WP Studios - Tutorials

Navigation: Blog Home

Home NetworkingPosted by Andrew Poelstra on February 12, 2007.

Home networking is a very easy task, but is often oversimplified. Securing the network is a very importing task, and a well-secured network is an extremely effective tool at preventing unauthorized use of your computer, keeping attackers out, and controlling network access. Rule one in network security is to get a router. This is crucially important, even if you only have one computer or if you don't need a wireless connection. For some reason, ISP's do not involve routers in their instructions for setting up Internet connections. Some common excuses are that routers are expensive or complicated. However, this is simply not true. An ordinary wired router costs less than $30, and works the same way that a cable splitter does. The router will have several ports on the back, with one that is separated. Plug your DSL or cable modem into the separate port, and your computer(s) into any of the others. To explain how a router achieves its security benefits, a short explanation of the way the Internet works is in order. The Internet is an enormous network of computers, all of which talk to each other. When you view a web page, your computer connects to another called a web server. Because your computer initiates the connection, this is called an outgoing connection. If another computer contacts yours, as is the case when an attacker attempts to break in, this is called an incoming connection. By default, outgoing and incoming connections are both freely allowed, and your computer has to deal with them. Spyware and viruses may configure your computer to accept these connections, which could grant an attacker complete access. However, the picture isn't quite as simple as this. Different connections run on different ports, which are numbers that tell a computer what to do with the connection. For example, a request on port 80 usually asks a computer for a web page or download, whereas a request on port 25 asks for email. A computer with port 25 open may be used to route spam around the world, and I've even seen cases where an attacker setup a complete webserver on a regular desktop machine, and was running an online business for free! A router blocks all ports by default, and since the router sits between your computer and your Internet connection, there is nothing an attacker can do about it. Even if he opens up port 80 on your computer and tries to run a webpage, the router will block any connections from the outside so that the webpage can't be accessed except by other computers on your network. This is especially important when other, more dangerous ports are open, such as 3389, which is what lets an attacker take control of your computer in the first place. Often people think 'How can I access webpages if port 80 is blocked, since obviously the webserver needs to send the web page to my computer over that port? How can the router tell whether the server is giving me a webpage or trying to access one?' The answer to this lies once again in whether the connection is outgoing or incoming. Routers default to allowing all outgoing connections and blocking all outgoing connections. If you have a legitimate use for these ports to be open, such as if you are running your own webserver, they are easy to enable. In fact, you can send information on different ports to different computers, if you have more than one. This is useful if you want to have a separate webserver and mailserver, for example. The ways of configuring this are specific to your router, and are done at your own risk. A common reason for enabling ports is running BitTorrent, which downloads very slowly unless port 6881-6999 is enabled. Finally, some routers have wireless capabilities. Wireless security is very important, because if your network is unsecured, anyone can drive by and connect to it. Routers won't block connections to your computer if the other computer is on the same network! There are two types of wireless security: WEP and WPA. WEP is theorietically insecure, but given that in an average neighborhood there are several totally unprotected networks, most attackers won't bother to crack your key. WEP is very simple to set up, and detailed instructions will be in your router's manual. That's it! With one device (a router, if you haven't been following), you can completely block almost all attacks on your computer.