While enjoying the fun brought by home Internet access, we also learned that there are still many invisible security problems behind the internet, for example, are files and other data on computers in the home safe? Will it be attacked by hackers? There are also poor information on the Internet, and the essence and dregs coexist. How can I keep my family away from such junk information? That is to say, how to build a safe and healthy home network becomes a concern for users who access the internet. This article will discuss these two issues.
1. Reject uninvited customers from the door
1. Make your system more immune
The reinforcement of users' operating system security is the most fundamental way to defend against hacker attacks. In fact, most hackers on the network are not technically superb, they only use system vulnerabilities and other tools to intrude into your system. If you can learn about and install Microsoft's latest patches in a timely manner, apart from the real heroes, no one can pose a security threat to you. In addition, do not set the system password too easily. For convenience, many friends set the system administrator password to a simple password similar to "1" and "123". For intruders or viruses, find a brute force tool and try out the real password easily.
2. Modify the default user name and password of the Broadband Router.
Currently, most home networks access external networks through a Broadband Router or Wireless Broadband Router. Generally, the device manufacturer provides a management page tool to facilitate user settings. This page tool can be used to set the network address and account of the device.
To ensure that only the device owner can use this management page tool, the device usually has a login interface. Only users with the correct username and password can enter the management page. However, when the device is sold, the default user name and password provided by the manufacturer for each model of the device are the same. Unfortunately, after many home users buy these devices, the default user name and password of the device are not modified.
This allows hackers to take advantage of this vulnerability. They can easily find the addresses of these devices through simple scanning tools and try to log on to the Management page with the default user name and password, if the router or vswitch is successful, the control of the vro or vswitch is obtained immediately.
3. Make good use of the firewall function of the Broadband Router
The built-in firewall in the vro can provide basic firewall functions. It can shield internal network IP addresses and freely set IP addresses and communication port filtering to prevent hacker attacks and virus intrusion, users can have a secure network environment without spending money to install other virus protection devices. Therefore, the firewall function is an important function of the home Broadband Router, because if there is no firewall for security protection, the probability of the home network being infiltrated by viruses and hacker attacks increases, this may cause network paralysis and bring a lot of trouble to users.
Currently, vro firewall functions include anti-IP address filtering, URL filtering, MAC address filtering, binding IP addresses to MAC addresses, anti-Black capabilities, and security logs. With the built-in firewall function of the router, you can set different filtering rules to filter all abnormal information packets from the Internet, so that internal network users can access the Internet with peace of mind.
Pay more attention to wireless network security
Wireless networks are more vulnerable to intrusion than wired networks for users who access wireless networks in their homes, because the computers at the attacked end do not need to be connected to the computers at the attacked end, he can access your internal network and access your resources as long as he is within the valid range of Your Wireless Broadband Router or Wireless AP. Next, let's take a look at the security measures to protect our wireless network.
1. Modify the default service area identifier (SSID)
Generally, each wireless network has a Service Identifier (SSID). When a wireless client needs to join the network, it must have the same SSID. Otherwise, it will be "REJECTED ". Device manufacturers usually set a default SSID for their products. For example, the SSID of a linksys device is usually "linksys ". If a network does not specify a SSID for it or only uses the default SSID, any wireless client can access the network. Undoubtedly, this opens the door for hackers to intrude into the network.
2. Disable SSID Broadcast
In a wireless network, each routing device has a very important function, that is, the service area identifier broadcast, that is, the SSID broadcast. Initially, this feature was designed primarily for commercial wireless networks with extremely high traffic on wireless network clients. In a wireless network with SSID broadcast enabled, the routing device automatically broadcasts its own SSID number to the wireless network client in the valid range. After the wireless network client receives this SSID number, you can use this network only by using this SSID number.
However, this function has a great security risk, as if it automatically opens a portal for hackers who want to enter the network. In commercial networks, security must be sacrificed to enable this function to meet the changing wireless network access end. However, as a home wireless network, network members are relatively fixed, therefore, you do not need to enable this function.
3. Set MAC address filtering
As we all know, basically every network connection device has a unique identifier called a physical address or a MAC address. Of course, wireless network devices are no exception. All devices track all the MAC addresses that pass through their data packet source. Generally, many such devices provide MAC address operations, so that we can establish our own MAC address list to prevent unauthorized devices (hosts, etc.) from accessing the network. However, it is worth mentioning that this method is not absolutely effective, because we can easily modify the MAC address of our computer Nic.
4. assign a static IP address to your network device
As DHCP services become more and more easy to establish, many domestic wireless networks use DHCP services to dynamically allocate IP addresses to clients in the network. This leads to another security risk, that is, the attacker accessing the network can easily obtain a valid IP address through the DHCP service. However, in a very fixed home network, we can assign a fixed IP address to the network member devices, and then set the list of IP addresses allowed to access the devices on the vro, this effectively prevents illegal intrusion and protects your network.
2. Make your home network full of sunshine
For a long time, parents have broken their hearts over their children's Internet health. How can they make the innocent and pure world unaffected by the large amount of bad information on the Internet? On the one hand, effective means should be taken to guide the combination of education and management measures. To fundamentally eliminate the influence of poor content on children on the Internet, we should rely on the guidance of the children's own thoughts. Only the children can fully understand the negative effects of those content on them, in order to avoid their subjective search and browsing of such information. On the other hand, we can use some measures to prevent the undesirable information.
1. Software Support
Installing software on a computer that provides functions such as web page filtering, network tracking, and time-limited Internet access makes effective monitoring of children a shortcut to get twice the result with half the effort. Currently, this type of software includes "No worries for parents", "Network dad", and "Network mom". Generally, this type of software can have the following functions:
Filters and bans unhealthy websites such as pornography, viruses, gambling, and reactionary behaviors;
You can specify the time used by your computer to prevent your children from delaying their studies;
Focus on guidance and monitoring, and develop children's healthy surfing habits;
Free control of computer programs to prevent your children from indulging in chat and games;
Detailed log records and scheduled screen photos let you know what your child has done;
With the Internet connection, Health Web site Daquan, leading the green internet.
2. Use a Broadband Router with the website Filter Function
With the website filtering function, you can monitor and record Website access on the entire network, and manage computers in the network through permission groups. Each user has their own permissions, thus, the scope of the website browsing by members in the network is determined. websites that are not allowed to access will be blocked and a clean network environment will be provided for you.
TP-LINK "smart manager" router TL-R460 is such a device, all want to enter the network of the computer, the router will check the media access control address of its network card, access is denied if it is not in its legal address list.
In addition, in the "smart Butler" setting software, there is a special column dedicated to setting the Internet time, allowing parents to set their own Internet time periods and the length of Internet time, this prevents teenagers from indulging in browsing the Internet for a long time. In actual use, parents can flexibly set their children's work and rest periods, such as the learning periods from to every day, to prohibit the Internet access, any access to the Internet will be prohibited, including browsing the Web page, sending and receiving emails, chatting, and so on. proper control of the time the child uses the computer.
After reading the above suggestions, I don't know if it will help you or not. If you have any questions or troubles when you are surfing the internet at home, please let us know about IT168's home network channel and let us work together to grow together.