Thinking about setting up your home network or getting your computer connected to the internet? Keep a few things in mind:
• Use a firewall – Network administrators would never, ever let a computer be connected to the internet (or a network to the internet) without firewall to protect the computers from the outside world. You shouldn’t either. Except for extremely rare circumstances where troubleshooting is involved, your computers and home network must never be connected to the internet without at least one firewall. More is better. Good basic choices in firewalls are the generic firewalls that come with Windows XP or Mac OS-X. Also, the firewalls that are available on the D-Link series of routers are relatively good because they don’t need to be supervised by you, the user, to tell them how to work. If you’re considering a software firewall solution by Norton, McAfee, BlackICE, and others, be prepared to hit the books.
• Never use wireless when you can use wires – If you can–as in if you are “legally permitted to do so”–if you can use a wire, then use one. Wireless is not a substitute for laziness. Wireless has risks. Wireless works on radio transmission signals and anybody with a computer with a wireless network card can pick up those signals from farther away than you think. Most consumer wireless connections are good from 50 to 300 feet away. Some can be picked up miles away. Wired connections are far more difficult to tap, track, or access from a distance. If you happen to live in an apartment or in an environment where wires will simply pose a safety risk, then consider wireless–but not without a complete understanding of how it works.
• Never use a default configuration – This applies to usernames, passwords, and settings. When it comes from the factory, it’s a blank slate. It’s up to you to change it to fit your needs. If you’re using the default usernames and passwords to protect your network, then you’re not protecting your network. Instead, you’re announcing to everyone that you aren’t interested in security.
• If it can have a password, use one – Use a password. Use multiple passwords. Also, don’t ever use the same password for everything. Write them down if you need to, but put them in a safe place. Please note that a safe place is not written on the inside cover of your dayplanner, which you store in the same bag as your notebook computer. A safe place is a locked safe. By the way, all of the following are not good choices for passwords:
• Any word that can be found in a dictionary
• Any string of numbers, especially a social security number
• A birthdate
• A name of a family member
• Never use a default password – Just because it has a password, it’s safe, right? Nope. Everybody already knows the default passwords. Change it to something that nobody else could guess.
• Use a MAC filter – MAC or Machine Address Code is a key that almost uniquely identifies each computer in the world. MAC addresses are assigned to the network cards of every computer on a network. Using a MAC filter means that you must specifically permit each individual computer to access your network resources. If their computer doesn’t have a matching MAC address, they don’t get in. Simple.
• Hide your SSID – The SSID is the Service Set Identifier–it’s a name that identifies your wireless access point in the world. The purpose of the SSID broadcast is to let other computers know that there is a wireless access point nearby. It works like this:
• A computer with a wireless card says to the world, “Are there any access points out there that I can connect to?”
• Every access point that hears that, except those that have been told not to, says, “Yes! I’m [SSID Name] and you need [Credentials] to connect to me.”
By “Credentials” it usually is “No Credentials, C’mon in” or “A really long encryption key”. Turning off the ability for your access point to announce its presence will mean that when somebody’s computer asks for access points, yours will keep its little digital mouth shut. Out of sight, out of mind. This is not perfect–some computers will pick up even the hidden access points because of all of the radio waves bouncing around in an area.
• Turn off things you don’t need – Modern operating systems are great. They have lots of features. But how many of those features do you really, really need? How many people need to be running a web server on their personal computers? FTP? On a Unix box, do you really need to be running all of those services? Turn on only the features that you actually need–and that you use regularly. Every time you have a feature turned on, it’s another risk. Minimize your risk.
If this seems like a lot of work, it’s because it is. It takes years of hard work, dedication, and determination to be able to handle all of the variables that go into building and maintaining networks–most of that, the users hardly ever see.
So, the next time a PC technician tells you that it’ll cost $85 per hour and might require eight or more hours to repair the damage that a virus or trojan has done to your computer, try to understand that it’s not simply a matter of “deleting the file”, but also a matter of finding the cause, the damage, and a plan for prevention.