Friday, 25 March 2016

5 Ways To Improve Network Security

5 Ways To Improve Network Security

Give yourself the best chance of keeping your network secure and private

Network security is more important than it has ever been, but since wireless routers now come with a level of security set up by default, many people are less aware than ever of the security issues they face, and what can be done to improve and manage network security in general.

That’s why, to help anyone wondering what they can do about their own network security, we’ve put together this list of 5 things you can do to improve it without making any major changes to your setup or hardware.


1 Keep An Eye On Your Network Device List


Most modern routers give you the ability to see and manage a list of all devices that are connected to your network. Properly managing this list will allow you to see if and when something unexpected has hitched a ride on your wireless connection.

These device lists mostly work by reading the MAC address of a piece of hardware, so any entries are tied to the specific piece of equipment regardless of its IP address. You can generally assign names (and sometimes a hardware class) to each entry, so whenever you connect a new device take a moment to add it to the list and properly identify it. Not only will this help with troubleshooting, it’ll mean as soon as you see a device that isn’t identified you’ll be able to tell that it’s unauthorised – or at the very least, new.

Just having a device list doesn’t make your network more secure in itself, since there are no access restrictions based on it (at least, not by default) – but it does give you the ability to monitor the status of your network more closely, and that can only be a good thing for its security. MAC address filtering is an option, but easily spoofed by anyone making a serious attempt at unauthorised access – it’s better to keep your own eye on what’s connected rather than assume the router can block it for you.

2 Change The Default Administrator Login Details


Most of us never bother to change the login credentials on our router’s administrator account, assuming that the wireless network key will keep potential snoopers out – but this is a bad idea. If someone manages to connect to your network by some back-door method, such as through malware on your desktop PC, they might be able to gain access to your router’s administration area.

Lists of default admin logins aren’t difficult to come by online. Indeed, most manufacturers list them on their websites in case people customers their hardware but don’t have a manual. If you know the router’s model number the full login details are probably just a Google search away. That’s why it’s a good idea to immediately change the admin password to something secure as soon as you can.

The standard rules for a secure password all apply – make it long, ideally unguessable (so no dictionary words) and use a mixture of upper case, lower case and numbers. Any change is better than no change, and it means that even if someone manages to connect to your network without your approval, there’s another layer of security for them to crack before they can open your network up in any serious way.

3 Don’t Use The DMZ Server


If you experience connection issues that might be caused by a firewall, it’s often tempting to set your system as the DMZ server for your network. The DMZ server is a reference to “demilitarised zones”, but what it means in practical circumstances is that the system is essentially outside the firewall. This can be a good thing for diagnosing problems that the firewall might be causing, but it’s only ever useful as a short-term solution.

That’s because if you leave a system as the DMZ server for any extended amount of time, it essentially becomes vulnerable to all of the online attacks that would previously have been filtered out by the router. If you install a software firewall there’s some ability to get rid of this type of traffic, but a router can do it far more reliably and comprehensively.

Essentially, using the DMZ is as bad as having no security, because it leaves one system open to attack, and that in itself creates a weak point that can cause trouble for the entire network. To create a completely secure network, you have to make sure the DMZ is only used temporarily if at all. Any permanent fixture on it is practically issuing an open invitation to hackers.

4 Turn Your Wi-fi Off If You’re Not Using It


While it would be inconvenient to switch your router on and off every time you stop using your network, that’s not what we’re talking about here. If you’re only using a cabled connection (i.e. Ethernet) then having a wireless access point is only going to give hackers the opportunity to attack your network.

Turning off wi-fi is a trivial procedure – all you have to do is log into your router’s administration backend and click the relevant option, then reboot it. Reversing the process if you decide you need wi-fi at any point in the future is just as simple. Ethernet-only networks are far harder to break into than wi-fi ones just because of the sheer practicality that wi-fi offers potential attackers – after all, you don’t even need to be in a building to try making a connection to networks inside!

Make sure you don’t turn off wi-fi while you are using it, though – otherwise you’ll have to drag your computer and/or router somewhere so you can make a cabled Ethernet connection to switch it back on.

5 Change The Default Network Credentials


Your router probably has a sticker on the bottom that identifies its critical details, such as SSID and WPA key. Having access to this combination of information is necessary for anyone wanting to connect to your network – but the fact that it’s easily obtained from the router also makes it fundamentally insecure, especially if you’re running a network in a public location such as a café or other small business with a lot of traffic.

Knowing the SSID of a router can also give attackers ways to learn other things about you, such as the ISP you use, so changing it is a good idea under any circumstance. Make sure you don’t change it to anything that connects you to your address or online identity – keep it nice and generic so no one can be sure whether it’s even yours without personal assurance from you.

Similarly, changing the WPA key will ensure that no one can steal that by looking at the router. Many devices can connect to a network using the one-touch WPS (wi-fi Protected Setup) system (which is normally just a button you push on your router to connect new devices) so it’s not even as if you have to enter the WPA key a lot. Just make sure you don’t lose it, otherwise you’ll have to do a factory reset to get it back!