Internet security is a really big topic. But what does it mean? Does it mean:
- Keeping your antivirus up to date?
- Updating your operating system and applications regularly?
- Keeping your private information safe from prying eyes?
- Making sure your data is secure and recoverable in case of disaster?
It means all those things, and more. In addition to those, and most importantly, it means:
- Having a basic understanding of how the Internet works.
- Educating yourself about how Internet evildoers attempt to take over your computer and/or gather your private information.
Why is it important to understand how computers talk on the Internet?
The old saying goes “knowledge is power.” Without understanding the process of how basic computer communications work it is impossible to decide how to best protect yourself. Think of it as “if I do not understand my house’s security weaknesses, I cannot protect it.”
How is my home network constructed?
We start at the beginning – the home network. Here is a standard home network configuration:
 |
| Figure 1: Standard Home Network Configuration |
Your devices talk to the home router using either an Ethernet cable or a wireless network connection. That is fine and dandy, but we need a deeper dive into the home router to understand how information is transmitted to and from your devices and servers on the Internet.
Why is it called a “home router”?
Devices connected to your home router are on one network. Everything else is on other networks. Your home router “routes” communications between networks. If there were no routers all devices would have to be on one network, which is not possible.
Understanding how your home router works requires looking under the hood. This is how nearly all home routers are constructed internally:
 |
| Figure 2: Home router internal breakout |
Let’s define each of these components.
- Switch: so-called because it “switches” information from one device to another; this is what allows your home router to connect many devices to the Internet and your devices to talk to one another.
- Ethernet-Inside: this is the network connection on the firewall that talks to your devices.
- Ethernet-Outside: this is the network connection on the firewall that talks to the Internet.
- Firewall: the heart and soul of any home router, the firewall acts as a gatekeeper and does the job of routing communications between networks.
How does the firewall act as a gatekeeper?
In general, the firewall allows requests to go from inside your network to the Internet. When the requested information comes back from the Internet the firewall matches that information with the requests going out. If they match, you get your email, web pages, Google Docs, OneDrive, and cat videos. If information comes into the firewall from the Internet and there is no matching request, the firewall will not respond to (“drop”) that connection attempt. Remember that. If a server on the Internet attempts to talk to your home router without you previously requesting information from that server, the firewall will simply drop that communication.
How does the firewall keep things straight?
The details would send us down a rabbit hole from which we would never return, so we’ll keep things fairly general.
We’re going to talk about “IP addresses.” There are two kinds: Internet Protocol (IP) version 4 and version 6 (IPv4 and IPv6). We will talk only about IPv4 right now (shown here as IP). IPv6 will be discussed at some point in the future.
- Your firewall has two IP addresses.
- The “Ethernet-Inside” IP address will be something like 192.168.0.1 (emphasis on the 1, here) and is often called the “default gateway.” This IP address is not routable to or from the Internet. What that means is if I take a device with an IP address that belongs on my home network and connect it directly to the Internet, nothing will talk to it. All routers on the Internet will not talk to anything with an IP address that belongs on a home network. More about that later.
- The “Ethernet-Outside” IP address will be assigned by your Internet Service Provider (ISP) and is routable because this IP address is part of the public IP address space (more about that later).
- Each device on your home network gets a different IP address that is only accessible to devices on your home network – like 192.168.0.something. (Something in this case will be anywhere from 2 through 254.) Your firewall knows the IP address of each device on your network and puts it in a table.
- When your computer makes a request for data to the Internet (email, web pages, videos, etc.) the firewall adds to the table what server you're trying to talk to on which specific “port.” To make a long story shorter, the firewall waits for a response from the server on the Internet (from which you requested information) to that specific port. When, and if, the response comes back to the firewall from the Internet, the firewall matches it to the table; if the ports are the same, it will forward the information back to your computer.
Wait – you said someone could try connecting to my home router from the Internet. Could someone be trying to hack my home router?
Yes. In fact, it happens constantly in an automated process. There are millions of computers on the Internet constantly scanning for home routers they can access. These computers are usually controlled from a series of central locations. Each group of computers controlled by a central location is called a “botnet.” There is nothing you can do to stop one of those computers from trying to talk to your home router. What you can do is make sure your home router is configured correctly (so it drops the connection attempt) and keep its software updated.
Update my home router? How do I do that? How often should I check?
Home routers are single-purpose computers and, like any computer, are controlled by software. If you acquired your home router from your Internet Service Provider, generally the ISP will keep it updated. If you bought your own home router it will be your responsibility to occasionally check for updates. Fortunately, every home router has a website you can log on to for that purpose.
Your home router has a web page used to administer it. You will need two pieces of information:
1. The default gateway mentioned above
a.
To get the default gateway,
i.
On a Windows computer, in the Search box type
“powershell” and click on the app that is presented to you. Next, type “ipconfig” and press Enter. Look for the line that says “Default Gateway”
with an IP address. Write that down.
ii. On a Mac or Linux, open the Terminal program. At the prompt, type “ifconfig” and press Enter. Again, look for the default gateway in the output. It will be somewhat buried, but you will see it. It will almost always be the IP address that ends in “1.” Write that down.
2. The default username and password
a. To find the default username, open a web page
and use your favorite search engine to look for this phrase: “make and model of your home router default
username.” So, if I had a Netgear C6230
(you’ll find the make and model on the back or bottom of your home router), you
would search for “Netgear 6230 default username.” Or you can download the manual from the
manufacturer’s website and search for “username.”
b. The password will be listed with the username in
the documentation.
The home router’s documentation will explain how to search for updates. Generally, this is a button that will say “Check for updates.” If an update is available, follow the instructions on the web page to download and install it.
While you are doing this, change the password for the default username to something secure. Write that password down and keep it safe. If any security issues are found with your home router that might allow someone on the Internet to use the default username and password to log on to it this will foil their attempt.
Updates to a home router’s software is infrequent. Check every three months to six months.
Sometimes your Internet Service Provider will help you do this, but they will tell you they cannot take responsibility for updating the software.
You mentioned that IP addresses on a home network are not routable – what addresses are they?
IP addresses have four pieces, separated by a “.”. Each piece starts at 0 and goes to 255. For example, a IP address could be 1.15.32.75. Here is what it looks like generally:
[0-255] . [0-255] . [0-255] . [0-255]
IP addresses are broken up into six classes with specific ranges. Those ranges are:
Table 1: IP Addresses by Class
|
|
|
Range |
Purpose |
|
1 |
Class A |
0.0.0.0 – 126.255.255.255 |
General |
|
2 |
Class B |
128.0.0.0 – 191.255.255.255 |
General |
|
3 |
Class C |
192.0.0.0 – 223.255.255.255 |
General |
|
4 |
Class D |
224.0.0.0 – 239.255.255.255 |
Multicast – not assigned to a computer |
|
5 |
Class E |
240.0.0.0 – 255.255.255.255 |
Research only |
|
6 |
Reserved |
127.0.0.0 – 127.255.255.255 |
Loopback, for testing |
All the IP address ranges in Classes A through C are part of the public IP address space, except for ranges reserved for private networks. The ranges are:
Table 2: Private IP Addresses
|
|
Range |
Purpose |
|
Class A |
10.0.0.0 – 10.255.255.255 |
Private IP addresses |
|
Class B |
169.254.0.0 – 169.254.255.255 |
Assigned by
the computer itself if it cannot otherwise get a network address |
|
Class B |
172.16.0.0 – 172.31.255.255 |
Private IP
addresses |
|
Class C |
192.168.0.0 – 192.168.255.255 |
Private IP
addresses |
 |
| Figure 3: Internet routers refuse communications with private IP addresses |
What it means for you is this: if your home network is functioning correctly your computer will have a IP address in one of the private IP ranges listed above. Assuming your home router is working and correctly configured your home computers are safe from someone trying to break into your network. The firewall and routing functions in your home router will protect you.
Of course, this does not mean you do not need antivirus. The most common way for hackers to break into your computer is to convince you to let them in. That will be our next topic.
Comments are welcome. Please leave them here or send them to Orange Planer inworld.
No comments:
Post a Comment
Got a Comment?