Internet has becoming our daily chores - from basic activities like using e-mail, social networking sites, instant messaging, to more serious tasks such as banking, investment, and shopping.
We are using internet at school, office, and home. With cheaper unlimited broadband connection plan available in most developed countries, no access restriction, and latest wireless devices and LAN technology - people are spending more time connecting from home.
Cheaper unlimited broadband has becoming reality in country like Singapore. With less than SGD 20 (USD 13) per month, we could have 1Mbps unlimited broadband connection at home. Let's be honest - for those who is working for corporates - how much time you spend on non-business related internet activities at the office including checking personal e-mail, Facebook, and doing instant messaging with your friends? Even though it is not bandwidth issue anymore - with nowadays high speed connection. It is more about reduced productivity time of employees that forced the management to apply internet access restriction to certain sites - from office network.
Majority of home with broadband connection now has wireless router and wireless computer(s) and other device(s) to access the internet thru the wireless home network. Suddenly everybody in the house now has internet connection - dad needs access to internet banking services, mom wants to keep in touch with friends thru the social networking sites, and kids needs to do their home work thru e-learning sites.
Home Network Security Concept
While internet makes our lives much easier and convenient - e.g. less trip to banks and efficient communications - it has its own issues. Security is at the top of those issues. Identity thief and fraud due to spyware, data loss and corruption due to computer virus, sex predator uses instant messaging to prey innocent children, and the list goes on - your screen will be filled up with them.
At the office or school - they are IT professionals being paid to pay attention on these IT security issues. Back at home - whether you like it or not - you have to become the 'IT security' to safe guard your family from the 'dark force' of the internet.
The question is how we could secure our home network - since not everybody has degree on IT or network engineering?
First - imagine that your home network is your own house. Your home router is the house perimeter. Your computers are the room inside the house. Your data is the people who is living in the house that need to be safe guard.
As your house needs door(s) to allow people go in and out the house - your router needs 'port(s)' to let the data go in and out the home network. There are hundreds of logical ports used by router to communicate. As the real doors in the house - we need to control when the port(s) need to be opened and closed. While you use lock and bolt to secure the door - router use firewall setting to lock the ports. There is similar concept in the devices. It also has logical ports to communicate with external world and firewall to help you to secure the logical ports.
As you do not want people from outside to go inside the house and steal your belongings. You should ensure that your home network is as secure as possible.
Securing the router
Router is the most important part of home network. It control the data traffic and filter who could go in and out the home network. There many brands and models of routers in the market. Some models are integrated with modem and some are stand alone router. Some are wired and others are wireless. Wireless router is probably the most popular choice for home network since it offers flexibility and economically more sensible than wiring the whole house with Ethernet cables. There are two aspects in securing a wireless router, i.e. the wireless and the router's WAN ports aspects. Securing the wireless router is protecting the perimeter from unwanted access within the range of the wireless network. The latest wireless router typically will support different type of access control, including WEP, WPA & WPA2. The most commonly used wireless security for home network is WEP (Wireless Equivalent Privacy). The WEP uses encrypted shared key. Without wireless security - anyone within the range of your broadband will be able to gain access to your home network - and might do some damage. Securing router's WAN port is protecting the perimeter from the rest of the internet. Most router has firewall features including MAC Filtering, Website Filtering, Network Address Translation (NAT) and Stateful Packet Inspection (SPI). The last but not the least - change the router's Administrator password and the SSID. DO NOT use the default SSID and password as they are written on the router manual. Guess what - some people knows and exploit that!
Securing the devices
Securing the perimeter alone is not enough. When you bring your laptop and connect to internet using free hotspot (e.g. aiport or malls) your laptop will be exposed to the internet. Similarly - if you use your computer to access some 'uncertified websites which may inject spyware, virus, or trojan into your computer without you realizing it. That is why we need to secure the devices.
Common devices in the house including - home computer, laptop, network printer, network storage, IP Camera, and smart phone.
For home computer and laptop - securing the device means you have to:
- Install the latest Service Pack and Windows Update.
- Install and configure Anti Virus and Firewall software, valid subscription, and latest definitions including the Anti Virus.
- Use strong password for all Admin and Users login.
- Create limited privilage user login for your kid(s), and
- Enable Parental Control function of your operating system and Firewall software. This will allow parent to monitor and control which sites visited by the kids, when is the suitable time for using the computer, what type of game they could play, and soon.
For network attached storage and IP Camera - securing the device means you have to:
- Install latest firmware
- Use strong password for all Admin and Users login.
- Configure the Access Control properly. This means determine who could access what. For example - create common share folder when all the kids friendly content or multimedia file are located, and
- Always refer to your device documentation to ensure the security features are enabled.
Real Life Example
The following is one example of home network which comprises of:
- multiple home PCs - with multiple login IDs for everyone in the house who need to use the computer,
- multiple (office) laptops,
- multiple network attach storage (NAS) that could hold up to 5TB data - for both data sharing and backup purpose,
- multiple smart phones with wireless internet capability,
- a multi-function printer - that could be accessed by all computers in the house,
- multiple IP cameras for home monitoring system with features such as remote internet access (e.g. from office) and recording to NAS (for future reference),
- multiple powerline Ethernet adapters to established LAN connection over powerline,
- home media player and recorder device connected to the LAN to access media files, incl. video, photo, and music library stored on the NAS,
- an ADSL2 modem for establishing internet connection,
- a wireless router as main gateway between internet and home network,
- a Gigabit switch for allowing high speed LAN connection (up to 1000 Mbps) for bandwidth hungry data sharing - such as multimedia files,
- a USB network hub for enabling USB device like printer to be accessible by any device connected to the home network.
(Click the diagram to zoom in) Home network has becoming basic requirement in the house. It become the center nerve of your security monitoring, entertainment, and productivity solution. As more people in the house are using and relying on home network - it is wise to put extra attention to make it secured.
As you always checking and locking your house's doors and windows regularly. You should also check and ensure your router and devices are properly secured.
Some useful links: |