Tighten your network and Wi-Fi security
All the computers and laptops that connect to your home network are at risk if a hacker gains access to the network via Wi-Fi or the internet. It’s therefore very important that you check your network is secure too.
1. Check your wireless network for security problems
If you use Internet Explorer you can test your home network using the Pure Networks Security Scan (www.snipca.com/9919). The program works in all versions of Windows except 8 and the full program can be used for free for seven days. Click ‘Start Scan’ and wait until it completes. Let the scanner install an add-on if it asks to do so. Security Scan provides detailed scanning, including the checks on all ports, and a full security report for wireless networks.
2. Stop your router setting being changed remotely
On some routers you can change the settings from any browser – you just need to log in with the router’s IP address and password. Some routers use a special website to access the router indirectly, which is a little more secure. In either case, it’s safer if you turn off the option to change your network access from anywhere except your home computer. If, when you scan your network for open ports, Security Scan warns that port 80 is open but no PCs are connected, it’s likely the port is used for the router’s remote access or web-management feature. Check the router manual for details of how to disable this port access. You should also change the password for the router’s settings menu if you haven’t already done so. Some routers have 0000 or ‘change me’ as their default password, so make sure you change this.
3. Check storage sharing setting
If your router has USB ports for connecting and sharing storage device, make sure remote access to storage (via a browser or FTP) is disabled. If someone can log onto your router via a remote site, they may able to plant malware on your computer network. You should be able to disable remote file-sharing and backup from the router’s setting menu, but you will need to check router manual for details. If you use FTP or automatic online backups make sure access is protected by strong passwords. Disable any option for ‘anonymous FTP’ and, if possible, limit access to named users (not all routers have this option).
4. Turn off media-streaming services
UPnP (Universal Plug and Play) is great for sharing photos, music and video over a local network, but let’s programs change the router’s security settings. This is to make it simpler to set up programs, such as online multiplayer games, that need to open special ports in the firewall. UPnP can pose a security risk, though, so you should at least not. Most will disable it by default, but again you will need to check the documentation. Turning it off will show you whatever it affects any programs or services. To test whether UPnP is enabled and secure, use the free test on the ShieldsUP website. Click GRC’s Instant UPnP Exposure Test (above the ‘ShieldsUP services’ box) to run the test.
5. Make sure Wi-Fi passwords are secure
Complicated passwords are a nuisance, but it’s vital you use a strong, hard-to-hack password for your Wi-Fi router as it’s all that’s stopping someone connecting to your network, gaining access to your computer and getting a free internet connection. Find the wireless security section in the router’s setting menu, go to the section for the password (sometimes called the encryption key or passphrase) and change it. If the password is sometimes like ‘1111’ or ‘0000’ almost any change of password will be an improvement. However, for better protection change the Wi-Fi encryption method to WPA2. If the network includes older PCs you will need to choose WPA/WPA2 encryption as PCs running Windows XP or Vista won’t be able to log on using WPA2.
6. Check who’s on your network
Anything that connects to a home network needs an IP address to do so. It gets this address from the router using a system called DHCP (dynamic host configuration protocol). All routers list the devices they’ve given an IP address. Look for the ‘DHCP client list’ or a similar heading in the local network or LAN security of the menu. It will just be a list of IP address and PC names. However, Windows prompts you to change your computer names to something recognizable when you first connect it to a network – so if Jane from the next door appears on your DCHP client list it’s possible she’s logged on to your broadband. Just to be sure. Click the refresh button or restart your router and check again before confronting her – the list can sometimes include devices that are no longer connected.
7. Block any device from connecting via Wi-Fi
MAC filtering is great for preventing unauthorized connections to a wireless network. All networked devices and adapters have a unique 12-digit MAC number, so if you tell your router to only accept specific MAC numbers you can stop any others logging onto it. Look for ‘MAC filtering options’ on the wireless settings page. Some routers will let you add existing connected PCs to the filter, but with others it has to be done manually. To find the MAC address of a wireless device, open a Command Prompt, type ipconfig /all and press Enter. Look down the results for the wireless adapter (it will be the only one showing an IP address ) and note down the numbers on the Physical Address line.