homes having multiple computers, home networks are increasingly
Many of the cybersafety issues for home networks are the same as for
computers, but there are also some twists.
to discuss how to set up a home network; if you're running
(aka Win9x), you might find my
tutorial on the subject useful. Windows NT and 2000 are
but aren't used that often by home users. (One hint-- if you're trying
to connect Win9x systems to access files or printers shared on a WinNT
or 2000 system, you need to set up your Win9x systems to log in using
Login for Windows Networks, rather than the simpler Windows Login. And
the user name you use for that login will need to be a valid user on
WinNT/2000 system as well). WinXP (both Home and Pro) has a usable
Setup Wizard; open My Network Places, and you'll see the Set Up a Home
or Small Office Network link on the left.
tasks of sharing files and printers, most people
up a home network want to share a single Internet connection amongst
computers. This is typically done in one of two ways:
-- having one
to the Internet, either using a standard dialup connection or a
(cable or DSL) connection, then letting that computer act as what's
as a proxy
server or gateway,
sharing its Internet connection with the other computers on the
Starting with Win98SE (Second Edition), Microsoft has included Internet
Connection Sharing software to make this reasonably easy
It's seems magical to open Internet Explorer on one computer and hear a
modem in another computer start to dial out in response. Of course, it
works much better with an always-connected broadband connection.
computers to a
router, and using the router to connect to the Internet. Most often,
is done with a broadband connection, though some router models can be
to a dial-up line. Traditionally, the computers connect to the router
standard Ethernet cables and adapters, though wireless (802.11)
are increasingly popular (and bring their own set of security issues).
Some wireless router models allow for wired Ethernet connections as
option-- using a router-- is the better choice. Some of the
-- the ICS model
server computer must be on for any other computers to have access. If
computer crashes or is just turned off, everyone else is cut off. By
only the router needs to be turned on for the computers on the network
to get Net access... and routers are generally simple, robast units
rarely crash. And if they do, they are quickly reset.
-- the computer
to the Net will have the best performance; other computers on the
will get slower Net access. When using a router, each connected system
gets an equal share of the available Internet bandwidth.
-- most routers
Firewall. This provides a layer of protection against hackers (though
against spam, spyware, or viruses) that is always working to shield the
computers on your network. (It may still be worthwhile to install a
firewall on each system on the network. See the Firewall
tutorial in this series).
sort-of combination of the two approaches; taking a spare
and set it up as a dedicated proxy server, perhaps using a secure
system such as Linux or BSD Unix. That can work fine, but takes more
knowledge and skills then this tutorial is prepared to teach).
for home (wired) networks: --
possible, use a
connect to the Internet. The router connects to your cable or DSL (or
modem, and the various computers on your network connect to the router.
Yes, if you are starting with a single computer that has a built-in or
USB broadband modem you may need to replace it with an external
modem with Ethernet connectors, but it will be worth it in the long-run.
router probably includes a hardware firewall, software firewalls on
each computer will provide a second level of protection, and will watch
outgoing signals, which are not monitored by the router. You still need
antivirus software; your firewall (either hardware or software) does
meet this need. Take the time to set up your firewall software,
what programs should have access to your internal network, and which
need access to the Internet.
website now and again (perhaps twice a year) for
updates to the router's firmware.
updates to its built-in operating system, released if bugs or
security flaws are found. Just like with your computers' operating
it's important to keep your router's firmware up to date. (Keep track
the version of the firmware you've just installed. I write it (along
the date) on the inside cover of my router's user manual).
sharing files and/or printers, password protect them (with a
password). Computers logged into your home network may store these
so you don't need to enter them each time, but they will provide
level of protection on your systems.
password used to log onto your router. After installing a
update, you may find that the password has been reset to the default;
prepared to change it again.
and passwords on your computers. Change the default
on your router and any default passwords already installed for the
account of your Win NT/2000/XP computer.
write down your password(s), don't leave them in a piece of paper on
top of your desk, in your desk drawer, or (worst of all!) on a sticky
stuck on your monitor. Don't ever give out a password over the phone,
if the caller claims to be a tech support person. The #1 cause of
problems are users who are careless with their passwords, not hackers
extraordinary computing powers.
-- (optionally) Windows
2000 or XP users may want to learn about turning off unneeded services.
Many of these are set up by Microsoft as part of these operating
running in the background, without your knowledge. If you don't
need them, they both waste system resources, reducing performance, and
carry a security risk. For instance, if you aren't actually sharing
files, you don't need a web server running. A website called Black
Viper has good information on what services are typically
in the background on these operating systems, what each does, and
they can be safely turned off by typical users. (It also explains how
do so). Start with the step-by-step guide (which also spells out
2000 users can go to: http://www.blkviper.com/WIN2K/servicecfg.htm,
WinXP equivalent is at: http://www.blkviper.com/WinXP/servicecfg.htm.
letting home users connect multiple computers without having to run
either through the walls or along the floor. As well, if you've got a
with a wireless connector (known as 'WiFi' or 802.11), you may be able
to connect to the Net in a growing number of 'hot spots' in hotels,
cafes, and more.
in the computers (built right into some models, such
notebooks built around Intel's Centrino).
to a wireless base station. Range varies with a number of
factors including the location of the base station, the arrangement of
its antennae, and the type of construction of the building. (Steel and
concrete reduce the range, while wood frame buildings are relatively
to the radio waves). Notebooks with built-in antennae generally get
wireless performance than models that use a smaller antenna built-into
a plug-in card. Even the material of a notebook computer's case can
performance. Apple's high-end G4 Titanium Powerbook, for instance, has
worse wireless range than the same company's much lower-priced
stations are supposed to have a range of about 300' (100m)
out of doors; in the real world, range varies. But that implies
antennae. Using specialized antennae on the transmitting base stations
and on the receiving computers, range can be improved dramatically. A
experiment suspended a wireless base station from a balloon, and got a
range of miles.
your signal may be able to be picked up by computers outside your
home network; neighbours, people in parked cars, maybe even people
away than you thought. Some people are using this in a positive way--
to create unofficial local neighbourhood networks sharing a broadband
for instance. Or setting up informal free public hotspots. (See for
the international 802.11
it may also mean people are tapping into your broadband
without your knowledge or consent, or tapping into the computers on
local area network.
is that to make it easier for home users to quickly get a
system up and running, most manufacturers have turned off their
security features by default. (Microsoft, to its credit, sets the
features of its Broadband Networking Wireless products on
should do everything that users of wired network should do (see
above). In addition:
base station's default Network Name (referred to in some
models as the SSID).
router includes the option to turn off SSID Broadcasting, do it... with
that turned off potential users will have to know your SSID name in
wireless encryption (referred to in some hardware models
for wireless encryption protocol). WEP isn't perfect; presumably, a
and skilled hacked could break the encryption within a couple of
but I would probably notice anyone sitting in a car outside my house in
that time). Note that turning on encryption will reduce performance, as
the computer and router both have the extra work of encoding and
all the packets of Internet information that pass through).
use WEP, you'll get a choice of 64Bit or 128Bit encryption. Pick the
more complex 128-bit encryption. You'll be asked to enter a
a piece of text that will be used to generate a long string in the mix
of standard numbers and letters known as hexadecimal numbers. Store
the passphrase and the hexadecimal key...
them to set up your computers. When each wireless computer
on your network tries to connect to your base station, you'll be asked
to enter either the passphrase or the more obscure key code. (Note that
if you're trying to connect a Mac to a Linksys base station (and
some other models as well), you'll need to enter first a '$' followed
the 26-digit key code). Luckily, you should only have to do this once!
this well-- when you install their Broadband
Wireless base station, you have the option of creating a floppy disk
stores the passphrase, and simplifies connecting at your various
Of course, that's only usable with Windows systems).
the ability to specify the MAC addresses of adapters allowed to
connect; every wireless (and wired) network adapter has a unique 'MAC
a sort of serial number. If you track down the MAC addresses of your
you can set your router to allow only those adapters to be part of your
wireless network. When you do that, however, and your friend drops by
her new wireless-enabled notebook, she won't be able to make it work
a DOS prompt, and typing: ipconfig
|more (note the '/' and '|' characters)
will give a
of information about your Internet Protocol configuration (hence the
including the MAC address-- in this case referred to as the 'Physical
It will look something like: 00-08-47-E8-10-97
changes afoot in the wireless area; better encryption protocols
be expected soon. When that happens, there may be firmware upgrades for
your wireless router, as well as operating system patches for Windows
well as the Mac OS, etc). Moreover, as this is written (spring 2003),
companies are selling models using offering faster 802.11g-style
connections. The problem is that the 802.11g standard is still in flux,
with an official standard being promised for summer-2003 (more or
When that happens, there will be firmware upgrades for virtually all
to bring the hardware up to spec, hopefully with improved security.
any router you buy has flashable firmware, enabling you to
security and performance fixes from the manufacturer.
website regularly; download and install the latest
firmware, and check the configuration options, changing default
and applying security options like encryption. Remember to reset these
each time you upgrade the firmware.
applies if you've got a home network!)
a router connected to an Internet device, log onto it and change
-- log onto your
website and check for firmware updates for your model. Download and
any. (Make sure you've got firmware specifically made for your model).
-- make sure any
or printers (any Windows version) are password-protected with
-- make sure you
written down in a visible or obvious location
-- check the
see if there are any public access points near you; if so, try and
-- if you have a
adapter, take it outside for a walk around your block; see how far you
can get a usable Internet connection from your base station
-- change the SID
Name) and turn
off SID Broadcasting
-- enable WEP
of your passphrase and key code
other links NakedWireless.ca:
http://www.nakedwireless.ca Naked is the perfect description of an
Securing your wireless network
Protecting 802.11b Wireless Networks
A word from
tutorial is part
of my Internet
Security series, accompanying CyberSafety,
Education course at BC's Capilano College. The entire series
CyberSafety course includes the following modules:
and wireless issues
Or cut to the chase with 7 Steps to Internet Security!