In this section we will cover some Internet safety tips for home network security. This may come as a surprise to some, but no network is completely secure. But there are things you can do to reduce your vulnerability.
My wife and I recently had our credit card information stolen. The thief was using our card number to purchase postage online. He would then print the postage and mail people scam letters (using our full name and return address). Basically, we were funding his scam and he was making us look like the bad guys. He racked up $764 in postage charges. He got our card number from an online transaction my wife made 60 days earlier.
You’re not dealing with ignorant, simple-minded individuals. These days, theives are college educated computer scientists and network engineers who get a “high” from doing this stuff.
According to the U.S. Federal Trade Commission (FTC), one in ten people become a victim. And 20% of fraud cases use your information to open multiple new accounts. In 2012, over 11 Million people were victims in the U.S. alone.
I’m a computer enthusiast and network security fanatic. My wife is an identity theft expert in charge of training financial institutions on the subject of fraud. Don’t think it will never happen to you.
Network Security Overview
Threats and vulnerabilities can be found at a number of levels. Some things happen at the “Internet” level. Some happen at the “network” level. And some happen at the “hardware” level.
At the Internet level, you must protect against viruses and malware from entering your system through everyday use such as browsing the Internet, downloading files, and sending/receiving email. At the network level you must control user access and prevent unauthorized devices from connecting to your LAN. If your malware software does not detect a threat or a hacker gains access to your wireless network, you can still decrease vulnerability at the “hardware” level.
Due to the various ways at which these attacks take place, it’s best to be proactive in as many areas as possible. The idea is to reduce the number of vulnerabilities while keeping your network functional, and convenient to use.
The following are typical security points for residential home networks:
- The operating system
- Software applications
- Routers and Access points
- Wireless broadcast
- Weak Passwords
- Weak Encryption
- Firewall and port forwarding rules
- Website and Internet usage
The Operating System
Use a strong, secure password for your computer. Keep your Internet browsers and anti-virus definitions updated. If you are using Windows, you can download a free anti-virus utility called “Microsoft Security Essentials” (MSE). I also recommend using anti-keylogger software to prevent attackers from logging your keystrokes. There are many to choose from but the most reputable are:
Be very careful what software applications you download, especially from freeware and torrent sites. These places are notorious for malware infected files. Whenever possible, perform a complete backup of your system before downloading software from questionable resources. If you are using Windows 7, take advantage of the disk imaging utility and backup a complete image of your hard drive.
Control panel > System and Security > Backup and Restore> Create System Image.
There are a number of 3rd party imaging utilities available but only a couple of them are reputable enough to mention here:
Routers and Access Points
These days, there are software utilities that can crack weak encryption in a matter of minutes. Never use WEP encryption. The attacker can also flood the RF (radio frequency) spectrum of the wireless router in what is called a DoS (Denial of Service) attack. When a legitimate user attempts to connect or transmit packets to/from the router, the router becomes “too busy” to respond and denies service.
This is why strong wireless encryption and strong passwords are so important. Use WPA2+AES encryption whenever possible. You can also decrease vulnerability by configuring a MAC address filter to reject connections from devices not listed in the MAC address filter. A MAC filter is not bulletproof either, but it does add another challenge that the hacker will have to deal with.
Only broadcast wireless signal where necessary. If you’re configuring a point-to-point wireless bridge, use directional antennas to keep the E-Plane and H-Plane focused in a narrow path. Remember, obscurity is not the objective. Security is. Then again, people don’t bother wireless signals they can’t see.
Firewall and Port Forwarding Rules
Port forwarding rules create holes in your firewall. A perpetrator using a “port sniffer” can scan your network and see which ports are open. If you don’t need a port opened, close it. If you do need it, but only periodically, consider using a port trigger that can be activated from inside of your network. Remember, port triggers can only be activated from within your LAN.
If you need access to your network from the WAN side, you’ll need to configure port forwarding rules to allow traffic through the router’s firewall. If you’re unclear on how to do this, review the chapter “Configure Port Forwarding” to learn how.
Website and Internet Usage
When you create an account on a website, you have no idea how strong (or fragile) their web server security is. Therefore, your email account is added to a database for that website, blog, forum, etc. If the website gets hacked and the perpetrator exploits the database, your email address and password goes with it. Don’t use the same passwords on multiple sites. Try not to participate in email forwarding and be weary of emails asking you to update your profile. If you’re not certain, DO NOT click the link in the email. You’re better off to close the email and open a new browser window, then navigate to the site by typing the web address directly into your browser.
These sites cultivate a lot of information including your public IP address, your Internet browser version, and a host of other details about your location and your system. Clear your Internet browsing history and cache often. Leave behind only the most important browser cookies to sites you visit often. This process depends on the browser you’re using:
Never use debit cards online! Never, never, never use your debit card for e-commerce transactions! If you do, the bank may not return your money. Always use a real credit card. Or, get a pre-paid credit card and load it with the necessary funds to handle the transaction. This way, the damage is limited to what is on the card, not in your bank account!
Thankfully, my wife used a credit card and not our debit card. If she had used a debit card, the funds would not have been returned and we would have been responsible for paying the bill. Later, we discovered that she may have failed to check the SSL certificate for the merchant with whom she ordered from.
Check the SSL certificate:
Your Internet browser uses the ‘http’ protocol. This stands for Hyper Text Transfer Protocol. When you see ‘https’ that means the connection is secured with a Secure Socket Layer (SSL).
SSL creates a secure, encrypted connection between your computer and the computer that you are connecting to. SSL encrypts the communication by scrambling the data during transmission to prevent someone from accessing or intercepting data. The SSL certificate is what verifies that the connection is in fact, encrypted and secure.
Just because it’s secure, doesn’t mean it is safe to buy. When shopping online, always double-check the domain name. For example, be sure you’re ordering from www.ebay.com, and NOT www.eebay.com, or www.ebaay.com. Look carefully.
Some websites only use “https” protocol on pages that process transactions or where users can enter personal information. Other websites, such as our website for example, use “https” on all pages to ensure that customers AND visitors enjoy secure browsing on the entire site.