In my previous post of this series, "Who Do You Trust?", I wrote about the importance of strong passwords as one of the first steps in protecting yourself on the Internet. In this post I will tell you about the second most important step to protecting your self on the Internet. If you use a wireless connection, or if you have more than one computer, you will need a router. Properly configuring your router is a crucial step in using the Internet safely and securely.
Your Internet router allows you to connect the private network in your house or office to the public Internet. Because it is the "doorway" that allows data in and out of your network, just like a real door, you need to make sure it is equipped with a good lock. And, just like the lock on your home's front door, you want to ensure that only you and those you trust have a key.
If you only have one computer, and it doesn't use a wireless network connection, then you don't need router to connect to the Internet, at least, not a router in your home. Your Internet service provider uses a router to connect its network to the Internet. Your computer would simply connect to your ISPs network. In that case, your doorway should be locked with a firewall. My next post will cover firewalls and how to use them.
If you use a router to connect to the Internet, you should use a firewall too but, your first line of defense is the router. If you are a home user, your ISP usually only gives you one Internet (or IP) address to use. Even large companies do not have an Internet address for every computer they use.
Because there are not enough Internet addresses to give every computer its own, routers provide a service for private networks, called Network Address Translation (NAT). There are certain groups of IP addresses that are reserved for private networks. Those addresses cannot directly access, or be accessed from, the Internet. Instead, computers on private networks use routers to "translate" their addresses to public Internet addresses for outbound communications, and to translate public addresses back to their private addresses for inbound communications. Private networks using NAT can have many computers communicate with the Internet by sharing only one or a few public Internet addresses.
A router providing NAT services actually prevents computers outside of their private networks, from initiating communications with computers with those on their private networks. In fact, the private addresses are effectively hidden from the Internet. Internet computers can only reply to requests for communication from the computers on the
If you only have one computer, and it doesn't use a wireless network connection, then you don't need router to connect to the Internet, at least, not a router in your home. Your Internet service provider uses a router to connect its network to the Internet. Your computer would simply connect to your ISPs network. In that case, your doorway should be locked with a firewall. My next post will cover firewalls and how to use them.
If you use a router to connect to the Internet, you should use a firewall too but, your first line of defense is the router. If you are a home user, your ISP usually only gives you one Internet (or IP) address to use. Even large companies do not have an Internet address for every computer they use.
Because there are not enough Internet addresses to give every computer its own, routers provide a service for private networks, called Network Address Translation (NAT). There are certain groups of IP addresses that are reserved for private networks. Those addresses cannot directly access, or be accessed from, the Internet. Instead, computers on private networks use routers to "translate" their addresses to public Internet addresses for outbound communications, and to translate public addresses back to their private addresses for inbound communications. Private networks using NAT can have many computers communicate with the Internet by sharing only one or a few public Internet addresses.
A router providing NAT services actually prevents computers outside of their private networks, from initiating communications with computers with those on their private networks. In fact, the private addresses are effectively hidden from the Internet. Internet computers can only reply to requests for communication from the computers on the
private networks. This provides protection from the Internet for those computers "behind" the router. Of course, it's a little more complicated than this, and exceptions and conditions can be programmed into all routers. However, for most home computer users, routers providing NAT are helping to protect you from communications that you don't initiate.
Routers are helping but, they are not enough protection by themselves! I will write about the additional steps required to keep you safe, in upcoming posts; Firewalls and Anti-virus/anti-spyware software. Routers also need to be carefully configured so they can protect you as much as possible. We need to think of Internet security in terms of layers. It takes many different layers working together to give us adequate protection.
Remember, we said that computers on the Internet cannot initiate communications with computers using private addresses on your private network. However, your router has one public address that computers on the Internet can communicate with, if you do not take steps to configure your router properly!
Those steps are:
1. Change your routers default administrator user name and password!
2. Use a strong admin user password!
3. Disable remote administration!
4. Enable WPA or WPA2 encryption! (WEP has well known vulnerabilities! Without encryption, computers can bypass your router all together and communicate directly to computers on your private network!)
5. Use a strong encryption pass phrase!
A properly configured router, along with strong passwords, firewalls and anti-virus/anti-spyware software will provide you with good protection as you use the Internet. Of course, you always need to keep your software updated with the latest security updates! I will be writing about all of these layers of security in the upcoming posts of the series, "Who Do You Trust?" As always, please comment and give feedback on posts, so I can continue to improve them.
Routers are helping but, they are not enough protection by themselves! I will write about the additional steps required to keep you safe, in upcoming posts; Firewalls and Anti-virus/anti-spyware software. Routers also need to be carefully configured so they can protect you as much as possible. We need to think of Internet security in terms of layers. It takes many different layers working together to give us adequate protection.Remember, we said that computers on the Internet cannot initiate communications with computers using private addresses on your private network. However, your router has one public address that computers on the Internet can communicate with, if you do not take steps to configure your router properly!
Those steps are:
1. Change your routers default administrator user name and password!
2. Use a strong admin user password!
3. Disable remote administration!
4. Enable WPA or WPA2 encryption! (WEP has well known vulnerabilities! Without encryption, computers can bypass your router all together and communicate directly to computers on your private network!)
5. Use a strong encryption pass phrase!
A properly configured router, along with strong passwords, firewalls and anti-virus/anti-spyware software will provide you with good protection as you use the Internet. Of course, you always need to keep your software updated with the latest security updates! I will be writing about all of these layers of security in the upcoming posts of the series, "Who Do You Trust?" As always, please comment and give feedback on posts, so I can continue to improve them.
