Real quick: The reason that you can’t rely on the Windows XP / Vista firewall is that it only inspects and blocks / allows traffic as it comes in to your computer. Your firewall software needs to inspect traffic both ways — when it enters your computer as well as when it leaves.
Let’s move on to the main topic of this post: How to better protect your home network using your DSL router. There are several things you can do if the options are available on your DSL router. Please note, however, that I won’t go into specific “how-to” steps because they will differ for each router, plus your willingness to “dig in” and actually make changes on your router may vary from person to person.
First things first, shall we? Change the default password to something that only you know. This is probably one of the biggest security issues facing a lot of home networks simply because these routers are shipped with a default password that’s the same on every single model of that router that is made (and in some cases, all routers that are made by a particular company)! This leaves a HUGE security hole open that is easily fixed.
Next, set up your router so that it is not accessible from the public Internet. If the option exists, set it up so that it can only be accessed by selected computers on your home network.
You should also use something called Network Address Translation, or NAT. Chances are good that this is already activated on your router without you even knowing it. Here’s how it works: Your router has what we’ll call a “public” Internet Protocol, or IP, address (more on IP addresses in the next paragraph). This IP address can be reached by any other device connected to the Internet. What NAT does is enable your home network to “share” this one IP address by giving each device on your home network an IP address that’s in what’s known as a private IP address range. When a computer using a private IP address needs to access the Internet, it contacts your router, which takes the traffic you generate, keeps track of which private IP address the traffic came from, then sends it out on the Internet using its public IP address. When it gets a reply, it looks for the corresponding entry in a table it keeps, then sends the reply to the proper IP address on your home network.
The main benefit of using NAT is that public IP addresses cannot directly access the private IP addresses on your home network. In effect, your router simply ignores a lot of garbage that would bang against your computer were it directly connected to the Internet. It improves your computer’s performance while shielding you from all kinds of computer security threats.
I also recommend that you turn off something called DHCP (Dynamic Host Control Protocol). This is a system that automatically assigns an IP address to your computer and other devices on your home network. Think of an IP address as a phone number. Each device connected to a network needs one and it has to be unique. It’s better if you turn off DHCP and learn how to go into Windows and set a permanent IP address for each computer and device on your home network. And once you’ve done that, go back into your router and only allow those IP addresses you’ve assigned access to the router.
Again, if none of that makes sense to you, I recommend that you NOT try to do this…
That’s enough for this post. We’ll talk about spam and spyware in upcoming posts.
Thanks for listening,
Tom
Post a Comment