Keeping your Internet connection Secure

We let our devices communicate with other devices over networks such as Bluetooth, WiFi and LAN to share files, chat with each other and connect to Internet. These communications can be intercepted by malicious actors to access data shared over the network such as user names, email addresses, passwords, personal information and web page content.

In this module we will help you understand basics of network security and practices to keep your network secure.

Basics

IP Address

Every device connected to a network is assigned an Internet Protocol (IP) Address which is unique in that particular network. Just like how, houses are numbered and given a unique address for identification and communication. Using an IP Address you can initiate communication with the respective device. IPv4 Address are made of four decimal numbers ranging from 0 to 255 and separated by dots.

DNS

Every website that you open in your browser is the information sent by the server, a computer which provides a service by responding to requests made by clients. In this case, your browser is the client requesting information of the website from the server. As you have just learnt that every device in a network has an IP address, your web browser communicates with the server using the IP address of the server. But, how does your browser know the IP address of the server which has details of that particular website? Because of Domian Name System(DNS).

There are many websites on Internet today. You may use a few of them quite regularly but you also visit other websites time to time. Without DNS, for you to be able to open a website you need enter the IP address of the server which is hosting it. You might be able to remember IP address for your favorite websites, but Internet will never be the same for you.

Domain Naming System allows you to access website by using human-friendly domain names. Your browser contacts a Name Server to get IP address of the domain name you have provided.

OpenNIC Project provides privacy respecting DNS servers which either do not save any logs or saves only anonymized logs.

Hosts File

Every device has an ‘hosts’ file, which allows you to add custom configuration for domain names and associated IP Addresses. That means locally you can give your own domain names for different address without any regard for the Name Server records.

Malicious attackers can corrupt your hosts file adding wrong IP Addresses for your favorite websites. When you open the website you may think that you are communicating with right server. But the website that you see in the browser may be just a disguise to trick you into entering your passwords and other sensitive information which then falls into the hands of the malicious attacker.

So, it is important to keep your host file safe. Do not share your devices’ master/root password with others.

WiFi Security

We create WiFi Hotspots using WiFI router or laptops or mobile devices. While creating, you may be asked to set a password for the same. You might set a password or let the Hotspot be a free WiFi Hotspot (do not need password to connect).

Malicious attackers can gather various information about your devices and also attack them when connected to your WiFi Network. There are two kinds of passwords systems available WEP and WPA/WPA2. But, WEP system is highly vulnerable. Choose strong WPA/WPA2 password.

Risks with Public WiFi

WiFi Router is a gatway to the Internet. All the network communication of your device passes through this gateway. If the router is not secure then the whole network communication is at risk.

A Public WiFi infected with malware can have corrupt Name Server, scrape your account details along with passwords, intercept and modify the all communication.

Malware and malicious links can be easily added to unencrypted web page content. Unencrypted emails, messages, files can all be accessed and modified.

So, do not connect to any public WiFi or any other WiFi which you can't trust.

Measures for reducing risk

1. Use a Firewall:

Malicious attackers connected to the same Wifi can gain access to the data saved on your device, if your device doesn't block unusual connection requests. Use a firewall to block the ports which you do not use.

2. Use HTTPS

HTTPS connections between your browser and the website server are encrypted and hence protect the sensitive information such as user account information, passwords, website content from eavesdroppers and man-in-the-middle attacks. When using HTTP Connection, malicious attackers on the network can access the unencrypted network communication and also modify.

3. Use a VPN

VPN(Virtual Private Network) service allows you to connect to a private network over a public network and access information/services as if your device is directly connected to the private network. It re-routes and encrypts all your network communication. There are many VPN Providers available. Read the privacy policy before choosing a provider. privacytools.io has list of VPN providers which have extra layers of privacy.