Written by Valcor
Special thanks to the documents team for their
assistance, and ideas in furthering the document.
Updated by snow - March 02 2020
With the introduction of broadband internet in many homes, home networking has become very common throughout the world. With this growth has also come the growth of the number of computers in the home. With multiple computers now entering the home, many people start considering home networking to allow everybody access to the internet. With the requirement of giving everybody access to the internet, comes the requirement to install certain software on your 'main' computer. Hopefully this document will give you a guide into how to make that main computer a little more secure than just installing the default software, with the default settings.
Home networking has become very simple now with the common installation of network cards (NICs) into many PCs, and the cost of networking equipment such as hubs has decreased. But connecting to the internet with the default settings of Windows (or any operating system) can be a security risk, and not only cause problems for you, but for those that fall prey to attacks from your PC when somebody sees it as an open toy Here are a couple of ideas you may want to think about when setting up your home network.
- Does the main computer need to have file and printer sharing enabled?
- Do your computers have the latest security updates from the provider?
- Do I have an up to date virus scanner?
- Am I using a good firewall?
Just answering those questions can get you on a good start to home networking. The next step is how to allow your home network to get to the internet. There are two main/common ways in which access can be gained. The first is via a Proxy Server, the other is via a NAT server/firewall. Both are discussed below.
Please note that Undernet does not endorse or favor any software or hardware used while connected to its servers. The following is provided solely to help users of Undernet IRC.
Go to Top
Proxy and NAT Servers
A Proxy Server is normally software that works on the main computer connected to the internet. It acts as a redirector for your traffic. It takes your requests for things like websites, goes and gets those web pages, then returns you the data. This is equivalent to having a middmiddle man to do your work. Here is a simple scenario...You're at home, watching TV, you feel hungry, but you don't want to get up...you call your kid brother to get you some food. He runs off, gets your food, and comes back (if you're lucky). In this case, your kid brother was acting like a proxy server. You asked him for something, he went and got it, and gave you the results (food).
There are many different types of proxy servers available on the internet. Some are free, some are free for a certain number of users, and others may cost a little bit of money. Your needs, and the money you want to spend, will determine which software/hardware you use. Below are a few examples of proxy servers.
WinGate, is a very common windows based proxy server, and a demo can be downloaded for free at www.wingate.com. The full home version starts at about $35 (US) for 3 users. Wingate, unfortunately, is one of the easier proxy servers to miss-configure, so I'll cover making it a little more secure a little later.
Microsoft Proxy is a designed as a business related proxy server, but it is occasionally used in the home. Setup is moderately easy, but there are costs involved, and certain server requirements exist.
Squid is a UNIX based proxy server and can be found at http://www.squid-cache.org/. Squid is free, open source software, and downloadable from many sites. Configuration may take a little bit of extra knowledge of the UNIX operating system, but there are many "how to", documents, and guides on the internet. Squid is not Windows compatible.
I've only covered a few proxy servers, but there are many about, and your personal preference will always be an ultimate decider in which you plan on using.
Network Address Translation (or NAT) is often used to make transparent proxies (in which the end user doesn't require much configuration for use). It is often used in UNIX type operating systems (such as Linux, or FreeBSD), but is also incorporated into some modem DSL/Cable routers including those provided by Linksys. NAT works slightly different than a proxy server, but the outcome is still the same. NAT takes your address from inside the network, adds an extra address (that of the server), and sends the request on. When the request gets back to the server, it strips its own address, and returns the data back to the computer that made the request. NAT servers can often be configured using software that comes on the operating system, for example IPChains, or IPTables.
Go to Top
Home networks are as much susceptible to attacks as the networks of the government and business. Home networks are often targeted because the ability to turn collections of unsecured computers into a single attack from a single host. Don't become an unknowing accomplice to a criminal act! Installing a firewall will help further your security for proxy servers, and your home network in general by blocking unauthorized access to your network. Most firewalls can also let you know when someone is trying to connect to your computer and document break-in attempts. I'm only briefly mentioning on the topic of firewalls as there is another document on the Documents website about this subject. There are many different types of firewalls, again ranging in cost, and functionality. A couple of firewalls to consider are:
Black Ice - This can be found at http://www.networkice.com
- ZoneAlarm - This can be found Here
- Shields Up! - This can be found Here
For those running Linux, or Unix type Operating systems...you should try checking out iptables or ipchains.
(Documents on using can be found on both the sites listed)
Go to Top
Undernet and Proxy Servers
Due to recent abuse caused by the use of 'open proxies', Undernet now runs a proxy scanner when you first connect to a server to detect insecure setups. As soon as a insecure proxy server is detected, it is immediately disconnected, and given a network wide ban (G:Line). If you are connected, and ever get disconnected with this message.
Go to Top
Here are a few sites that may be useful in your quest to securing your home network.
Go to Top
Internet has now become a great part of our lives, even if we don't realize it. Using the internet at home is also becoming more and more important for everyday life. Making sure you're secure is important to protect you, your information, and other people from the effects of a bad setup. Reading the manual is a good start to securing things, but taking those extra steps make all the difference, from clicking a couple of extra buttons, to typing an extra line in your configuration.
The Documents Project site has a wealth of information, and the various help channels are manned by knowledgeable people who will do their best to assist you man the various help channels...
If you have any comments/additions/corrections or suggestions for new documents or FAQs, you are encouraged to email firstname.lastname@example.org with your suggestions.