Navigation: Blog Home
Home networking is a very easy task, but is often oversimplified. Securing
the network is a very importing task, and a well-secured network is an
extremely effective tool at preventing unauthorized use of your computer,
keeping attackers out, and controlling network access.
Rule one in network security is to get a router. This is crucially important,
even if you only have one computer or if you don't need a wireless connection.
For some reason, ISP's do not involve routers in their instructions for
setting up Internet connections. Some common excuses are that routers are
expensive or complicated. However, this is simply not true. An ordinary wired
router costs less than $30, and works the same way that a cable splitter does.
The router will have several ports on the back, with one that is separated.
Plug your DSL or cable modem into the separate port, and your computer(s)
into any of the others.
To explain how a router achieves its security benefits, a short explanation
of the way the Internet works is in order. The Internet is an enormous
network of computers, all of which talk to each other. When you view a web
page, your computer connects to another called a web server. Because
your computer initiates the connection, this is called an outgoing
connection. If another computer contacts yours, as is the case when an
attacker attempts to break in, this is called an incoming connection.
By default, outgoing and incoming connections are both freely allowed, and
your computer has to deal with them. Spyware and viruses may configure your
computer to accept these connections, which could grant an attacker complete
However, the picture isn't quite as simple as this. Different connections run
on different ports, which are numbers that tell a computer what to do
with the connection. For example, a request on port 80 usually asks a computer
for a web page or download, whereas a request on port 25 asks for email. A
computer with port 25 open may be used to route spam around the world, and
I've even seen cases where an attacker setup a complete webserver on a
regular desktop machine, and was running an online business for free!
A router blocks all ports by default, and since the router sits between your
computer and your Internet connection, there is nothing an attacker can do
about it. Even if he opens up port 80 on your computer and tries to run a
webpage, the router will block any connections from the outside so that the
webpage can't be accessed except by other computers on your network. This
is especially important when other, more dangerous ports are open, such as
3389, which is what lets an attacker take control of your computer in the
Often people think 'How can I access webpages if port 80 is blocked, since
obviously the webserver needs to send the web page to my computer over that
port? How can the router tell whether the server is giving me a webpage or
trying to access one?' The answer to this lies once again in whether the
connection is outgoing or incoming. Routers default to allowing all outgoing
connections and blocking all outgoing connections.
If you have a legitimate use for these ports to be open, such as if you are
running your own webserver, they are easy to enable. In fact, you can send
information on different ports to different computers, if you have more than
one. This is useful if you want to have a separate webserver and mailserver,
for example. The ways of configuring this are specific to your router, and
are done at your own risk. A common reason for enabling ports is running
BitTorrent, which downloads very slowly unless port 6881-6999 is enabled.
Finally, some routers have wireless capabilities. Wireless security is very
important, because if your network is unsecured, anyone can drive by and
connect to it. Routers won't block connections to your computer if the other
computer is on the same network!
There are two types of wireless security: WEP and WPA. WEP is theorietically
insecure, but given that in an average neighborhood there are several totally
unprotected networks, most attackers won't bother to crack your key. WEP is
very simple to set up, and detailed instructions will be in your router's
That's it! With one device (a router, if you haven't been following), you can
completely block almost all attacks on your computer.
Powered by ShellBlog 1.0a.