In this article I'll describes you the techniques that how user can secure wireless (Wi-Fi) home network. Securing a wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing.
1> Change Default Administrator Passwords (and User names)
Wireless routers (and access points) allow administrators to manage their Wi-Fi network through a special account. Anyone who knows this account's username and password can log into the router, giving them complete access to the device's features and information about any devices connected.
Manufacturers set up all of their new routers with the same default username and password. The username is often simply the word "admin" or "administrator." The password is typically empty (blank), the words "admin," "public," or "password," or some other simple word.
To improve the security of your Wi-Fi network, you should change the administrative password on your wireless access point or router immediately when first installing the unit. The default passwords for popular models of wireless network gear are well-known to hackers and often posted on the Internet. Most devices do not allow the administrative username to be changed, but if yours does, seriously consider changing this name as well.
Finally, to maintain home network security for the long term, continue changing this administrative password periodically. Use words that would be very difficult for others to guess. Many experts recommend changing Wi-Fi passwords every 30 to 90 days.
2> Change the Default SSID
Wi-Fi access points and routers establish a wireless network using a name called an SSID. Routers are configured with a default SSID pre-defined and set by the manufacturer at the factory.
Typical default SSIDs are simple names like
☻ "wireless"
☻ "netgear"
☻ "linksys"
☻ "default"
The SSID can be accessed from within the router's Web-based or Windows-based configuration utilities. It can be changed at any time, but wireless clients must then recognize the new SSID in order to reconnect to that router and wireless network.
To improve the security of your home wireless network, consider changing the router's SSID to a different name than the default. Here are some recommended do's and dont's, based on recommended network security practices:
☻ Don't embed your name, address, birth date, or other personal information as part of the SSID
☻ Likewise, don't use any of your Windows or Internet Web site passwords
☻ Don't tempt would-be intruders by using tantalizing network names like "SEXY-BOX" or "TOP-SECRET"
☻ Do pick an SSID that contains both letters and numbers
☻ Do choose a name as long or nearly as long as the maximum length allowed
☻ Do consider changing your SSID periodically (at least once every few months)
3> Disable SSID Broadcast
Most wireless access points and routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs.
However, this feature also makes it easier for hackers to break into your home network. Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP. Knowing your SSID brings hackers one step closer to a successful intrusion.
In a home Wi-Fi network, roaming is largely unnecessary and the SSID broadcast feature serves no useful purpose. You should disable this feature to improve the security of your WLAN. Once your wireless clients are manually configured with the right SSID, they no longer require these broadcast messages.
Note that disabling SSID broadcast is just one of many techniques for tightening security on a Wi-Fi network. This technique is not 100% effective, as hackers can still detect the SSID by sniffing different messages in the Wi-Fi protocol. Still, using techniques like SSID broadcast disable makes it more likely that would-be intruders will bypass your home network seeking easier targets elsewhere.
4> Do Not Auto-Connect to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations with your (the user's) awareness.
To verify whether automatic connections to open Wi-Fi networks are allowed, check the computer's wireless configuration settings. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called "Automatically connect to non-preferred networks." To check this setting, follow these steps:
i) From the Start Menu, open Windows Control Panel.
ii) Inside Control Panel, click the "Network Connections" option if it exists, otherwise first click "Network and Internet Connections" and then click "Network Connections."
iii) Right-click "Wireless Network Connection" and choose "Properties."
iv) Click the "Wireless Networks" tab on the Properties page.
v) Click the "Advanced" button in this tab.
vi) Find the "Automatically connect to non-preferred networks" setting. If checked, this setting is enabled, otherwise it is disabled.
While Windows XP does not enable automatic non-preferred connections by default, some users enable it in an attempt to simplify connecting to their own home network. Users should instead configure these as Windows XP Preferred networks which allows automatic connection to the home equipment yet still prevents auto-connection to other networks.
5> Assign Static IP Addresses to Devices
Static IP address assignment (sometimes also called fixed addressing) is an alternative to dynamic addressing (normally, DHCP) on Internet Protocol networks. Dynamic addressing is convenient. It also allows mobile computers to more easily move between different networks.
However, static IP addressing also offers some advantages:
☻ A static IP address best supports name resolution, so that a computer can be most reliably reached over the network by its host / domain name. Web and FTP servers in particular benefit from fixed addressing for this reason.
☻ Using static IP addresses on home networks gives somewhat better protection against network security problems than does DHCP address assignment.
☻ Some network devices do not support DHCP. Using static IP address assignment for all devices on the home network guarantees to avoid potential address conflicts where DHCP may supply an address already assigned statically elsewhere.
When using static IP addresses on home and other private networks, they should be chosen from within the standard private IP address ranges listed:
☻ 10.0.0.0 through 10.255.255.255
☻ 172.16.0.0 through 172.31.255.255
☻ 192.168.0.0 through 192.168.255.255
These ranges support many thousands of different IP addresses. It's common for people to assume that any address in these ranges can be chosen and the specific choice doesn't matter much. This is untrue. To choose and set specific static IP addresses suitable for your network, follow these guidelines.
i> Do not choose any addresses that end with ".0" or ".255" - these addresses are generally reserved for use by network protocols.
ii> Do not choose the addresses at the beginning of a private range. IP addresses like 10.0.0.1 and 192.168.0.1 are very commonly used by network routers and other consumer devices. These are the first addresses someone will attack when trying to break into a private computer network.
iii> Do not choose an address that falls outside the range of your local network. For example, to support all addresses in the 10.x.x.x private range, the subnet mask on all devices must be set to 255.0.0.0, otherwise some static IP addresses in this range will not work.
6> Enable Firewalls On Each Computer and the Router
One of the easiest, least expensive ways to guard a home network from attack is to set up a personal firewall. The top firewall software products listed below afford good network protection and help maintain personal privacy. Even those who have home routers probably need the additional protection that a personal firewall offers. While these products all target the Windows environment, Symantec also sells the Norton Personal Firewall for Macintosh.
Some personal firewalls formerly available as stand alone downloads, such as the CA Personal Firewall based on the old free TINY Personal Firewall, are now bundled together with other security software and no longer on this list.
i> Sygate Personal Firewall PRO
Before being discontinued by Symantec as a product, Sygate Personal Firewall software offered solid network protection, activity logging, and automatic email notifications. Free for personal use, it supported advanced configuration options without being overly difficult to use. The PRO edition (no longer available) includeed guaranteed VPN support, an unlimited number of security rules, ability to import/export settings to multiple computers, and one year of free upgrades.
ii> ZoneAlarm Pro
Zone Labs provides a free ZoneAlarm download, too. The Pro edition adds email attachment protection similar to that offered by antivirus software, password protection, and ICS/NAT support. ZoneAlarm runs in Stealth Mode, making your PC literally "invisible" on the Internet. Though missing some of the more advanced personal firewall controls, its user interface includes handy features like the "Stop" button.
iii> Symantec Norton Personal Firewall 2012
Some claim that Norton's graphic interface isn't as easy to use as some other products in this category. Symantec doesn't offer a free trial version of this personal firewall software product either. Still, it continues to improve, and a new Home Network Assistant feature simplifies administering security across the home LAN. The Norton Personal Firewall software is solid and from a reputable company.
iv> McAfee Personal Firewall Plus
McAfee's software is sold on a one-year subscription basis rather than on one-time purchase, a feature that may appeal to some, but no free trial exists. McAfee also possesses a comparatively small footprint and a central "Control Panel" style of user interface. Product updates occur "live" over the Internet. McAfee does not support Windows ICS networks or the IIS Web server.
v> BlackICE™ PC Protection
BlackICE was the first mainstream personal firewall software product and remains an all-around top choice. Its high-quality user interface, logging capability, and support for auto-blocking of traffic from specific network addresses are great features for beginners and more advanced networkers alike. BlackICE PC Protection is an end of life product no longer receiving support from its vendor (IBM).
7> Turn Off the Network During Extended Periods of Non-Use
Question: Should Your Computer Network Be Powered Off When Not in Use?
Most broadband Internet connections stay "always-on," keeping you online at all times. For convenience, residential network owners often leave their router, broadband modem and other network equipment powered up and operating, even when not utilizing it for long periods of time.
But should home network gear really stay always connected? What are the pros and cons of switching it off?
Answer: Home network gear need not be powered on and connected to the Internet at all times. Several clear advantages apply if you turn off your equipment when not using it, although some disadvantages exist also. Consider these pros and cons:
☻ Security - Powering off your gear when not using it improves your network security. When network devices are offline, hackers and Wi-Fi wardrivers cannot target them. Other security measures like firewalls help and are necessary but not bulletproof.
☻ Electricity cost savings - Powering down computers, routers and broadband modems saves money. In some countries, the savings is low, but in other parts of the world, costs are significant.
☻ Surge protection - Unplugging network devices prevents potential damage from power surges. As with other types of consumer electronics, surge protectors may also prevent this damage. However, surge units, particularly the inexpensive ones, generally cannot protect against severe power spikes like those from lightning strikes.
☻ Noise reduction - Networking gear has grown quieter in recent years, as noisy built-in fans get replaced with solid state cooling systems. Your senses might be adjusted to the relatively low levels of home network noise, but you might also be pleasantly surprised at the added tranquility of a residence without it.
☻ Hardware reliability - Frequently power cycling a computer network device can shorten its working life due to the extra stress involved. Disk drives are particularly susceptible to damage. On the other hand, high temperature also greatly reduces the lifetime of network equipment. Leaving equipment always-on very possibly causes more damage from heat than will powering it down occasionally.
☻ Communication reliability - After power cycling, network communiations may fail to re establish. You must take care to follow proper start-up procedure. For example, broadband modems generally should be powered on first, then other devices only later, after the modem is ready. You may also experience start-up failures due to "flaky" or unstable installations. Troubleshoot these problems when they arise, or you'll be faced with bigger networking problems down the road.
☻ Convenience - Network devices like routers and modems may be installed on ceilings, in basemenets or other hard-to-reach places. You should shut down these devices gracefully, using the manufacturer-recommend procedure, rather than merely "pulling the plug." Powering down a network takes time to do properly and may seem an inconvenience at first.
In summary, most of these considerations suggest turning off your network during extended periods of non-use is a good idea. The security benefit alone makes this a worthwhile endeavor. Because computer networks can be difficult to set up initially, some people naturally fear disrupting it once working. In the long run, though, this practice will increase your confidence and peace of mind as a home network administrator.
0 comments:
Post a Comment