Southern Iowa's Leading Office Outfitters

                                    • Home • Up • News • Services • Downloads • Tech Tips •

Protect your Home Network

 

Home
Up
Protect your PC
Security Alerts
What's New
Service Call
Promotions
F.A.Q
Terms of Sale
Contact Us
About Baileys
Contents

 

Protecting Your Home Network

Published: September 10, 2003
By Matt DuBois
 
**
Related Links
Protect your PC
Automatically Check Firewall and Update Settings
Microsoft Support Options
**

In the past, only big corporations and governments had to worry about network security, and the biggest issue facing a home user would be an e-mail virus now and then, which could be remedied with any number of anti-virus programs. The new breed of viruses and worms that can infect your computer when you connect to the Internet, or that can allow malicious hackers to use your computer in other attacks, is quickly changing this, however.

There are many reasons now why everyone with a home network needs to worry about network security. If you have only a single PC, or if your PCs are not connected, don't put this guide down yet. There is lots of valuable information here for helping keep your computer, and your information, safe.

Securing each PC on a network is a great first start, but is a lot like locking the doors inside your house while leaving the front door open. If you don't lock the front door, strangers can still come inside and wander around. "Locking the front door" is what network security is all about. In fact, good network security could have prevented many of the recent viruses and worms. This, on top of a rising tidal wave of different types of spam, viruses, and even the chance that a next-door neighbor could be using your Internet connection for free, are all real reasons why everyone needs to take action.

Fortunately, this is not as difficult as it used to be. This article provides a guide to the different areas that you should think about, gives you links to more detailed articles that will help you with the details, and helps you find more assistance should you need it.

Section 1—Securing Your Computer

The first thing you need to do to keep your computers safe is to secure each of them. You should do all of the following items on each computer to help keep it safe:

Install a firewall.
Make sure each computer has all of the critical updates from Windows Update installed and is configured to use Automatic Updates (if available on your version of Windows).
Install an anti-virus program and update the signatures on a regular basis.

After securing your computer, the following section, Securing Your Network, will help you protect your home network. You might not realize that you even have a home network, but if you use a wireless connection to access the Internet, or if you have two or more computers that all share your Internet connection, you do. Securing your network is just as important as protecting each individual computer.

Note In its ongoing effort to help customers stay safe, Microsoft has recently changed its advice regarding firewalls. A firewall should be active on every computer. Some of the articles mentioned in this guide may not have been updated yet to reflect this advice, due to the tremendous amount of information on the Microsoft Web site. So, if you see a statement indicating that firewalls should not be activated on every home computer, please disregard it.

 

Section 2—Securing Your Network

The risks of not securing your network are different than not securing your computer. For example, if you are using wireless networking, anyone in range of your network might be able to see what Internet sites you visit and the contents of files you share between your own computers. They could even use your Internet connection without your knowledge. This article includes information about how to help protect your network by:

Using a broadband router or a computer running Windows XP and Internet Connection Sharing to share your Internet connection.
Enabling Wired Equivalent Privacy (WEP) on your wireless network.
Changing your WEP key on a regular basis.
Running a Trojan detection/removal tool on each of your computers.

Use a Broadband Router or Windows XP with Internet Connection Sharing

There are many different ways that the computers in your home can be connected together, some of which are better than others. If you are sharing your Internet connection with multiple computers, then you may need to add a device called a broadband router (also known as a residential gateway or an Internet gateway device [IGD]). Or you may need to use a computer running Windows XP with the built-in Internet Connection Sharing and Internet Connection Firewall. Take a moment and draw out or picture how all the computers you have are connected together and to the Internet. Then, compare your drawing to the diagram below.

Network diagram

When looking at the diagram, keep in mind that the solid lines connected to the left side of the ? could be either wired or wireless connections. The line connected to the right side is a wired connection. The ? could represent many things. It could be a network hub that all your computers and your broadband modem connect to. It could be a computer running Windows and Internet Connection Sharing connected to a hub on one side and a broadband or analog modem on the other. It could even be a wireless access point or broadband router, or it may be that all of your computers connect directly to your broadband modem.

If you are not sure whether you have a hub or a broadband router, check the box or user guide that came with the device. If you have ever configured it using a Web browser, then you have a broadband router.

If all of your computers connect directly to your broadband modem, check with your Internet service provider (ISP) to determine if it has built-in protection to keep your computers safe. If it does, then you won't need to worry. Likewise, if you have a broadband router, or are using a wireless access point to connect your broadband modem to your network, you also do not need to worry as long as those devices are configured to act as a Network Address Translator (NAT) and are not in bridging mode. The user guide, or your ISP in the case of your broadband modem, can help you determine if this is the case. Also, be sure to read through the sections of this guide dealing with WEP if you are using a wireless access point.

If you are using a computer with Windows and Internet Connection Sharing, a network hub, or if your broadband modem does not have a built-in firewall, then you should read on.

Windows with Internet Connection Sharing
Windows has included Internet Connection Sharing since Windows 98. However, if you do not have Windows XP, then you do not have the Internet Connection Firewall. This is an important security feature to have, especially since this computer is directly connected to the Internet. In that case, you should consider upgrading the computer running Internet Connection Sharing to Windows XP, installing a firewall on it, or replacing it with a broadband router. If you already have Windows XP, then make sure that you have the Internet Connection Firewall enabled on the Internet connection.
Network Hub or Broadband Modem Without a Firewall
If you have a network hub, or if all your computers are connected to a broadband modem without a built-in firewall, then you should consider getting a broadband router or using one of your existing computers and Internet Connection Sharing to share your connection. To refer back to our earlier analogy of a home, your front door is wide open in this case. You may not think of things like an Xbox video game system, a TiVo, or other similar devices as computers, but they are. If you have any of these computers in disguise connected to your network, it is even more critical that you protect your network. To go back again to our analogy, these devices are like rooms in your home that have no doors, since you cannot install a firewall on them. So, they are directly exposed to attack from the Internet, unless you protect them with either a broadband router or a Windows computer running Internet Connection Sharing.

Enable Wired Equivalent Privacy protection

If you are using a wireless network, enabling WEP with the strongest key your equipment can support is one of the most important things you can do to protect your privacy and your computers. There are two steps to enabling WEP: configuring the wireless access point and configuring the wireless network adapter.

Configuring the Wireless Access Point
The wireless access point is the device that likely is connected to your cable or DSL modem, if you have one. Instructions for configuration will vary slightly for wireless access points from different manufacturers. For wireless access points from other manufacturers please read the user guide that came with your wireless access point, or visit the manufacturer's Web site for full instructions.
When you configure the wireless access point, you will need to know the maximum length of the WEP key that each of your wireless network adapters and your wireless access point can support. Use the longest key that is supported by all of your wireless equipment. The user guide or Web site for each product will have that information.
Configuring the Wireless Network Adapter
The wireless network adapter is either something that you plug into your computer, or something that is built-in to your computer. If you have an older wireless network adapter, however, you will need to check with the manufacturer to find out which WEP key lengths it supports (40-bit or 128-bit), for use when you configure your wireless access point.
 

Change Your WEP Key

When you initially set up WEP, one of the things you must configure is something called a WEP key. This key is used to help keep your data safe and your network private. Unlike the key to your house, though, strangers can get a copy of it if they watch your wireless network long enough. Therefore, it is important to change it on a regular basis.

Depending on how much you use your wireless network and the length of your WEP key, you may wish to change the key anywhere from once a week to once a month, especially if you live in an apartment, condominium, or town home. If you live in a single-family dwelling the need isn't quite as critical (since it is less likely that intruders will be able to find your network signal), but you should still update your WEP key on a regular basis..

Consider Running a Trojan Detection Program

A Trojan program is much like the Trojan horse from which it gets its name. It could be a program that claims to do one thing, but does something else, or it could be a program you don't even know is on your computer. Trojans and another class of program called Spyware can do many things, including reporting your passwords and other information back to the program's author, or even allowing someone else to take control of your computer. Antivirus programs can detect some Trojans, but not others. The good news is that there are several programs available to help you detect and remove these threats to the privacy and the security of your home network.

Section 3—Resolving Common Issues

As you've learned so far, the purpose of a firewall is to block communications from other computers. Unfortunately, sometimes it will block communications that you want. This section will help you sort out common issues you might have. You need to take these specific actions only if you are having a problem. Add this article to your Favorites, and if you have trouble at a later time you can always come back.

To troubleshoot firewall issues, you need to know about ports, because they will be mentioned frequently below. Ports are numbers that a program on one computer uses to identify a program on another computer when it is trying to communicate. Think of it as a post office. Your computer is the big wall with all the numbered mailbox doors, and each port is an individual mailbox. A firewall is similar to a lock on all the doors, so that nothing can get through unless you allow it.

Problem: Some programs may not work properly after enabling a firewall

Solution: Some programs rely on other computers being able to connect to them to function properly. These programs include some games, instant messaging applications, and others. The How to Open Ports in the Windows XP Internet Connection Firewall article lists some common applications that Microsoft is aware of. It will tell you which ports you need to open and provides instruction on how to do so with the Internet Connection Firewall. The ports will remain the same no matter which firewall you are using, although configuration steps may vary.

In addition to opening the ports on the computer running the application, you will also need to do the same for the broadband router, the wireless access point, or the computer running Internet Connection Sharing. The only difference is that you will also need to specify which computer is running the application in addition to just the port number.

Some products let you use the name of the computer while others require the Internet Protocol (IP) address. The instructions for your particular product will tell you what you need and how to find it. If you are using Internet Connection Sharing, you open the port exactly the same way as you do on computers with just the Internet Connection Firewall, except you also put the name of the computer running the application in the text box labeled Name or IP address.

Problem: File sharing no longer works after following the steps

Solution: On each computer from which you want to share files, you will need to open the following ports.

UDP ports: 137, 138, and 445
TCP ports: 139 and 445

You do not, however, need to open these ports on the connection you are sharing with Internet Connection Sharing, or on your broadband router or wireless access point.

For more information, see How to Open Ports in Windows XP Internet Connection Firewall.

Problem: Instant messaging programs cannot transfer files

Solution: Some instant messaging programs do not always use the same ports for file transfers by default. Fortunately, many of them can be configured to do so. The help for the specific program you are using will provide the detail you need to make the setting. Next, pick a range of 10 numbers between 50000 and 60000 and configure the instant messaging program to always use those ports. Finally, configure the firewall on your computer and the device that connects your network to the Internet (the broadband router, the wireless access point, or the Internet Connection Sharing computer) with those ports as well.

Tips

If you use a different 10 ports for each program on each computer on your network, then there will not be any conflicts with file sharing.

If you need more than 10 file transfers at any one time with a particular application, and that application supports it, then you will need to open more than 10 ports. Likewise, if you need less, then open fewer ports.

 

More Help

If you need more information or some extra assistance with securing your home network, you have several options for help. You can contact Microsoft Product Support, or use the Microsoft Community Newsgroups. For more information on both options, please see http://support.microsoft.com/.

Acknowledgements

Dalen Abraham, Group Program Manager, Microsoft Corporation
Reena Agarwal, Test Manager, Microsoft Corporation
Mei Chan, Software Test Engineer, Microsoft Corporation
Aaron Cunningham, Program Manager, Microsoft Corporation
Joseph Davies, Program Manager, Microsoft Corporation
Scott Harang, Test Lead, Microsoft Corporation
Erik Johnson, Software Test Engineer, Microsoft Corporation
Tony Romano, Product Unit Manager, Microsoft Corporation

 

Back ] Home ] Up ] Next ]

Send mail to Webmaster with questions or comments about this web site.
Copyright © 2006 Bailey Office Equipment
Last modified: 09/21/06