70. About Basic Network Security
Network securityincluding security for a home workgroup networkrevolves around protecting information, meaning network data. On a large corporate network, the data might be the social security numbers and credit card numbers for thousands of people. On your home network, the data might be your home budget file or a list of addresses for this year's Christmas cards.
Data and other network resources must be protected from internal intrusion (such as a legitimate network user who deletes important files) and external intrusion (such as a computer virus or illegal hacker on the Internet). Corporate networks spend tons of money on different security measures to protect their network data. And although network security is also important to the home network, you don't have to try to duplicate the measures taken on large networks to protect important information.
Network security, even security on a home network, is focused on network access and resource access. To protect network data, you must secure the network from unauthorized access (from the outside) and also protect data when it's accessed by an authorized user (from the inside).
In terms of locking down the network from outside intrusion, a WiFi network connected to a high-speed Internet connection device such as a DSL router or cable modem has two potential avenues for outside attacks: the WiFi infrastructure and the persistent connection to the Internet.
How does one negate (or at least greatly limit) the possibility of outside attacks on a home network? The key tool in securing the home network is the WiFi router. The router provides security options that secure both the WiFi medium or infrastructure (the radio waves used to communicate over the network) and the connection to the Internet. First let's take a look at securing the WiFi medium.
Sending data over radio signals that have not been secured is pretty much akin to leaving all the doors in your house open when you go on vacation. Your WiFi router provides you with settings and security features that can greatly enhance the overall security of the WiFi home network. Most WiFi routers offer the following settings for securing the WiFi medium:
When you take advantage of the different ways to protect your workgroup from outside attacks (including problems with viruses and other malware, as explained in About Malware), you still need to protect the data from security breaches inside the network. This is usually a problem with the accidental deletion of important files or the fact that important data has become corrupt and unusable.
On large networks, data is protected by a network administrator who assigns each user a set of permissions related to data entry. However, because shared data is actually spread across a number of computers (shared folders reside on individual computers and are managed by the users on those computers), you really can't control users on a workgroup the way administrators of large networks can control network resources on centralized servers. So, protecting data from problems that originate on the inside of the network, such as a file being inadvertently deleted or corrupted, is really best handled by backing up the data on each individual computer (see About Backing Up and Restoring Data).
Another problem with workgroup networks is that if a folder is shared in a workgroup, it is available to everyone in the workgroup. Therefore, it is important that the users on the network act responsibly in terms of working with shared folders and the contents of these folders. It is also important that each computer on the network have an up-to-date antivirus software product installed because it is fairly easy to spread a virus or other malware in a workgroup networking environment (see Install and Use Antivirus Software for more about antivirus software).
The biggest security risk to networks, including small home workgroups, is intrusion by malware (such as addware and viruses) and security holes (ports) in different software applications used to connect to the Internet (such as Internet Explorer). One way to help shore up your defenses against hackers who attempt to exploit open ports on your computer is to lock these ports down and stop external access to the internal network. This is what firewalls do; they act as an intermediary between your private network and the public Internet. Configure Router Firewall Settings looks at how firewall settings are configured on a WiFi router that supplies firewall capabilities.
Task About Content Filtering and Opening Ports discussed ports, including the well-known ports for filtering Internet content and services. Ports can be exploited on your computer as a way for an outside attacker to actually take control over your computer.