How to know if your home network is secure

If you are joining the 21st century of computer usage, the time is not far distant when you will need to be setting up a home computer network, if you haven't already.  However, with creating a network, you have also entered an entire other realm of security problems.  This article will address what security issues are present with home networks, and the basic steps to making your home network as secure as possible.

Why is it Important to Secure my Home Network?

Even though you may be one of those nice people out there who truly don't care if your neighbors gain internet access off your wireless network without paying any of the bills, it's still not a good idea.  It doesn't matter if your in college, and only two people in the apartment complex have their parents paying for internet usage.  It doesn't matter if you have known your neighbors for decades. 

In these days of internet fraud, identity theft and hate crime, it is essential for you to make your home network as secure as possible. Hackers and other users can use your ip address to send out hate mail or threatening messages, and when the police track them, it's you who will pay the piper.  In addition, anyone using your home network has the ability to connect to your home computer(s) and alter their settings, obtain personal information, and file-share with your computer.  This is what qualifies as a bad idea.  After you have secured your network, anyone else who is close enough to you with a wireless network will also appear in your computers search fornetworks.  Make sure when you connect each time you are connecting to your very own secure network, and not your neighbor's open one.

I set my home network up following the directions on the box to the letter, are you telling me that it is not secure?

Unless you have specifically followed the procedures listed below to secure your home network, it is not secure! The router you purchase from your local or Computers-R-Us store comes preconfigured for open access. The reason for this is because it makes the router easier to set up (ie, all you have to do is plug it in) but your Wireless Access Point is wide-open for whoever wants to access it.  Although most routers do have a default login/password provided by the manufacturer, this information is easily obtainable online.

Step 1: Change Default Administrator Password on Your Router

Your store-bought router will come with a default user password, because this password is well-known, change the default password to one of your own by running the installation and setup wizard that came with the router.  If you didn't get the set-up wizard with your router, power the router up, connect the Ethernet cable, and then connect to the router via an internet browser and change the password that way. (You will need to use the default password/user ID to access the router).

Step 2: Change the IP Address of your Router

Every router has its very own IP address given to it by the manufacturer.  These, like the passwords, are also well-known and easily obtainable, once someone knows your router manufacturer and type.  As part of the set-up, input a new IP address. 

Step 3: Limit DHCP function

DHCP, a function that gives client machines IP information, is also automatically enabled on every commercial router.  The DHCP server randomly assigns IP addresses to machines accessing the network in the 2-254 range.  However, since it is highly unlikely you have 253 machines that would be accessing your network, limit the DHCP range to include only the number of machines you expect to have in your network. (Be careful to make allowances for machines like Wii, Nintendo, Playstation, X-box, iPhones, and PDA's that might be set up to access the internet).  It's also a good idea to include a few extra spots for visiting friends and families and their devices.

However, even after you do this, you are not yet 100% secure, because limiting changing your IP address and limiting DHCP does not actually enforce any real 'security' measures, it just makes it harder for your would-be band-width borrower figure out where your network can be accessed from.  I.E, a properly phrased query by an experience hacker can ascertain the DHCP pattern being used.

Step 4: Change the Default SSID and Disable SSID Broadcast

Your SSID is the "Service Set Identifier" that comes with all routers as they leave the factory shelves. It is a sequence of as many as 32 letters and numbers that is the wireless LAN's ID or name.  (i.e., the Linksys router's default SSID name is Linksys). Again, this information is widely disseminated!  So, change your default SSID name to something unique (full names and/or street addresses are a bad idea due to identity theft issues). The ultra-paranoid might also want to consider changing this name periodically.

After changing the SSID name, make sure you take the extra step and disable the router's default behavior of broadcasting the SSID.  Although this doesn't mean determine hackers can't get through (commonly available tools and programs can detect hidden SSIDs) at least your network will not appear to the casual internet borrowing neighbor.

*Side Note:  Disabling SSID broadcast may disable some devices (palmtops, PDAs etc) might not be able to connect to the network or drop the connection frequently.  So this might not be an ideal step for you to take.

Step 4:  Set Up the Option to Filter MAC Addresses

This step enables you to choose exactly which computers and/or devices will be able to access your network.  If you choose to enable this security measure, you will be required to make some changes if casual or occasional guests or company in your home wish to access the internet via a wireless device. For this reason, some consumers elect not to enable this additional security measure.  However, if you have enabled the other four, you still shouldn't have a problem.

In order to display Windows XP's IP configuration from your computer (which includes the MAC address, at a command prompt type:

C:\> ipconfig /all

Carefully copy down the MAC address (which is the physical address of your computer) and then log onto your router, select the 'allow only specific clients' option and add the MAC address to the filter.  You should only have to do this once for each device that will be accessing the network.  Once the MAC addresses of all your particular devices are added to the list, you should not have any problem getting online.

Step 5: Set Up the Best Encryption Possible on Your Router

At the risk of sounding like a broken record, a router's default factory settings also do not include encryption.  However, encrypting your wireless communication is the most important step in securing your home network.  You may have noticed that each of the following steps includes a warning that serious hackers may not be deterred by these actions.  Using the best encryption compatible ensures that your home network will be as secure as it can possibly be.

There are currently two types of encryption available for use by your router.  Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA).  WEP is the older, less secure version, but has the major advantage of being completely backwards compatible and accessible by all devices.  Older devices (or routers) may not be able utilize WPA encryption.  However, even if you have an older router, check for a firmware update, because advanced encryption support may have been added later. In addition, you might need to download a client-software update in order to use WPA encryption (i.e., if you don't have Windows XP Service Pack 2 (SP2), you'll need to download and install the WPA support patch).

In order to enable encryption on your router, access the router from your computer.  Under the "Wireless" or "Wireless Security" drop-down tabs, there should be a list of the various encryptions available.  Again, WEP is better than nothing, but WAP is best.  You will then need to enter an encryption key of your choosing.  Make sure you don't forget to configure all of your various wireless adapters with the same information, and your wireless network should then be plenty secure for your standard home usage!

Follow Secure Procedures for Accessing Networks Other Than Your Own

Finally, when you are traveling and accessing wireless networks that are not your own, be careful.  There are spurious wi-fi hotspots maintained by hackers for the main purpose of obtaining personal information from the unwary in order to perpetrate identity theft.  If you are in a hotel or airport, ascertain which system they use officially for transients, and then log on only to that system. In addition, it is wise to avoid accessing anything financial, highly secure, or confidential in nature until you are home or on a network you know is 100% secure.