Home WiFi & Networking: Best Practices



Similar documents
9 Simple steps to secure your Wi-Fi Network.

Connecting to Wireless networks and hotspots

Security Awareness. Wireless Network Security

Configuring Routers and Their Settings

SwannEye HD Security Camera Wi-Fi Connections Quick Setup Guide. Welcome! Lets get started.

AC750 WiFi Range Extender

RingCentral Router Configuration. Basic Start Guide for Administrators

Frequently Asked Questions

Configuring the wireless security of your Linksys Wireless-N router through the web-based setup page

Top 10 Security Checklist for SOHO Wireless LANs

Wireless Network Best Practices for General User

USER GUIDE AC2400. DUAL BAND GIGABIT Wi Fi ROUTER. Model# E8350

Fibe Internet Connection Hub Reference Guide

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Quick Installation Guide

User Guide. E-Series Routers

DATA PROJECTOR XJ-A147/XJ-A247/XJ-A257 XJ-M146/XJ-M156 XJ-M246/XJ-M256. XJ-A Series. XJ-M Series. Network Function Guide

FI8910W Quick Installation Guide. Indoor MJPEG Pan/Tilt Wireless IP Camera

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Securing your Linksys WRT54G


National Cyber Security Month 2015: Daily Security Awareness Tips

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Top 10 Security Checklist for SOHO Wireless LANs

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

N300 WiFi Range Extender

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Quick Start. Nighthawk X8 AC5300 Tri-Band WiFi Router Model R8500. Package Contents. NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA USA

Basic Computer Security Part 2

MN-700 Base Station Configuration Guide

This guide is intended to help you troubleshoot problems connecting a wireless device to the Gogo Biz network.

Quick Installation Guide

Quick Installation Guide For Mac users

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

NEW! CLOUD APPS ReadyCLOUD & genie remote access

High Speed Internet - User Guide. Welcome to. your world.

Quick Start Guide. Business Wireless Gateway. WiFi Devices. Model Number: DPC3939B. Business Wireless Gateway

BT Business Total Broadband User Guide

Chapter 3 Safeguarding Your Network

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

BT Business Total Broadband Fibre User Guide

Linksys WAP300N. User Guide

User s manual for Android Application

BYOD: BRING YOUR OWN DEVICE.

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Quick Installation Guide

Quick Installation Guide

A quick Guide to your Super Hub 2ac

Software and Settings Instructions

Linksys E-Series Routers. User Guide

Internet threats: steps to security for your small business

Movie Cube. User s Guide to Wireless Function

Designing AirPort Extreme Networks

Internet and Help. Table of Contents:

Quick Installation Guide

Daylite Server Admin Guide (Dec 09, 2011)

Chapter 2 Configuring Your Wireless Network and Security Settings

Lutron Home Control Remote Access FAQ

NOTICE. All brand and product names are the trademarks of their respective owners. Copyright 2011 All rights reserved.

Remote Access Securing Your Employees Out of the Office

10 Quick Tips to Mobile Security

Section 12 MUST BE COMPLETED BY: 4/22

Configuration Manual English version

Linksys E-Series Routers. User Guide

Quick Installation Guide-For MAC users

Lutron Home Control Remote Access FAQ

Malware & Botnets. Botnets

Lutron Home Control Remote Access FAQ

Beginner s SETUP GUIDE for NANOSTATION-M2 as receiver and other Ubiquity airmax devices using AirOS firmware v5 (Windows/MacOS)

High-Speed Internet Quick Start Guide

Chapter 2 Wireless Settings and Security

CONNECTING THE RASPBERRY PI TO A NETWORK

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Quick Installation Guide

ShareLink 200 Setup Guide

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Thank you for purchasing the Mobile WiFi. This Mobile WiFi brings you a high speed wireless network connection.

Beginner s SETUP GUIDE for NANOSTATION-2 as receiver and other Ubiquity devices using AirOS firmware V3.6 (Windows/MacOS)

Connecting your Aiki phone to a network

Network Security Best Practices

Cyber Security: Beginners Guide to Firewalls

Nighthawk AC1900 WiF Range Extender

Apple s Time Capsule

WiFi-SB-L3 300M WiFi Router WiFi Bridge WiFi Repeater. WiFi Router WiFi Repeater WiFi Bridge WiFi-SB-L3 Quick Setting Guide

Canvio Home FAQ. is designed to be very easy to install and use to back up, share, and remotely access the files from your computers.

What is Bitdefender BOX?

Setting Up Your Wireless Network

Using Wireless Technology Securely

Figure 1. The Motorola SB4200 cable modem

networking revision B

Chapter 15: Computer and Network Security

Chapter 1 Configuring Internet Connectivity

Hands-on MESH Network Exercise Workbook

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Transcription:

2 1. Change Default Administrator Passwords (and Usernames) When you install your wireless router, also known as an access point, the absolute first thing to do is change the default password. (Just Google WiFi default passwords and see what pops up!) Once you have done that, be sure to record it in your Password Vault or an encrypted file where you store other passwords or credentials. (Have you backed up this, and your other files, lately?) 2. Turn on WPA / WEP Encryption Home WiFi & Networking: Best Practices With so many people using WiFi and creating wireless networks in their homes, it is important that we learn how to do so securely! These 10 tips should help keep your home networks shielded from the 'bad guys.' It is now more common than not for homes to have their own internal computer networks. A few short years ago, most of us used dial-up or DSL with much slower speeds than we enjoy today. Our home networks, connected to high speed cable or fiber providers, get between 10-100 mbits/sec download speeds. We can download huge files, stream audio/video and use videoconferencing services such as Skype, all at the same time. Huge numbers of us also have one or more wireless networks or WiFi at home. So now, in addition to just our computers, modern standards allow us to distribute our multi-media entertainment around the house, add in a baby monitor, and even build a pretty decent WiFi based, interior and exterior, home security camera network to monitor and protect the family and property while we are home or away. Awesome. But you know what's next, right? What about security? First, we will say this. Wired networks offer the best speeds and are the most secure/securable types of networks. But for convenience and flexibility within your home, and for personal use in general, WiFi is most people s choice. Now, again we ask what about security? Shouldn t we be securing that network to which we are connecting our computers, ipads, smartphones, security cameras and monitors? The answer is, yes, of course! Hardening (securing a system by reducing its vulnerabilities) your home WiFi network is actually not difficult at all. It just takes a few minutes and it makes you largely safe and secure from interlopers and eavesdroppers. Here s our Top 10 Home WiFi security tips. WiFi routers, and most computers, support encryption. The goal is to scramble the WiFi data so that it cannot be read by humans. This prevents interception of your private emails, surfing, and everything else you do online. WiFi encryption secures the so-called last yard or that short distance between you, your computer and your wireless router. Eavesdroppers with large antennas can read WiFi network traffic from long distances, the record being some 125 miles. In practice, though, assume that your unprotected home WiFi signal can be read from more than half a mile away; invisible to you. Thus, the need for encryption. Your first choice should be WPA or WPA2 Personal at home. If your computer is older, though, you might have to fall back to WEP, the first generation of wireless encryption, which is fairly easily cracked these days. But, some encryption is better than none.

3 3. Change the Default SSID During your WiFi router set up, you will want to change the name of the router. Access points and routers use SSID (Service Set Identifier) to name the network. Manufacturers normally ship their products with the same default SSID set, such as Linksys. You should change the SSID and set it to a unique name, but not My Private Stuff. That s asking for trouble. Naming the SSID something innocuous will bring less attention to your network: WLAN, LAN4, NETWORK211, and so on. 4. Enable MAC Address Filtering Every computer with a network connection has a unique identifier called the physical address or MAC address. Since access points and routers keep track of the MAC addresses of all devices that connect to them, you can easily restrict which computers can connect to your wireless network. This is a great additional layer of security for your home network. Depending upon the type of access point, you might have to give Guests your WPA encryption code and/or enter their MAC address into the router. Some routers, however, permit Hot Spot connection to the internet and not your internal network. Read the specs carefully! The command ipconfig /all will give you the physical MAC address on your Windows computer. In OS X, Preferences>Network>Advanced will give you the MAC address. 6. Disable SSID Broadcast In a home WiFi network, automatic network roaming between different access points is pretty irrelevant. In your router set up, disable SSID Broadcast. You don t need it unless you have several wireless networks at home. 7. Consider Using A Static IP Most home routers and access points use a networking technology called DHCP or Dynamic Host Configuration Protocol. The network IP address of your computer can change on the fly as computers and additional equipment are connected to it. This makes networking very easy. Nothing to touch or configure. The IP address of many home wireless routers is 192.168.2.1 (called an octet) and then each computer (or network enabled device) will be assigned a number greater than one for the final digit of the octet. For small home networks this is automatic and invisible. That s the good news. Unfortunately, attackers can easily obtain valid IP addresses from your network's available DHCP numbers. For extra layers of security, you may want to turn off DHCP and set a static (fixed) IP address on your router or access point. This way you can configure each connected device to match. Using a private IP address range prevents computers from being directly reached by the bad guys from the internet. There are three IP address ranges you can use for your private static IP network: 0.0.0.0 through 10.2.2.2 172.16.0.0 through 172.31.2.2 192.168.0.0 through 192.168.2.2 5. Don't Auto-Connect to Open WiFi Networks Be very careful not to accidentally connect to the wrong wireless network! Your neighbors may not be as security aware as you, and their WiFi network may be wide open. Some computers are set to automatically recognize and connect to any available network, and that is not good for you! Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer and all of your communications to interception and potential data leakage. Unless you have a very specific reason to do so, do not enable auto-connect. On your computers, find and know how to use and disable this feature. There is no security advantage with any specific IP address or range. Every router is slightly different in menus and configuration, so please read carefully, check the manual and Google it if you are confused. (Routers always have a reset button so if you make a mistake, you can always start over using the default settings.)

4 Up at www.grc.com (they are The Good Guys!). You will want to test all of the ports to your network. The best result you can get is PASSED and all ports would show up in Stealth Mode. Many home networks, however, are configured to connect to outside services, servers and clouds. For this reason, you may notice that PORT 113 (IDENT) may be closed and not in Stealth Mode. Generally this is not a problem. If you want to take the extra step, refer to your router s manual so you can put IDENT into Stealth Mode by using a technique called port forwarding, which is available in most wireless routers. Now, at home, you trust everyone on your network. Right? That s all up to you, but you should also know what additional steps you can take to protect your confidential data on your networked computers. 1. Do you have software firewalls turned on? Perhaps, parents want to keep curious kids out of their affairs. One option is to configure a firewall to restrict access to a specific computer. Software firewalls are built-in to Windows and OS X. 2. Another option is to not use the computer s built-in firewall. Instead, you can configure sharing to give full or partial access to your computer s files. 3. Configuring the personal firewall on your laptops is recommended when away from home or on travel. This effectively makes your computer invisible to bad guys. 9. Position the Router or Access Point Safely Remember that if you have access to your neighbor s WiFi, then he could also have access to yours. If possible, put your WiFi router in the middle of your house. This simple step will help minimize the amount of signal leakage to potential eavesdroppers. Remember, your WiFi network can be heard for over half a mile. Some homes require repeaters to make sure the WiFi signal reaches everywhere it is needed. Being aware of your network and its weaknesses is critical to achieving the highest level of home wireless security. 10. Turn OFF the Network During Extended Periods of Non-Use The ultimate in security is to simply turn off the computer. In the case of your wireless network: same thing. Shutting down your network will certainly prevent most outsiders from breaking in! But it s also impractical to turn it off and on frequently. In addition, if your network Sharing and Firewall controls in OS X. disappears (is not shown in a list Preferences>Sharing and Preferences>Security. when your neighbors search for Windows 7 security and sharing is a vast available networks), that could be improvement over prior versions. a clue that you are, in fact, away from home for some period of time. Perhaps you could turn off the computers and printers and 8. Firewalls and Sharing On Each Computer and the Router such, but leave the network on especially Modern network routers contain built-in firewalls. During set up, make sure the router if you have a WiFi video surveillance and firewall is not disabled. security system that you can monitor from To test what your home network looks like to bad guys on the internet, visit Shields anywhere you happen to be! So now you re secure on your home wireless network. Right? Maybe. New vulnerabilities are discovered regularly, and we never know if one is going to affect our particular equipment. What should you do? Perform periodic network scans (GRC/ Shields Up), check your sharing rights (things can change mysteriously ), and check your router and computer settings. Good practice. Regularly check for router firmware updates from the administration panel. Don t ignore those security alerts. Pay attention and make an informed decision as to whether or not they affect you. When in doubt, ask for help! Search the internet, ask more technical friends or colleagues, and don t forget the kids. They have this stuff down!

5 Who's the Boss on Your Home Computers? So, we have been talking about home networks, multiple computers, multiple users, etc. Many of us share computers at home and that s not a security problem. Unless, you aren t managing them correctly. Here are a few tips to help you manage your multi-user computers. There should only be 1 person with administrator access, per computer. One big boss. That account should only be used when there are changes being made to the computer. A backup administrator is also a good idea. Each user should have his/her own user account, with individual login credentials. Set up as many as you want! Sharing between accounts and files should be set by the admin (Mom? Dad?) based upon your family s policies about who is allowed to do what. Learn how to set parental controls for each operating system. Configure browsers for each user to filter content as you deem appropriate. Consider adding additional parental control software, if you choose. Engage the entire family. These are security issues not an invasion of privacy or lack of trust. VPNs: Make Connections SECURELY at Home and Away Virtual private networks, or VPNs, tend to get a bad rap as being difficult to set up, erratic in performance, and a questionable deterrent against possible security breaches. Not true anymore. Products such as HMA achieve high levels of security and privacy, and are no more difficult to use than email. In fact, many experts argue that personal VPNs are no longer optional, but are absolutely necessary. With endless travel, wireless hotspots, and other public internet access, the risk of bad guys grabbing your data and credentials must be dealt with by each user. Think of a VPN as an insurance policy; sure, most of time no one will be listening. Most of the time, you don t crash your car, either. It's just that one incident that one car crash, that one electronic eavesdropper when you desperately need the insurance afforded by a VPN to avoid a huge loss in confidential and valuable data. A VPN encrypts all of the internet traffic in and out of a computer, and also hides the true location of the computer. Personal VPN services cost between $40-$100 per year and are worth every penny for the peace of mind. You will be able to choose which VPN server you want to connect through. Some services offer hundreds of options, so your computer might appear to be in France or Japan or Australia while you are actually at an airport in Houston or London. The Bad News: Some VPN services will slow down your internet experience. Read the reviews (http://myvpnreviews.com/), do some research, and if you don t like it within the first 30 days, most reputable companies will refund your money.

6 Mac Infection? They said it never could happen. Headlines are screaming, Mac Botnet Grows and that at least 600,000 Macs are infected as part of a growing botnet, with some experts now claiming that Mac OS X is no longer free of malware. 76% of the infected Macs are located in the U.S. and Canada, with another 13% in the UK. But almost 300 of the infected machines are in Cupertino, Apple s home. The facts: The Flashback Trojan first appeared disguised as a Flash installer in September 2011. It disables Mac OS X s built-in malware protections. The Trojan makes its way into Macs through a Java vulnerability, and is loaded onto unpatched Macs, without interaction from the user. Is this a Mac problem or, as many experts claim, just a typical Java and browser hole? Since the weakness is in Java itself, OS X is still clean as far as most people can tell. If you want to check if your Mac is infected, visit http://www.f-secure.com/v-descs/ trojan-downloader_osx_flashback_i. shtml. A small percentage of Windows machines may have been infected, as well. Make sure your Windows software has been updated and patched. No matter the result, and no matter if you are on OS X or Windows, if you are using Java, update your software immediately with Software Update! And as always, follow company policy concerning any computers that are for work use or any personal machines that you are allowed to use for work or on company networks. Lost and Found Symantec s recent study of what happens to lost smartphones provides some fascinating and perhaps not so surprising insight to the human character and what you should expect if you do lose your iphone, ipad or Android device. A number of mobile devices were accidentally lost in several cities in the U.S., Canada and UK, then tracked to see what happened when they were found. 96% 89% 50% of lost smartphones were accessed by the finders of the devices. We are an inquisitive species. of devices were accessed for personal related apps and information. 70% 83% of devices were accessed for both business and personal related apps. A file titled HR Salaries was accessed on of devices were accessed for corporate related apps and information. 53% of the phones. of the smartphone finders contacted the owner because the contact info was loud and clear on each 'lost' device. The other 50% are assumed to now be the property of their new owners. This finding demonstrates the high risks posed by an unmanaged, lost smartphone to sensitive corporate information. It demonstrates the need for proper security policies and device/data management. This is especially true in the age of the consumerization of IT and Bring Your Own Device (BYOD), when mobile devices are flowing into and out of corporate infrastructures at previously unheard of rates. If an unmanaged employee-owned device is used for corporate access unbeknownst to the organization and then that device is lost, the consequences of having no control over that device for example, to remotely lock or wipe it can be devastating. Coming Next Month: Identify Yourself! Biometrics Passwords Single Sign On User Authentication and more!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information