Russ Harvey Consulting - Computer and Internet Services

Home Networking

Setup | Security | Other Concerns

How to network two or more computers to securely share resources.

Networking is Connecting Computers Together

In simple terms, networking is connecting two or more computers together to share files, high-speed Internet access or resources like printers and scanners.

Easier to Install

Creating networks has become easier and less expensive. Most high-speed ISPs provide some sort of a router-modem combination these days.

Wired or Wireless?

Most current routers provide for two types of connection to the network:

  • Wired (LANs) using Cat 5 (or faster Cat 6) Ethernet cables. Routers usually provide for up to four wired connections.
  • Wireless (WLANs) using radio signals that carry the information between the various devices on the network. Wireless networks allow you to connect dozens of devices.

In addition to computers, tablets (iPads), network-capable "smart" phones, printers and other specially-designated devices are now capable of connecting with wireless technology. You can add this capability to some devices with third-party hardware.

Connection Limitations

Because you don't have to run wires, WLANs are easier to set up, but there may be limitations because of the walls or other interference between the router and certain areas in your home or office.

Other methods include connecting computers through the electrical wiring in the building using special network hardware designed for this purpose. These can provide a “wireless” solution where you have difficulty running either network cabling or getting a reliable wireless signal.

Other Resources

The following sites have more information about planning and setting up a network:

Return to top

Setting Up Your Network

This is a very brief overview of the connection process. You will need to carefully follow the instructions that came with your router which may differ from this generic guide. Most routers come with setup instructions and a CD to help you.

Where I refer to your router this may be configured as a separate high-speed modem connected to an external router or as an all-in-one combined modem/router supplied by your ISP (most common).

Don't Use Wireless to Configure a Router

Never try to configure a router using a wireless connection.

You'll risk losing the signal when the router reboots during setup. Instead, connect to the router directly with an Ethernet cable until the setup and configuration is completed. Once complete, you can return to a wireless connection if you wish.

Configure Your Router

Follow these steps in order (unless directed differently by your router's installation guide) so that any problems can be rectified before you move on:

  1. Make sure the high-speed connection is working on the computer currently connected to the modem or router. This is an important step, since you don't want to complicate things by tackling the rest of the network before determining that your connection is active.
  2. Make a note of the items that your router installation guide suggests you record. You will need this later to configure the router.
    If directed to install the software first, do that when instructed to do so.
  3. Remove the network cable from the back of the computer and plug it into the WAN port on the back of the router.
  4. Connect a network cable from one of the numbered ports to the back of the computer. (Do not use an “uplink” port.)
  5. Set your router up using the instructions provided by the manufacturer. This is where you will need the settings you recorded earlier. This sometimes requires rebooting the modem, router and computer.
  6. Check that your connection to the Internet is working on your computer. If you don't have a connection, you'll need to figure out where you went wrong before continuing.

ISP Resources

Connections can differ with your ISP (usually Shaw or Telus):

Adding Other Computers

Once you are sure the main computer is working correctly, you can connect the other computers and devices to your network — one at time.

  1. Add the other computers that will be connected using a network cable into one of the remaining numbered plugs. Be sure to check their connectivity as you go. You may need to reboot the computer so that it sees the new network address or change the IP address.
  2. Add the wireless computers one at a time. You will need to configure each computer's wireless receiver according to the instructions you got with the unit.
  3. Add any other wireless devices like printers, scanners, smart phones, tablets, etc. one at a time. Use the instructions and/or software that came with these devices. Once connected most will prompt you to verify access by printing or scanning a test page. Do this on your primary computer first, then verify it elsewhere on the network.

Setting Up Your Network

WiFi Resources

Renewing the IP Address

Rebooting your computer is not the only method for renewing the network address. You can use ipconfig at the command line following the instructions here:

  1. Click on Start then type cmd in the search box.
  2. Click on the cmd.exe that appears. When the command line window appears, click on it and a cursor will appear at the end of the last line.
  3. Type ipconfig /release to release the current IP address.
  4. Now type ipconfig /renew to renew the IP address. Not all devices may be active.
  5. Now, close the command line window and ensure that you can access the Internet and your network is available.

Windows Network and Sharing Center

Windows users can also open Network and Sharing Center, right-click a network connection (depending upon how the computer is connected to the network), click Open Network and Sharing Center.

This is where you can configure your network and determine the current status of your network connections.

Windows 7 displays a diagram of your network at the top which isn't displayed in Windows 10:

Windows 7 Network and Sharing Center showing the basic network information

There should be solid lines between your computer, the network and the Internet. If there isn't, click on Troubleshoot problems and follow the prompts.

More About IPCONFIG

The following resources can tell you more about the ipconfig command options:

Return to top

Network Security

The WPS “push-button” makes configuring devices on a wireless network easier, but it is also a serious security risk. WPS is enabled by default. Disable it.

Update Your Wi-Fi Security

Just like other hardware and software, it is very important that you update your Wi-Fi hardware and software when possible, replacing it when it is no longer secure.

KRACK Wi-Fi Security Flaw

A new Wi-Fi critical flaw in the WPA2 security standard, KRACK, affects virtually all devices but particularly Android and Linux operating systems. Windows and Apple devices are only partially affected and currently supported versions have been patched if you've installed the available updates.

Know that KRACK is mostly a local vulnerability -- attackers need to be within range of a wireless network. That doesn't mean your home network is totally impervious to an attack, but the odds of a widespread attack are low due to the way the attack works. You're more likely to run into this attack on a public network. — CNet.
You should therefore be sure to avoid public Wi-Fi hotspots, such as those at airports as well as in public areas, cafés or hotels. Wired or mobile Internet connections are not affected by KRACK and are still considered secure. [C]lient devices connected to the Wi-Fi are more vulnerable to the attack than access points or routers. — Ghostery.

Wireless Recommendations

While much is still up in the air, it is recommended that you use a wired network connection where possible and follow these guidelines for wireless connections:

  • Continue to us WPA2 encryption for Wi-Fi (it is better than the alternatives).
  • Use cellular rather than Wi-Fi on your mobile devices (turn the Wi-Fi off).
  • Always keep your devices up to date, upgrade your device where possible and cease using a device that is no longer supported by the manufacturer.
  • Use a virtual private network (VPN) service.
  • Use HTTPS (an encrypted connection). Not all sites support this. The Cliqz browser supports this natively and the HTTPS Everywhere browser plugin allows you to add support to other browsers.

Patch Availability

Patching is proceeding differently for each device.

Smartphones More Vulnerable

Smartphones are more vulnerable than computer systems but it depends upon the manufacturer as to how soon a patch may be available. Current Apple products have been patched, but Google Android products have not.

Your smartphone may be a different story. While iOS is fully secured, newer versions of Android are not yet. Since every smartphone manufacturer and wireless carrier uses a slightly different version of the Android OS, it's difficult to say when your device will be patched, if ever. — Tom's Guide.

Windows & Apple Patched

Microsoft and Apple have now patched their systems, but you're still better using wired network connections and turning off Wi-Fi where possible until everything else is patched.

  • Microsoft fixed the vulnerability with the October 10th updates (XP and Vista were not patched).
  • Apple released updates for all their core operating systems on October 31st.
  • Ubuntu and Mint, the most popular Linux version for home users, were patched in July.
  • Other Linux systems are more vulnerable, particularly older versions. Recent releases are more likely to be patched.

IoT & “Smart” Homes Vulnerable

The Internet of Things (IoT) has been built to be inexpensive rather than ensuring they are secure. Security experts are warning that these devices are vulnerable and post-market security is not as easy to add.

Too many "Internet of Things" devices are made without security in mind. Their software is cobbled together from dozens of oft-used or even stolen parts, and many have hard-coded default usernames and passwords that are known to hackers. — Tom's Guide.

“Smart” homes are dependent upon Wi-Fi for their connections to the Internet. This environment includes fridges, remote control devices, baby monitors, thermostats and more. Imagine coming home to a frozen house because someone remotely turned off the heat.

Learning More

There is a lot of information about KRACK. These should get you started:

Wired Network More Secure

Wired networks are more secure because they don't transmit information except to the connected devices via the network cables. However, the convenience of wireless makes it more practical for most home users. Be sure to secure your wireless network to protect from outside interference and unauthorized use.

Wireless Network Standards

802.11a/b/g/n

You'll see a number designations for various wireless components.

These wireless standards all share the "802.11" part at the front, but the letter at the end is the most important, designating the standard. It is most common to just refer to the last letter when speaking about the devices. For example, 802.11g is usually called wireless G.

The most common wireless standards you'll encounter at home or in public access points are:

  • 802.11b is an obsolete standard with a low throughput of 11 Mbps.
  • 802.11g is more common, running with a throughput of 54 Mbps.
  • 802.11n is the current standard with a throughput of 450 Mbps. It can penetrate areas in your home or office that previous versions couldn't.

These standards are slower than the 100Mbps throughput that wired Ethernet networks are capable of handling.

Mixing WiFi Standards

Many routers can only be configured with one standard at a time. Dual-band routers allow you to set two separate standards (e.g. G and N) on the same network, letting you provide for older devices. Sometimes a dual-band G/N router can provide more reliable service than an 802.11n single-band router.

More About WiFi Standards

The WiFi Alliance has more information about these standards as well as a listing of certified devices and public hot spots worldwide.

Secure Your Wireless Network

It is very important that you secure your wireless network — you do not want your network or Internet service accessed by others. It is relatively easy using the tools provided by the manufacturers of wireless equipment.

Since no encryption is totally secure, use a wired network if you are concerned about confidential information. Be sure to disable the wireless capability of the router.

Security Protocols

There are several protocol used to secure wireless networks. The most common are (in order of increasing security):

  • WEP;
  • WPA; and
  • WPA2.

WEP

WEP is an older encryption method that is not recommended. Some older devices such as laptops can only connect using WEP but you can upgrade it using an external USB device.

  • WEP security uses only the digits 0–9 combined with letters A–F and sends a portion of the WEP security key each with each transmission so it is less secure than more recent encryption methods.
  • The longer the key, the harder it is to break, and is therefore more secure. Use 128-bit encryption where possible and always mix letters and numbers in a random order.

WPA

WPA was designed to overcome all know security issues with WEP. WPA utilizes 128-bit encryption keys and dynamic session keys to ensure the wireless network's privacy and security. There are two general variations:

  • WPA-Personal uses a pass-phrase or pre-shared key (sometimes referred to as personal mode) and is used for home and small office networks. This is sometimes referred to as WPA-PSK.
  • WPA-Enterprise verifies network users through an authentication server and is used in large networks.

WPA2

WPA2 uses an AES encryption algorithm for increased security. Most current routers support some form of WPA. WPA2-Personal and WPA2-Enterprise versions operate in the same manner as their WPA counterparts.

Learning More

Check out these sites for more information about wireless security:

Return to top

Other Security Concerns

If you are setting up a network, particularly one that shares access to a high-speed Internet services, you need to read Preventing Unauthorized Access.

  • An always-on connection presents a stable attack target and is therefore more vulnerable.
  • You might not notice nefarious use since increased speed means they're tapping a relatively small portion of your bandwidth.
  • Music- or file-sharing programs usually upload content as well as download it (unless specifically configured not to) and often install spyware or using your bandwidth for their own purposes. Most are up front about this — if you bother to read their license agreements carefully … and most people don't.
  • Wireless doesn't end at the walls of your house or office. Be sure to enable encryption.
  • While email, downloads and infected media can still spread viruses, most current threats are encountered when visiting infected websites.
  • Use a router even if you only have one computer. A fresh Windows installation on an unprotected high-speed connection can be infected before you can get the installation and updates to a point where you can install security software.

You can take some basic steps to help reduce these risks.

Consider a Security Suite

Consider a security suite to best protect yourself from the sort of blended threat (multifaceted attacks) that are common today. I strongly recommend ZoneAlarm security suites.

The product you choose should include at least the following:

  • Strong anti-virus protection that is frequently updated.
  • A secure firewall. While your router is a “hardware” firewall, it doesn't protect you from outbound threats.
  • Effective anti-spyware protection to ensure that the software and tools on your computer aren't leaking private information.

In addition, you should know how to use passwords and encryption correctly.

Keep it Updated

Your software needs to be updated regularly. Today's security threats are often adapting quickly to attempts to protect against them. Unless you're receiving regular (hourly) security updates, your software may not protect you.

  • Regularly download and install the updates (several times a day recommended).
  • Free software often updates only once a day.
  • Upgrade when your vendor no longer offers updates.

“Free” Can Be Expensive

While your ISP may provide a security package as part of your subscription, be sure it is effective.

  • Many of these packages are bloated and will significantly slow down your computer.
  • These are usually combinations of products from several vendors. Not all are designed to work together.
  • You'll spend more than the cost of decent software to pay to clean up any problems that these products fail to protect you from.

Many free offerings from security vendors are limited in some capacity. Most often, they'll only update once a day — insufficient if a serious and rapidly-morphing threat appears.

Test for Weaknesses

There is always a compromise between ease of use and the degree of security that is achieved. You must make this decision based upon the best information available to you.

  • Be aware of your firewall's weaknesses.
  • Test your firewall regularly.
  • Ensure that your security isn't being disabled by someone with physical access to your computer or router.

Windows Security Options

Limit Administrator Accounts

Windows has the ability for several levels of access control. The main user of the system is called the Administrator but more than one account can have administrator privileges. Administrator privileges give full access to make changes to the system, something that could be detrimental to system security.

  • Even with only one user, there is a hidden Administrator account (available through Safe Mode).
  • Windows XP gives every user administrator privileges by default. Windows 7 recommends Standard accounts.
  • Some software (like MSN Messenger) runs with the computer, not the user. Allowing your children to run an instant messenger program may be a security risk for every account on the computer.

Create Standard accounts for other users. “Standard accounts users can use most software and change system settings that do not affect other users or the security of the computer.” Setting this up is relatively simple for most users.

  • Use Standard accounts for most users, especially for your children. Password-protected standard accounts will limit their ability to introduce security issues into your computer.
  • There is also a Guest account with very limited access. Enable it for outside users so they don't have access to your documents.

Convenience Can Be Costly

Windows allows one user to log off with all their programs still running to allow another to log on if they need to quickly check their email or to print a document.

  • This practice is convenient but I strongly advise against leaving several users logged on at one time.
  • If another users shuts down Windows (or experiences a power failure) changes to open documents will be lost.
  • Software installations and security updates often require rebooting the computer.
  • You should probably save everything prior to logging off just to be sure.

I recommend saving documents and restarting the computer rather than simply logging off. It is too easy to forget other users.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!


www.RussHarvey.bc.ca/resources/network.html
Updated: November 3, 2017