Securing Your Personal Web Server
If you host a Web site from within your home network, you also should secure your personal Web server. First, you should make sure your Web serverApache, IIS, or whatever you usehas the latest security patches applied. This is particularly important for IIS, as service patches are routinely distributed.
Next, you should disable unused features and functionality within your Web server, such as the use of CGI scripts or server-side scripting. For example, IIS leaves many host access configurations automatically enabled, so you need to be cautious to disable all features you are not using. For the Apache Web server, the httpd.conf file often includes plenty of comments detailing security risks you should be aware of. For more information, see the Security Tips page on the Apache Web site.
Just as with securing network drives and other restricted areas of your network, make sure you password protect restricted pages and directories on your Web server.
Also, you should check for common exploits. Defending your home network against security threats requires constant research and offensive strategies. A primary threat lies in denial of service (DoS) attacks, which overwhelm a server or a network by flooding it with useless network traffic, entirely blocking genuine service requests. Cross-site scripting attacks followed suit, where hackers use dynamically-generated Web pages to launch scripts to change user settings, hijack accounts, and access restricted areas of the site.
The first step in defending against these attacks is to ensure your firewall is installed and configured properly. If you plan to host a Web site on your internal server, you should take this seriously and subscribe to security newsletters to be notified of new exploits, such as those from CERT.
Securing Your Wireless Network
The least you can do to secure your wireless network is to access your wireless settings and hide the SSID. This makes your wireless network invisible to casual browsers, although still open and vulnerable. This is considered an extremely weak form of wireless network security, because the network still is available to hackers with the right tools. You should use a secondary plan in addition to hiding your SSID, such as encryption and authentication.
You should ensure maximum encryption is enabled. There is a common misconception among wireless users, however, that this makes the wireless link secure. But, beware, that even this is not hacker-proof.
If you use any of the newer networking or Inter-networking technologies such as HomePlug , HomePNA, MOCA , or others, then be aware that they too have security considerations. For example, it is possible that HomePlug signals used within your house could "leak" out through your main electrical cables to your neighbors. Therefore, consider encrypting your network.
Never Truly Secure
As a developer, you should be familiar with some of these configuration settings that help make your home network secure, be it wired or wireless. It's crucial to remember that some hardware, such as Web servers, automatically have services enabled that can make your network vulnerable. It's also imperative to become familiar with the common ports, and to disable those that you do not need and that make your home network susceptible to intrusion. Finally, make sure you have a firewall installed and that all passwords and restricted areas are functioning as they should.
Do not fall into the common trapthinking that you do not store information on your computers that a hacker would be interested in. Or, why would anyone want to access your machines? It doesn't matter what information you have on your network; your computer could easily be used as a slave machine to disguise attacks, and that may be a hacker's only goal. No matter how many or how few computers and devices you have attached to your home network, and no matter what technologies you use to connect them, just remember that no connected computer is truly secure. The responsibility lies with you to make certain your home network it as secure as possible.