I’m a software guy. Not a hardware guy, or a network guy. Not since early NetWare days, when men were men and installed cards in PCs with our teeth to connect big fat cables. So when I got my first home cable modem, I didn’t think a lot about security. And when I connected it to a wireless router so I could sit in my easy chair with a laptop, I still didn’t. Wireless printer? Ditto.
But there does come a time, and one day I woke up and realized it past time to secure my home network. So I talked to a few friends (notably George Orlov, Forrester CTO and a generous spirit who helps his friends) and got some great advice. I learned a simple but quite effective home network security approach. It comes down to this: tell your router which hardware to talk to, and not to talk to any other.
Every machine (including my wireless printer) has an unique MAC (media access control) address. It’s 6 hexadecimal pairs. Yes, it’s possible to spoof it, but then you’re dealing with serious hackers, not casual ones. In fact, many of the things I’ll say here are true “in general,” but there are exceptions. Fair enough. I’m not going that far just yet. You can tell your router to filter on MAC addresses, and it will only talk to the ones on your list. So, the steps:
- Get a list of the MAC addresses involved (anything on your network.) If they are all turned on, as mine were, just do an ipconfig /all from a command prompt and you can read them in the resulting info.
- Log onto your router. If you’re like most people you’ll have to look up how – basically, put its address into a browser. You need to be the admin and enter a password.
- Set the router to “filter on MAC addresses.” You’ll have to look around to find that function in your router’s menu system. (VERY IMPORTANT – first give it the address of the machine you’re using. Or you can cut yourself off.) Enter all the addresses. And you’re done.
- Do yourself a favor – you likely realized you have never set the admin password on your router. Do it now. Now even slightly less casual hackers will have a harder time getting on to your router and wreaking havoc.
I’m a bit more secure now, and I’ve reminded myself how all that stuff works. If I need to let someone else on my network I’ll have to log on to the router and arrange permission. But that’s not so bad, and it will remind me how it works yet again. If an old dog like me can do it, so can you. Get secure.
One more thing – don’t call me. I’m no specialist. It worked for me, but I can’t claim I could troubleshoot for someone else. I’m a software guy.