, which destroys our data or even worse, a complete breakdown of our network and loss of all information.
Another item I wanted to touch upon was something I stumbled upon last month when a new client came on board and asked simply if we could upgrade their server. The company in this situation changed their IT Firm service to us because they felt like they were not getting the service they needed and wanted more experienced engineering in their technical arena.
When this high security Financial company signed on we had no idea what we were about to stumble on! If you look at some URL's you will notice most of them start with an http:. But then you come across the "secure connections" used by companies like financial or legal institutions which look like this http: where the "S" is to signify that it's a secure site and no one can get in unless authorized with log in and password. What this financial company didn't know was that their "secure site" was in no way shape or form secure! Here's how the previous IT firm did it... To cut corners, their previous IT Firm decided to send all "secure traffic URL" to one web-server housing the main page under the URL https: but then translated this to simple http: to retrieve the requested "financial data" for the client from another server (being the data storage server). The traffic is then sent back to the first server which once again translated the http: to https: to again make it look secure! The information was finally sent to the client unbeknownst to them that their personal financial data has no security whatsoever. This was immediately rectified and security was finally restored but with a lesson... when you have security implemented into your network, get certificates of authentication for your records or you may find that you too are exposed to the world of hackers and prying eyes.
Security in the workplace has been an issue for years yet something commonly thought of as "internal security" such as cameras and locked doors. Today the world has grown and evolved into a computer driven technology, providing innovative e-criminals the opportunity to take advantage of this situation and they are benefiting by your lack of network security knowledge and use of older technology. Now more than ever, there are important types of security needs such as Firewalls, Network Lockdowns, Key Fobs, Passwords and so on, that are needed to secure a companies sensitive records, financial information and their basic lifeline to keep them in business.
Some businesses don't know what they're exposing themselves to, but with an "opened port" on a firewall or router leading to their database or "hole" in the network, the world is able to look at your sensitive material without you even knowing until it's too late.
Last month a new company signed on with Libra IT for simple "network support" because they felt their old IT provider was not giving them the patience they feel they deserved. When our engineer did a network audit we noticed that the tape backup's have not been successful in over 2 months! With that alone a red flag should have gone up. More problems were found... much more! Every port on the firewall was open allowing anyone into the server which nullified the purpose of the firewall entirely.
And to add misery to suffering... Half the staff knew the Administrator Password!!! (Simple passwords are not enough... did you know that the most common password used today is "password" and the second most common is "admin"? Many users have half a dozen passwords to remember which is why the most common password is ‘password.' The usual solution is to write it down. But how secure is that?) This oversight allowed anyone into the system to change, delete or add anything they wanted... what if one of these people became a "disgruntled employee" later down the line? Finally we stumbled upon another serious issue that could have been disastrous... After the previous IT person was "dismissed" they were trying to hack into the system using "old employees passwords" (which worked) and decided to try and delete files as well as "hide" mistakes he made. Luckily we tracked everything they did by backing the system up successfully in case anything like this happened!
Makes you wish we could go back to the old days when we had a safe with paperwork in it or a filing cabinet with a lock on it that held our businesses most prized possessions. Today, this information is resting in your servers, networked to the staff and then to the internet for fast and easy day to day operations bringing business to what we once called "The future of doing business". With this new system that has treated us well in the past decade or so, we have neglected to see what other possibilities are growing out there such as network hacking, malicious script sent through email in the form of humour from a trusted source, which destroys our data or even worse, a complete breakdown of our network and loss of all information.
Another item I wanted to touch upon was something I stumbled upon last month when a new client came on board and asked simply if we could upgrade their server. The company in this situation changed their IT Firm service to us because they felt like they were not getting the service they needed and wanted more experienced engineering in their technical arena.
When this high security Financial company signed on we had no idea what we were about to stumble on! If you look at some URL's you will notice most of them start with an http:. But then you come across the "secure connections" used by companies like financial or legal institutions which look like this http: where the "S" is to signify that it's a secure site and no one can get in unless authorized with log in and password. What this financial company didn't know was that their "secure site" was in no way shape or form secure! Here's how the previous IT firm did it... To cut corners, their previous IT Firm decided to send all "secure traffic URL" to one web-server housing the main page under the URL https: but then translated this to simple http: to retrieve the requested "financial data" for the client from another server (being the data storage server). The traffic is then sent back to the first server which once again translated the http: to https: to again make it look secure! The information was finally sent to the client unbeknownst to them that their personal financial data has no security whatsoever. This was immediately rectified and security was finally restored but with a lesson... when you have security implemented into your network, get certificates of authentication for your records or you may find that you too are exposed to the world of hackers and prying eyes.
Get Work By Networking
It’s the new year, and changing jobs or careers may be one of your resolutions. To paraphrase the old saying, who you know can be just as important as what you know. You may be skilled at some trade and be able to do it well, but jobs may be hard to come by.
In fact, it’s well documented that the want ads in your local newspaper only represent about 15% of available jobs. If you go to an employment agency, that number isn’t much different. Around 80% of positions that become available are never advertised, because they are filled before they need to be. So how do you find those jobs? You find them by building a network.
Networking involves meeting people who work in the career that you want to get into. These are the people who know about the unadvertised positions available with a company. By getting to know them (as they get to know you) and then asking every so often if work is available, your chances of finding a job increase dramatically, for a few reasons.
For one, if you are the only person who knows about a job, and the potential employer knows you are qualified and persistent in asking about it, they may not even bother to advertise it, so you won’t have to compete for the job with other applicants. Also, your chances of getting a response from the company are better since they know you. When jobs are advertised in the paper, many times the employer asks applicants not to call. However, if a boss knows you and is expecting your call, they are more willing to talk to you and discuss employment.
If you are interested in a particular field of work, start meeting people in that field. For example, if you want to get into a job writing for the local newspaper, call or go by their headquarters and
introduce yourself. Ask to take someone who works there out to lunch and get to know them. Find out the best way to get involved in that career and stay in touch with that person. Ask if you may contact them periodically to learn if there is a position open with that company. The better you get to know someone, and the more persistent (not nagging) you are, the more likely they will let you know when something becomes available.
Don’t just pick one business or organization and network with them. Shop around and make contacts with several companies. One place may not have an opening, but the competitor down the street may be looking for someone.
Once you land the job, you know what to do next. Work hard, make a budget and save money, save money and save more money. Good luck!
In fact, it’s well documented that the want ads in your local newspaper only represent about 15% of available jobs. If you go to an employment agency, that number isn’t much different. Around 80% of positions that become available are never advertised, because they are filled before they need to be. So how do you find those jobs? You find them by building a network.
Networking involves meeting people who work in the career that you want to get into. These are the people who know about the unadvertised positions available with a company. By getting to know them (as they get to know you) and then asking every so often if work is available, your chances of finding a job increase dramatically, for a few reasons.
For one, if you are the only person who knows about a job, and the potential employer knows you are qualified and persistent in asking about it, they may not even bother to advertise it, so you won’t have to compete for the job with other applicants. Also, your chances of getting a response from the company are better since they know you. When jobs are advertised in the paper, many times the employer asks applicants not to call. However, if a boss knows you and is expecting your call, they are more willing to talk to you and discuss employment.
If you are interested in a particular field of work, start meeting people in that field. For example, if you want to get into a job writing for the local newspaper, call or go by their headquarters and
introduce yourself. Ask to take someone who works there out to lunch and get to know them. Find out the best way to get involved in that career and stay in touch with that person. Ask if you may contact them periodically to learn if there is a position open with that company. The better you get to know someone, and the more persistent (not nagging) you are, the more likely they will let you know when something becomes available.
Don’t just pick one business or organization and network with them. Shop around and make contacts with several companies. One place may not have an opening, but the competitor down the street may be looking for someone.
Once you land the job, you know what to do next. Work hard, make a budget and save money, save money and save more money. Good luck!
3 Mobile Phone Network and Role of Online Reviews on It
3 mobile phone network is one of the most technologically advanced mobile network providers in the UK. It provides a variety of services. It has custom-made services for personal and business users. The tariff plans as well as mobile phone models are different in each category.
There are different tariff plans on 18 Months Half Price Line Rentals, Pay Monthly, Pay As You Go and Student Offers. You can take a particular choice to suit your needs. Your need could be maximum text messages and minimum talk time or minimum text and maximum talk time all can be availed from services through 3 mobile phone network.
It might be confusing for you to go through the various price plans and then decide on to which price plan you should opt for. At such hour, taking resort of various online reviews, forums or journals can be of help. These reviews give you an insight into the working of the tariff plans that 3 mobile phone network has.
A user of 3 mobile phone networks as various options in the way of choosing the right kind of mobile phone model or the kinds of services. You can download images, videos, ringtones and music in your mobile phone with the aid of this mobile phone network. All your needs in the sphere of communication can be completed with its aid.
To buy 3 mobile phone network dealsinternet is the tool through which you can go through various kinds of offers. The kind of offers that you have via internet is irresistible. These offers are available as the online stores negotiate with 3 mobile phone network to lower their tariff plans. Therefore, to have these deals in your hand, just place your order online and buy it from the comfort of home or office by going online.
Sooner than later you would see, a number of other mobile phonetoo offer similar kind of offers. Therefore, going through the online reviews is the most important tool before you start taking a 3 mobile phone network deal. Your timely collection of information can only save you from spending too much in your need to communicate.
There are different tariff plans on 18 Months Half Price Line Rentals, Pay Monthly, Pay As You Go and Student Offers. You can take a particular choice to suit your needs. Your need could be maximum text messages and minimum talk time or minimum text and maximum talk time all can be availed from services through 3 mobile phone network.
It might be confusing for you to go through the various price plans and then decide on to which price plan you should opt for. At such hour, taking resort of various online reviews, forums or journals can be of help. These reviews give you an insight into the working of the tariff plans that 3 mobile phone network has.
A user of 3 mobile phone networks as various options in the way of choosing the right kind of mobile phone model or the kinds of services. You can download images, videos, ringtones and music in your mobile phone with the aid of this mobile phone network. All your needs in the sphere of communication can be completed with its aid.
To buy 3 mobile phone network dealsinternet is the tool through which you can go through various kinds of offers. The kind of offers that you have via internet is irresistible. These offers are available as the online stores negotiate with 3 mobile phone network to lower their tariff plans. Therefore, to have these deals in your hand, just place your order online and buy it from the comfort of home or office by going online.
Sooner than later you would see, a number of other mobile phonetoo offer similar kind of offers. Therefore, going through the online reviews is the most important tool before you start taking a 3 mobile phone network deal. Your timely collection of information can only save you from spending too much in your need to communicate.
Friday, February 09, 2007
Understanding the Components of a Home Network
Home networks are becoming more common. People want to be able to share a single broadband Internet connection to several computers in the house. There are many different devices that you can use to make up your home network. If you have never heard network terminology device names like router, hub, etc may seem confusing.
The purpose of most of these devices are to control how the network passes around information. This information is sent in the form of "packets". I will refer to the term packet several times in this article. It simply means the data that the network is transporting. I will now explain the purpose of the major components of a home network.
What is a Hub
A hub is a device that has several Ethernet ports on the back of the device. One of these ports will likely be labeled “Uplink”. This port allows you to connect multiple hubs together, if you run out of ports on your hub. If you do not have an uplink port on your hub, the hub can not be easily extended if you run out of ports.
A hub is a device that attaches multiple computers on an Ethernet network. If you have a number different computers that you want to connect together, you could connect each to the hub. Any packet that is sent out by any computer on the network will immediately be transmitted to the other computers. Each computer will determine if the packet was really intended for it, and filter out packets that were intended for other computers.
You really should not use a hub in a modern home network. You should always use a switch in place of a hub. Switches will be discussed in the next section.
What is a Switch
A switch is a device that has several Ethernet ports on the back of the device. One of these ports will likely be labeled “Uplink”. This port allows you to connect multiple switches together, if you run out of ports on your switch. If you do not have an uplink port on your switch, the switch can not be easily extended if you run out of ports.
A switch serves the same function as a hub. It allows you to connect multiple computers together, so that they can exchange packets. However, a switch is much more efficient than a hub. A switch will only send Ethernet packets to the computer that the packet was intended for. Because of this you should always use a switch in place of a hub.
What is a Router
A router is a device that has several Ethernet ports on the back of the device. One of the connectors will be labeled WAN. You should connect the WAN port to the Ethernet connection on a broadband source, such as a cable or DSL modem. The other ports on the router can be connected other computers or switches/hubs that will share the WAN connection.
Routers allow you to share your broadband connection with multiple computers in your house. Rather than connecting your computer directly into your cable or DSL modem you connect the router to the cable or DSL modem. Now any computer that you connect to the router will have access to the Internet.
If you run out of ports on your router you can always connect an additional switch to the router. To connect a switch to a router simply connect the switch’s "uplink" port to one of the routers Ethernet ports. Of course, don’t connect to the router’s WAN port. The WAN port should only be connected to something such as a cable or DSL router.
Some routers come with additional features installed. Most routers also include a firewall. Firewalls are discussed in the next section. Some routers will also include a wireless access point (WAP). The WAP allows you to use wireless devices, such as wireless laptops, with the Internet.
What is a Firewall
A firewall controls traffic flow between your network and the Internet. A firewall can be either hardware or software. Windows XP SP2 or higher includes a software firewall. A hardware firewall is included with most routers.
A firewall is a very good idea. It can protect you from inbound virus attempts. By inbound virus attempt I mean other computers that will connect to your computer and attempt to infect your computer. You do not want to run a computer directly connected to the Internet, without a firewall. There are just too many other computers out there that can connect and infect you without you even noticing.
What is a Network Attached Storage (NAS)
A network attached storage device is s device that allows a hard drive to be shared across the network. This hard drive is NOT attached to any of your computers. It is simply made available by the NAS. This can be a convent way to add a hard drive that can be accessed by several computers on your network. The other common way to add a network hard drive is to simply share a folder on one of your computers. However, with the NAS, you do not need to keep one of your computers on at all times.
There are two types of NAS commonly available. The first type comes with a build in hard drive. The second accepts a USB or Firewire external hard drive. The advantage to using a USB or Firewire hard drive is that you can upgrade the hard drive if it ever were to become too small.
What is a Print Server
Just like you can buy a device to allow you to share a hard drive, you can do the same with a printer. A print server connects directly to your printer. Your printer is then shared to all of your computers on the network. This is convent because you do not need to leave the printer hooked to a computer, which must be turned on to print.
Conclusions
As you can see there are many different components. Perhaps the final component that I have yet to mention is the cable. These components are connected together with CAT5 Ethernet cable.
The purpose of most of these devices are to control how the network passes around information. This information is sent in the form of "packets". I will refer to the term packet several times in this article. It simply means the data that the network is transporting. I will now explain the purpose of the major components of a home network.
What is a Hub
A hub is a device that has several Ethernet ports on the back of the device. One of these ports will likely be labeled “Uplink”. This port allows you to connect multiple hubs together, if you run out of ports on your hub. If you do not have an uplink port on your hub, the hub can not be easily extended if you run out of ports.
A hub is a device that attaches multiple computers on an Ethernet network. If you have a number different computers that you want to connect together, you could connect each to the hub. Any packet that is sent out by any computer on the network will immediately be transmitted to the other computers. Each computer will determine if the packet was really intended for it, and filter out packets that were intended for other computers.
You really should not use a hub in a modern home network. You should always use a switch in place of a hub. Switches will be discussed in the next section.
What is a Switch
A switch is a device that has several Ethernet ports on the back of the device. One of these ports will likely be labeled “Uplink”. This port allows you to connect multiple switches together, if you run out of ports on your switch. If you do not have an uplink port on your switch, the switch can not be easily extended if you run out of ports.
A switch serves the same function as a hub. It allows you to connect multiple computers together, so that they can exchange packets. However, a switch is much more efficient than a hub. A switch will only send Ethernet packets to the computer that the packet was intended for. Because of this you should always use a switch in place of a hub.
What is a Router
A router is a device that has several Ethernet ports on the back of the device. One of the connectors will be labeled WAN. You should connect the WAN port to the Ethernet connection on a broadband source, such as a cable or DSL modem. The other ports on the router can be connected other computers or switches/hubs that will share the WAN connection.
Routers allow you to share your broadband connection with multiple computers in your house. Rather than connecting your computer directly into your cable or DSL modem you connect the router to the cable or DSL modem. Now any computer that you connect to the router will have access to the Internet.
If you run out of ports on your router you can always connect an additional switch to the router. To connect a switch to a router simply connect the switch’s "uplink" port to one of the routers Ethernet ports. Of course, don’t connect to the router’s WAN port. The WAN port should only be connected to something such as a cable or DSL router.
Some routers come with additional features installed. Most routers also include a firewall. Firewalls are discussed in the next section. Some routers will also include a wireless access point (WAP). The WAP allows you to use wireless devices, such as wireless laptops, with the Internet.
What is a Firewall
A firewall controls traffic flow between your network and the Internet. A firewall can be either hardware or software. Windows XP SP2 or higher includes a software firewall. A hardware firewall is included with most routers.
A firewall is a very good idea. It can protect you from inbound virus attempts. By inbound virus attempt I mean other computers that will connect to your computer and attempt to infect your computer. You do not want to run a computer directly connected to the Internet, without a firewall. There are just too many other computers out there that can connect and infect you without you even noticing.
What is a Network Attached Storage (NAS)
A network attached storage device is s device that allows a hard drive to be shared across the network. This hard drive is NOT attached to any of your computers. It is simply made available by the NAS. This can be a convent way to add a hard drive that can be accessed by several computers on your network. The other common way to add a network hard drive is to simply share a folder on one of your computers. However, with the NAS, you do not need to keep one of your computers on at all times.
There are two types of NAS commonly available. The first type comes with a build in hard drive. The second accepts a USB or Firewire external hard drive. The advantage to using a USB or Firewire hard drive is that you can upgrade the hard drive if it ever were to become too small.
What is a Print Server
Just like you can buy a device to allow you to share a hard drive, you can do the same with a printer. A print server connects directly to your printer. Your printer is then shared to all of your computers on the network. This is convent because you do not need to leave the printer hooked to a computer, which must be turned on to print.
Conclusions
As you can see there are many different components. Perhaps the final component that I have yet to mention is the cable. These components are connected together with CAT5 Ethernet cable.
Wireless Home Networking - Choosing The Right One
Are you suffering from home wireless networking nightmare? There are so many options. 802.11a, 802.11b, 802.11g – what is all that? All you want is to get online on your notebook computer in your living room without tripping over wires.
First thing you should know is, all of them will get you online or network your computers together. The difference lies in speed, connection quality and more important today, security.
802.11a offers one of the fastest wireless home networking speeds because it runs on a much higher frequency that few other home electronics like phones and microwaves can interfere with. It can also accommodate more computers connected simultaneously – which is why more businesses use it since it’s unlikely a typical wireless home networking setup requires so many connections. So this sounds like the perfect solution right?
Yes and no. The high frequency apparently is its worst feature as well. Many experts will tell you higher frequencies are easily absorbed and result in shorter ranges. It also means it’s less able to overcome obstructions like walls.
That’s not all. 802.11a and 802.11b are two separate frequencies so if you have a notebook computer capable of connecting to only 802.11a networks, it won’t work in a 802.11b setup and vice versa. But, this is probably one of your least worries because many wireless connectivity hardware today are capable of connecting to either one.
802.11b uses a lower frequency. So that expands the connection range but that also means it shares the airspace with other electronics and will likely experience much more interference. On top of that, experts advise that 802.11b networks are weaker when it comes to encryption and security. Also, as you expand your range, you’re also more prone to people trying to crack into your network from further away and more concealed places. That’s certainly an interesting point.
Finally, but definitely not lastly (there are many more 802.11 variations than presented here), is 802.11g. This is somewhat of a hybrid of the two earlier standards. First it uses the same frequency as 802.11b so, you get the benefit of a wider range. Secondly it’s capable of much faster speeds like 802.11a. The third plus is it’s also compatible with 802.11b networks. So you don’t have to get new hardware to make connections with an older network or newer network (depending what you have currently). And, since it’s a newer standard, encryption is also better, and that means you can better secure your home network.
First thing you should know is, all of them will get you online or network your computers together. The difference lies in speed, connection quality and more important today, security.
802.11a offers one of the fastest wireless home networking speeds because it runs on a much higher frequency that few other home electronics like phones and microwaves can interfere with. It can also accommodate more computers connected simultaneously – which is why more businesses use it since it’s unlikely a typical wireless home networking setup requires so many connections. So this sounds like the perfect solution right?
Yes and no. The high frequency apparently is its worst feature as well. Many experts will tell you higher frequencies are easily absorbed and result in shorter ranges. It also means it’s less able to overcome obstructions like walls.
That’s not all. 802.11a and 802.11b are two separate frequencies so if you have a notebook computer capable of connecting to only 802.11a networks, it won’t work in a 802.11b setup and vice versa. But, this is probably one of your least worries because many wireless connectivity hardware today are capable of connecting to either one.
802.11b uses a lower frequency. So that expands the connection range but that also means it shares the airspace with other electronics and will likely experience much more interference. On top of that, experts advise that 802.11b networks are weaker when it comes to encryption and security. Also, as you expand your range, you’re also more prone to people trying to crack into your network from further away and more concealed places. That’s certainly an interesting point.
Finally, but definitely not lastly (there are many more 802.11 variations than presented here), is 802.11g. This is somewhat of a hybrid of the two earlier standards. First it uses the same frequency as 802.11b so, you get the benefit of a wider range. Secondly it’s capable of much faster speeds like 802.11a. The third plus is it’s also compatible with 802.11b networks. So you don’t have to get new hardware to make connections with an older network or newer network (depending what you have currently). And, since it’s a newer standard, encryption is also better, and that means you can better secure your home network.
Home Networking
Setting up Your Home Network
As society and technology change, it's becoming common for homes to have more than one computer. When an existing computer is a few years old, parents will often take advantage of today's lower prices, purchase a new computer, and pass the old one down to the kids.
Suddenly, there's a need for a home network, so all computers in the house can share an files, printers and an Internet connection. Fortunately, setting up a basic home network is not rocket science. To start, you'll need a router which becomes the central point of your network. Most office and electronics stores offer home networking kits with a router, ethernet (network) adapters and CAT-5 networking cable.
If your computer was assembled in the past five years, it probably already has an ethernet adapter. Check the back of the system unit for a port that looks like a telephone jack, but slightly bigger.
If you don't have an ethernet adapter, you can purchase one (about $20) and install it yourself. You can also use a special ethernet adapter that plugs into a USB port, if you can't stand the thought of opening your system unit to install an ethernet adapter.
Wired or Wireless Networking?
You'll need to connect each of your computers to the router with a cable, or go wireless. If you want to use wireless connections, you'll need a wireless router and a wireless adapter for each computer. Most laptops have a wireless adapter built in, most desktop models do not. If you need a wireless adapter, you can purchase one that installs inside the system unit, or get a USB-style adapter.
Having a wireless network eliminates the need to string unsightly cables all around the house, but it can also create a security risk. Wireless networks are often configured by default to allow access to any computer that attempts to connect. So an Evil Hacker driving by with a laptop (or even your neighbor) might be able to tap into your Internet connection or poke around your hard disk.
Fortunately, wireless security encryption is easy to set up. See my article Wireless Security for step-by-step instructions.
Network Configuration
Whether the network signals travel through wires or through the air, network resources must still be shared so that other computers can access them. If you are running Windows XP or MacOS X, all you have to do is connect your computers and high-speed modem to the router, and Internet connection sharing should just work like magic. If not, restart the cable modem, router, and the computers (in that order) and see if that does the trick. If you can't access the Internet from one or more computers on the network, consult the manual that came with your router.
One nice side benefit of having a router is that they have firewalls built in to the hardware. Firewalls protect you by hiding your computers from network attacks, but still allow you to surf the web and handle email. So after installing a router, you can turn OFF the Windows firewall and any other software-based firewalls you may have running.
Sharing Files and Printers
Sharing files and printers on a Windows network is also pretty painless. To share a printer, go into the Printers section of the Control Panel, right-click the icon for the printer that needs to be shared, and choose Sharing from the resulting menu. By assigning a name to the shared printer, the owner allows other computers on the network to access the printer by browsing using their Network Neighborhood (or My Network Places) icons. Access can be restricted to only some computers or users through the use of the Security or Permissions options on the Sharing screen.
The same concept applies for shared file and folders on a network. For example, if you want to share a collection of MP3 files on a home network, just browse to the folder using the My Computer icon, right-click the folder name and choose Sharing. After assigning a name to the shared resource and setting Permissions other computers on the network can access that resource via Network Neighborhood or My Network Places.
As society and technology change, it's becoming common for homes to have more than one computer. When an existing computer is a few years old, parents will often take advantage of today's lower prices, purchase a new computer, and pass the old one down to the kids.
Suddenly, there's a need for a home network, so all computers in the house can share an files, printers and an Internet connection. Fortunately, setting up a basic home network is not rocket science. To start, you'll need a router which becomes the central point of your network. Most office and electronics stores offer home networking kits with a router, ethernet (network) adapters and CAT-5 networking cable.
If your computer was assembled in the past five years, it probably already has an ethernet adapter. Check the back of the system unit for a port that looks like a telephone jack, but slightly bigger.
If you don't have an ethernet adapter, you can purchase one (about $20) and install it yourself. You can also use a special ethernet adapter that plugs into a USB port, if you can't stand the thought of opening your system unit to install an ethernet adapter.
Wired or Wireless Networking?
You'll need to connect each of your computers to the router with a cable, or go wireless. If you want to use wireless connections, you'll need a wireless router and a wireless adapter for each computer. Most laptops have a wireless adapter built in, most desktop models do not. If you need a wireless adapter, you can purchase one that installs inside the system unit, or get a USB-style adapter.
Having a wireless network eliminates the need to string unsightly cables all around the house, but it can also create a security risk. Wireless networks are often configured by default to allow access to any computer that attempts to connect. So an Evil Hacker driving by with a laptop (or even your neighbor) might be able to tap into your Internet connection or poke around your hard disk.
Fortunately, wireless security encryption is easy to set up. See my article Wireless Security for step-by-step instructions.
Network Configuration
Whether the network signals travel through wires or through the air, network resources must still be shared so that other computers can access them. If you are running Windows XP or MacOS X, all you have to do is connect your computers and high-speed modem to the router, and Internet connection sharing should just work like magic. If not, restart the cable modem, router, and the computers (in that order) and see if that does the trick. If you can't access the Internet from one or more computers on the network, consult the manual that came with your router.
One nice side benefit of having a router is that they have firewalls built in to the hardware. Firewalls protect you by hiding your computers from network attacks, but still allow you to surf the web and handle email. So after installing a router, you can turn OFF the Windows firewall and any other software-based firewalls you may have running.
Sharing Files and Printers
Sharing files and printers on a Windows network is also pretty painless. To share a printer, go into the Printers section of the Control Panel, right-click the icon for the printer that needs to be shared, and choose Sharing from the resulting menu. By assigning a name to the shared printer, the owner allows other computers on the network to access the printer by browsing using their Network Neighborhood (or My Network Places) icons. Access can be restricted to only some computers or users through the use of the Security or Permissions options on the Sharing screen.
The same concept applies for shared file and folders on a network. For example, if you want to share a collection of MP3 files on a home network, just browse to the folder using the My Computer icon, right-click the folder name and choose Sharing. After assigning a name to the shared resource and setting Permissions other computers on the network can access that resource via Network Neighborhood or My Network Places.
Home Networking - Where to Begin and Different Approaches
Wired
This is the grandfather of networking, the bread and butter combo, the standard. Setting up a wired network is not very difficult, can be done inexpensively, and doesn’t require much prior networking experience.
What you’ll need
For internet sharing, you will need a Cable/DSL router. This splits your internet connections to multiple devices. If you simply need to connect multiple computers for file sharing, chat services, or games within the home, you can use an Ethernet switch. Then, of course, you’ll need Cat5 wiring.
How to do it
There are very few processes less difficult than setting it up physically. Simply plug your computers’ NICs (Network Interface Cards) into the router or switch. If you have a cable router, plug the router into your DSL/Cable source. You will need some basic Cat5, Cat5e, or Cat6 cabling. Now, when it comes to software, network creation can sometimes be a beastly task but that depends fully on your operating system and I just simply refuse to go there.
Cons
Everything’s got its drawbacks and wired networking is definitely a thing. Cat5 cables can be somewhat attractive, but they’re still cables that you’ll either need to run through your walls (which is a lengthy, messy, and potentially dangerous process) or they’ll be trip hazards. This is the principle reason that the next options exist, in my opinion.
Wireless
Wireless networking is becoming more and more commonplaces in homes that need to link together multiple PCs or share an internet connection, but that don’t want to run cable all over their home. 802.11g technology with transfers up to 54Mbps are becoming very affordable, too, making it a very practical option for many.
What you’ll need
For internet sharing and networking, you will need a wireless router. Then, for each computer you want to network with, you will need a wireless access point which can be in the form of a PCI card (for your desktop PC), a PCMCIA card (for a laptop), or even a USB dongle (for desktop or laptop).
How to do it
This is another remarkably simple process. See the steps above for a wired network, just remove the cables. Plug your incoming internet connection into the router, plug the WiFi (receiving) cards or dongles into the connected devices.
Cons
This isn’t as fast as wired speeds (Cat5 is 200Mbps, Cat5e is 400 Mbps, and Cat6 is 1000 Mbps vs. Wireless’ 54 Mbps). There are also distance limitations based on interference from other 2.4 GHz band-using sources (such as cordless phones) as well as walls and other obstacles. It is still a viable option for most homes, though.
PowerLine HomePlug system
The HomePlug alliance began to give people an option for wiring their homes without needing expensive equipment or spending a lot of time wiring. It uses your existing power cabling to carry a network signal, meaning you basically already have networking installed in any room with a power outlet. Very, very cool stuff. Hands down.
What you’ll need
You will still need a router for your internet connection. Beyond that, you simply need a PowerLine wall unit for each room + 1 for the router. You will need short runs of Ethernet cabling (Cat5) for each room.
How to do it
Connect your router to a PowerLine unit via Cat5. Then connect each computer or laptop from its Ethernet card to another PowerLine unit to any plug in the same home or office.
Cons
If speed is an issue, PowerLine’s not the way to go. The max speed is 14Mbps and tests show that that decreases with distance from the source. However, it still works for most common internet needs. Speed would only be a real issue if you needed to transfer large files between computers on a regular basis or stream video from one computer to another.
This is the grandfather of networking, the bread and butter combo, the standard. Setting up a wired network is not very difficult, can be done inexpensively, and doesn’t require much prior networking experience.
What you’ll need
For internet sharing, you will need a Cable/DSL router. This splits your internet connections to multiple devices. If you simply need to connect multiple computers for file sharing, chat services, or games within the home, you can use an Ethernet switch. Then, of course, you’ll need Cat5 wiring.
How to do it
There are very few processes less difficult than setting it up physically. Simply plug your computers’ NICs (Network Interface Cards) into the router or switch. If you have a cable router, plug the router into your DSL/Cable source. You will need some basic Cat5, Cat5e, or Cat6 cabling. Now, when it comes to software, network creation can sometimes be a beastly task but that depends fully on your operating system and I just simply refuse to go there.
Cons
Everything’s got its drawbacks and wired networking is definitely a thing. Cat5 cables can be somewhat attractive, but they’re still cables that you’ll either need to run through your walls (which is a lengthy, messy, and potentially dangerous process) or they’ll be trip hazards. This is the principle reason that the next options exist, in my opinion.
Wireless
Wireless networking is becoming more and more commonplaces in homes that need to link together multiple PCs or share an internet connection, but that don’t want to run cable all over their home. 802.11g technology with transfers up to 54Mbps are becoming very affordable, too, making it a very practical option for many.
What you’ll need
For internet sharing and networking, you will need a wireless router. Then, for each computer you want to network with, you will need a wireless access point which can be in the form of a PCI card (for your desktop PC), a PCMCIA card (for a laptop), or even a USB dongle (for desktop or laptop).
How to do it
This is another remarkably simple process. See the steps above for a wired network, just remove the cables. Plug your incoming internet connection into the router, plug the WiFi (receiving) cards or dongles into the connected devices.
Cons
This isn’t as fast as wired speeds (Cat5 is 200Mbps, Cat5e is 400 Mbps, and Cat6 is 1000 Mbps vs. Wireless’ 54 Mbps). There are also distance limitations based on interference from other 2.4 GHz band-using sources (such as cordless phones) as well as walls and other obstacles. It is still a viable option for most homes, though.
PowerLine HomePlug system
The HomePlug alliance began to give people an option for wiring their homes without needing expensive equipment or spending a lot of time wiring. It uses your existing power cabling to carry a network signal, meaning you basically already have networking installed in any room with a power outlet. Very, very cool stuff. Hands down.
What you’ll need
You will still need a router for your internet connection. Beyond that, you simply need a PowerLine wall unit for each room + 1 for the router. You will need short runs of Ethernet cabling (Cat5) for each room.
How to do it
Connect your router to a PowerLine unit via Cat5. Then connect each computer or laptop from its Ethernet card to another PowerLine unit to any plug in the same home or office.
Cons
If speed is an issue, PowerLine’s not the way to go. The max speed is 14Mbps and tests show that that decreases with distance from the source. However, it still works for most common internet needs. Speed would only be a real issue if you needed to transfer large files between computers on a regular basis or stream video from one computer to another.
Network Attached Storage for Home Networks
Network Attached Storage (NAS) is a way to store common data on a network. While many people think that NAS is only intended for businesses, it can be a great solution for home networking as well. Indeed, many homes nowadays have more than one PC. File sharing between multiple home PCs is often needed, such as accessing your desktop data on your laptop, so you can work on the patio, or downloading a movie on your desktop PC and playing it on your living room's HEPC.
While it may sound complicated at first, it really isn't. A NAS device is simply a small box designed to host one or more hard drives. It comes with it's own operating system and network interface and all you need to do to make it work is plug it on to your switch or network router with a UTP cable. And that's it. You now have your own file server for your home network. However, NAS devices are simple to use for a good reason. They have very limited features and capabilities. In fact, the only thing they can do is accept and distribute files accross your local network. That's pretty much it. For the average home user, however, this is usually enough.
NAS for Home Networks
In it's simplest form, a NAS device consists of a hard drive, a network card and a simple operating system residing in an EPROM memmory. Externally, it looks similar to a common external hard drive, apart from the RJ45 network socket. More advanced configurations are available that offer advanced features such as RAID support (multiple hard drives per device) but these are both expensive and many times unecessary for home use.
While it may sound complicated at first, it really isn't. A NAS device is simply a small box designed to host one or more hard drives. It comes with it's own operating system and network interface and all you need to do to make it work is plug it on to your switch or network router with a UTP cable. And that's it. You now have your own file server for your home network. However, NAS devices are simple to use for a good reason. They have very limited features and capabilities. In fact, the only thing they can do is accept and distribute files accross your local network. That's pretty much it. For the average home user, however, this is usually enough.
NAS for Home Networks
In it's simplest form, a NAS device consists of a hard drive, a network card and a simple operating system residing in an EPROM memmory. Externally, it looks similar to a common external hard drive, apart from the RJ45 network socket. More advanced configurations are available that offer advanced features such as RAID support (multiple hard drives per device) but these are both expensive and many times unecessary for home use.
Home Network Security Revealed
Some home computer users have become experts without knowing it. Just a short time ago terms such as "wireless" and "router" were only known by computer professionals and experts. Not so any more. These days switches, hubs, Ethernet cards, firewalls, routers, and other buzzwords related to networking have become common in many homes.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
What you need to do is lock down the wireless network. You can learn how to do this by reading the manual and then configuring your passwords as well as any other security features that are included.
You don't need to devote your life to becoming a security or network expert just so that you keep your resources safe. However, when you're connected to the Internet through a router there is more risk than if you were connected through dial-up or as a single user.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
What you need to do is lock down the wireless network. You can learn how to do this by reading the manual and then configuring your passwords as well as any other security features that are included.
You don't need to devote your life to becoming a security or network expert just so that you keep your resources safe. However, when you're connected to the Internet through a router there is more risk than if you were connected through dial-up or as a single user.
How To Protect Your Home Network From Security Threats
Technical computer jargon has become a part of our everyday lives and not only at work but at home as well. If you have setup your own computer network at home you probably know all about wireless cards, routers, and firewalls. Most computer components are easy to install and get set up, making it possible create a safe and secure home network. One Internet connection can mean connectivity for every computer in the house.
However, you need to make sure your network is safe from hackers and viruses, which can destroy computers and result in irreplaceable data loss. Start by reading the manual of each network product you have since they typically go into great detail about security configurations. But there is still more you need to know.
Router Ports
The first thing you should do is rename the standard administrator account and password since it is likely quite common and would be easy to find. Router ports are basically network numbers which is used by some applications to distinguish traffic. For instance, port 80 is used for web browsing and is the standard for HTTP.
In order to make your ports secure you may want to forgo dynamic IP addresses and purchase a static IP address. This means that you can specify which IP addresses generate traffic leaving your network. This is especially important if you have a wireless network since someone next door can potentially use your network to get onto the Internet. By specifying which IP addresses may do that youíre preventing this from happening. This is especially important if you live in an apartment building since using someone elseís network is surprisingly easy.
Port 80 should be configured to accept all incoming traffic. Some corporations specify which IP addresses can come into the network but this is very time consuming and labor intensive. You will also need to open port 25 for outgoing mail (SMTP) and 110 for incoming mail if you are using a desktop email program.
Once you have your router setup as described above youíre essentially good to go. There are some extra settings you may need to concern yourself with such as ftp ports, but this can leave your network open to attack.
Wireless Networks
If you have a wireless network, take security one step further and lock it down. If you have an unsecured network anyone within range can access the Internet via your connection. Not only can this severely slow down your own Internet access, but it is dangerous to have someone surfing and downloading who knows what in your name. Most wireless network manuals explain in detail how to configure your wireless security.
However, you need to make sure your network is safe from hackers and viruses, which can destroy computers and result in irreplaceable data loss. Start by reading the manual of each network product you have since they typically go into great detail about security configurations. But there is still more you need to know.
Router Ports
The first thing you should do is rename the standard administrator account and password since it is likely quite common and would be easy to find. Router ports are basically network numbers which is used by some applications to distinguish traffic. For instance, port 80 is used for web browsing and is the standard for HTTP.
In order to make your ports secure you may want to forgo dynamic IP addresses and purchase a static IP address. This means that you can specify which IP addresses generate traffic leaving your network. This is especially important if you have a wireless network since someone next door can potentially use your network to get onto the Internet. By specifying which IP addresses may do that youíre preventing this from happening. This is especially important if you live in an apartment building since using someone elseís network is surprisingly easy.
Port 80 should be configured to accept all incoming traffic. Some corporations specify which IP addresses can come into the network but this is very time consuming and labor intensive. You will also need to open port 25 for outgoing mail (SMTP) and 110 for incoming mail if you are using a desktop email program.
Once you have your router setup as described above youíre essentially good to go. There are some extra settings you may need to concern yourself with such as ftp ports, but this can leave your network open to attack.
Wireless Networks
If you have a wireless network, take security one step further and lock it down. If you have an unsecured network anyone within range can access the Internet via your connection. Not only can this severely slow down your own Internet access, but it is dangerous to have someone surfing and downloading who knows what in your name. Most wireless network manuals explain in detail how to configure your wireless security.
Wireless Home Networking: 20 Things Not to Do When Setting up Your Wireless Network
1. Do not name your SSID your last name or first name
2. Do not have your pass phrase your last name of first name
3. Don’t leave your wireless channel at six, change it to 2 or 11
4. Don’t leave your wireless network open enable some sort of encryption
5. Place your wireless router in the middle of your home not next to a wall
6. Don’t place your wireless router next to large heavy objects
7. Configure your laptop not to automatically connect to a wireless networks named “linksys“
8. Don’t leave your passphase the same and change it every couple months
9. Don’t use only WEP encryption, enable WPA2 and your wireless network will be a lot safer.
10. Don’t use AES wireless encryption for wireless gamming it does slow your network down.
11. Don’t start configuring your wireless network until you have upgraded your wireless router firmware
12. Don’t purchase anything but wireless MIMO routers for home networks, MIMO routers will give you better coverage.
13. Don’t leave your transmit power at the default transmission level. If you need a strong signal turn it up, if you don’t turn it down to the minimum
14. Don’t place your wireless router in the lowest spot in your house. Place it as high as possible to give you the best coverage.
15. Don’t have your wireless antennas pointed in the wrong direction. Meaning your signal does not emit from the points, they emit from the sides.
16. Don’t expect to achieve those 108 mbps speeds that are advertised with MIMO routers….those speeds only are achieved under super ideal circumstances.
17. Don’t upgrade your wireless routers firmware over a wireless connection
18. Don’t upgrade your wireless routers firmware until you have reset your options to the defaults
19. Don’t confuse an access point for a wireless router. Wireless routers act as a firewall, access points do not.
20. Enable some sort of security on your wireless router, if you don’t you will be sorry
2. Do not have your pass phrase your last name of first name
3. Don’t leave your wireless channel at six, change it to 2 or 11
4. Don’t leave your wireless network open enable some sort of encryption
5. Place your wireless router in the middle of your home not next to a wall
6. Don’t place your wireless router next to large heavy objects
7. Configure your laptop not to automatically connect to a wireless networks named “linksys“
8. Don’t leave your passphase the same and change it every couple months
9. Don’t use only WEP encryption, enable WPA2 and your wireless network will be a lot safer.
10. Don’t use AES wireless encryption for wireless gamming it does slow your network down.
11. Don’t start configuring your wireless network until you have upgraded your wireless router firmware
12. Don’t purchase anything but wireless MIMO routers for home networks, MIMO routers will give you better coverage.
13. Don’t leave your transmit power at the default transmission level. If you need a strong signal turn it up, if you don’t turn it down to the minimum
14. Don’t place your wireless router in the lowest spot in your house. Place it as high as possible to give you the best coverage.
15. Don’t have your wireless antennas pointed in the wrong direction. Meaning your signal does not emit from the points, they emit from the sides.
16. Don’t expect to achieve those 108 mbps speeds that are advertised with MIMO routers….those speeds only are achieved under super ideal circumstances.
17. Don’t upgrade your wireless routers firmware over a wireless connection
18. Don’t upgrade your wireless routers firmware until you have reset your options to the defaults
19. Don’t confuse an access point for a wireless router. Wireless routers act as a firewall, access points do not.
20. Enable some sort of security on your wireless router, if you don’t you will be sorry
Subscribe to:
Posts (Atom)