Protecting Your Home Network
Network security
isn't just for big corporations and governments anymore. The new breed of
viruses, worms, and deceptive software that can infect your computer or
allow malicious hackers to use your computer in other attacks makes
security everybody's business.
There are many
reasons why everyone with a home network needs to worry about network
security. If you have only a single PC, or if your PCs are not connected,
don't put this guide down yet. There's lots of valuable information here
for helping keep your computer and your information safe even if you're
not on a network.www.tartoos.com
Fortunately,
network security isn't as difficult as it used to be. This article
provides a guide to the different areas that you should think about, gives
you links to more detailed articles that will help you with the details,
and helps you find more assistance if you need it.
Securing your
computer
The first thing
you need to do to keep your computers safe is to secure each of them. You
should do all of the following items on each computer to help keep it
safe:
1-
Make sure each computer has all of the latest service packs and critical
updates from Windows Update installed. Next, configure each computer to
use Automatic Updates (if available on your version of Windows). The
latest service pack for Windows XP is Service Pack 2. During installation
of Service Pack 2 you will be asked to turn on Automatic Updates.
2 - Install a
firewall.
Tip If
you're running Service Pack 2, the firewall that's included in Windows is
turned on by default.
3 - Install an
antivirus program and update it on a regular basis.
4 - Rid your
computer of spyware and other unwanted software.
www.tartoos.com
After securing
your computer, the following section, Securing your network, will
help you protect your home network. You might not realize that you even
have a home network, but if you use a wireless connection to access the
Internet, or if you have two or more computers that all share your
Internet connection, you do. Securing your network is just as important as
protecting each individual computer.
Securing your
network
Securing each PC
on a network is a great first start, but it’s also a lot like locking the
doors inside your house while leaving the front door open. If you don't
lock the front door, strangers can still come inside and wander around.
"Locking the front door" is what network security is all about. Different
types of spam, viruses, and even the chance that a next-door neighbor
could be using your Internet connection for free, are all real reasons why
everyone needs to take action.www.tartoos.com
The risks of not
securing your network are different than not securing your computer. For
example, if you're using wireless networking, anyone in range of your
network might be able to see what Internet sites you visit and the
contents of files you share between your own computers. They could even
use your Internet connection without your knowledge. This article includes
information about how to help protect your network:
* Using a broadband router to
share your Internet connection.
* Enabling Wired
Equivalent Privacy (WEP) on your wireless network
Use a broadband
router
There are many different ways that the
computers in your home can be connected, some of which are better than
others. If you're sharing your high-speed Internet connection with
multiple computers, then you may need to add a device called a broadband
router (also known as a residential gateway or an Internet gateway device
[IGD]). You should also use a software firewall.
Tip If
you're running Windows XP Service Pack 2 (SP2), your Windows firewall is
turned on by default.
Take a moment
and draw out or picture how all the computers you have are connected
together and to the Internet. Then, compare your drawing to the diagram
below.www.tartoos.com
When looking at
the diagram, keep in mind that the solid lines connected to the left side
of the ? could be either wired or wireless connections. The line
connected to the right side is a wired connection. The ? could
represent many things. It could be a network hub that all your computers
and your broadband modem connect to. It could be a computer running
Windows and Internet Connection Sharing connected to a hub on one side and
a broadband or analog modem on the other. It could even be a wireless
access point or broadband router, or it may be that all of your computers
connect directly to your broadband modem.
If you're not
sure whether you have a hub or a broadband router, check the packaging or
user guide that came with the device. If you've ever configured the device
using a Web browser, then you have a broadband router.www.tartoos.com
You may already
be protected
Many networking
devices include built-in protection. As long as you have a firewall
installed on each of your computers connected to the network, the
additional protection included in the device should be enough to keep your
home network safe.
If all of your
computers connect directly to your broadband modem, check with your
Internet service provider (ISP) to determine if your modem has built-in
protection to keep your computers safe. If it does, then you won't need to
worry. Likewise, if you have a broadband router, or are using a wireless
access point to connect your broadband modem to your network, you also do
not need to worry as long as those devices are configured to act as a
Network Address Translator (NAT). Most routers are configured as NAT, but
check your user guide to make sure.
If you're using
a computer with Windows and Internet Connection Sharing, a network hub, or
if your broadband modem does not have a built-in firewall, then you should
read on.www.tartoos.com
What to do if
you’re not protected
If you're using
a computer running Windows with Internet Connection Sharing in the place
of the question mark in the diagram above, that computer must have a
firewall. Windows has included Internet Connection Sharing since Windows
98. However, if you do not have Windows XP, then you do not have the
built-in firewall. In that case, you should consider upgrading the
computer running Internet Connection Sharing to Windows XP, installing a
firewall on it, or replacing it with a broadband router. If you already
have Windows XP, then make sure that you have the Internet Connection
Firewall enabled on the Internet connection.www.tartoos.com
If you have a
network hub, or if all your computers are connected to a broadband modem
without a built-in firewall, you should consider getting a broadband
router or using one of your existing computers (with a firewall) and
Internet Connection Sharing to share your connection. You may not think of
things like an Xbox® video game system, a TiVo, or other similar devices
as computers, but they are. If you have any of these computers in disguise
connected to your network, it is even more critical that you protect your
network. Since you cannot install a firewall on these devices, they are
directly exposed to attack from the Internet, unless you protect them with
either a broadband router or a Windows computer with a firewall running
Internet Connection Sharing.
www.tartoos.com
Enable wired
equivalent privacy protection
If you have a
wireless network, you'll need to take an additional security step when you
first set up your wireless access point. Wireless networks are protected
by something called Wired Equivalent Privacy (WEP) encryption. There are
two steps to enabling WEP: configuring the wireless access point and
configuring the wireless network adapter.www.tartoos.com
* Configuring
the wireless access point
The wireless access point is the device that's probably connected to your
cable or DSL modem, if you have one. Instructions for configuration will
vary slightly for wireless access points from different manufacturers.
When you
configure the wireless access point, you will probably need to know the
maximum length of the WEP key that each of your wireless network adapters
and your wireless access point can support. Use the longest key that is
supported by all of your wireless equipment. The user guide or Web site
for each product will have that information.www.tartoos.com
* Configuring
the wireless network adapter
The wireless network adapter is either something that you plug into your
computer, or something that is built-in to your computer. If you have an
older wireless network adapter, however, you will need to check with the
manufacturer to find out which WEP key lengths it supports (40-bit or
128-bit), for use when you configure your wireless access point.www.tartoos.com
Since all
wireless access points are different, check the manual that came with your
hardware to learn how to configure WEP and how to set up your WEP
password.
Resolving common
issues
The purpose of a firewall is to block
communications that you don't want from other computers. Unfortunately,
sometimes it will block communications that you do want. This section will
help you sort out common issues you might have after you've secured your
network. You need to take these specific actions only if you are having a
problem. Add this article to your Favorites, and if you have trouble at a
later time you can always come back.www.tartoos.com
To troubleshoot
firewall issues, you need to know about ports, because they will be
mentioned frequently below. Ports are numbers that a program on one
computer uses to identify a program on another computer when it is trying
to communicate. Think of it as a post office. Your computer is the big
wall with all the numbered mailbox doors, and each port is an individual
mailbox. A firewall is similar to a lock on all the doors, so that nothing
can get through unless you allow it.
Problem: Some
programs may not work properly after enabling a firewallwww.tartoos.com
Solution:
Some games, instant messaging applications, and other programs programs
must connect to other computers in order to work properly. This article
also tells you how to open ports using Internet Connection Firewall. The
ports will remain the same no matter which firewall you're using, but the
configuration steps may vary.
In addition to
opening the ports on the computer running the application, you'll also
need to do the same for the broadband router, the wireless access point,
or the computer running Internet Connection Sharing. The only difference
is that you will also need to specify which computer is running the
application in addition to the port number.
Some products
let you use the name of the computer while others require the Internet
Protocol (IP) address. The instructions for your particular product will
tell you what you need and how to find it. If you're using Internet
Connection Sharing, you open the port like you would using the Internet
Connection Firewall, except you also put the name of the computer running
the application in the text box labeled Name or IP address.
Problem: File
sharing no longer works after following the stepswww.tartoos.com
Solution:
On each computer that contains the files you want to share, you'll need to
open the following ports.
* UDP ports:
137, 138, and 445
* TCP ports: 139
and 445
You do not,
however, need to open these ports on the connection you are sharing with
Internet Connection Sharing, or on your broadband router or wireless
access point.
Problem: Instant
messaging programs cannot transfer files www.tartoos.com
Solution:
Some instant messaging programs do not always use the same ports for file
transfers by default. Fortunately, many of them can be configured to do
so. The help file for the specific program you are using will provide the
detail you need to make the setting. Next, pick a range of 10 numbers
between 50000 and 60000 and configure the instant messaging program to
always use those ports. Finally, configure the firewall on your computer
and the device that connects your network to the Internet (the broadband
router, the wireless access point, or the Internet Connection Sharing
computer) with those ports as well.www.tartoos.com
Tips
* If you use a
different 10 ports for each program on each computer on your network, then
there will not be any conflicts with file sharing.
* If you need
more than 10 file transfers at any one time with a particular application,
and that application supports it, then you will need to open more than 10
ports. Likewise, if you need less, then open fewer ports.
More help
If you need more information or extra assistance
securing your home network, contact Microsoft Product Support, or use the
Microsoft Community Newsgroups. For more information on both options,
please see
http://support.microsoft.com/.
|
مدرسة
الكمبيوتر 