Dear Lifehacker, After reading how easy it is for someone else to get onto my Wi-Fi network and thinking about how often I let my friends connect to my wireless network, I want to lock down the rest of my network so people connected to it can't go snooping around my computers -- or at least secure my most super secret files and folders. What's the best way to go about this?Thanks, Insecure About Network Security
Photo by cifotart
We hear you. No one's stuff should be rifled through, whether you're protecting something as mundane as photos of you in a swimsuit, or more sensitive information like your bank statements and tax returns. If you share your network with friends or neighbours or just want to take extra precautions, these steps can protect your most important data from prying eyes. Most of them, by the way, are similar to the settings tweaks you should make to stay safe on public Wi-Fi networks, because, basically, the concept is the same: If you have any doubt at all when it comes to connecting your computer(s) to others, take a safety-first approach.
Set Permissions on Files or Folders
You can password-protect important files or folders on your computer by editing the permissions settings, which control who can view or edit those items. By editing the permissions settings of a folder you can grant or deny access to specific users on your network (it's based on the computer accounts). Here's how to do it:
- In Windows, right-click the folder, go to Properties and open the Security tab. Then click the Edit button. You can then select a group or user name and choose to deny access to the folder. Someone trying to access it will be required to put in an administrator password.
- In Mac, this works similarly. Go to the info properties of the folder and under Sharing & Permissions, you can set users' privilege (read only, read & write, no access).
Also don't forget to set up password protection on your network attached storage or any drives shared over the network on your computers.
Encrypt Your Drive or Folders
For extra security -- and a less complex way to protect your files than on an account-by-account basis -- you'll want to protect the really private files on your network using encryption tools. TrueCrypt can secure your entire system, a set of folders or files or even external drives. It's also pretty easy to set up.
The built-in Disk Utility in Mac also is a great tool for protecting folders, creating an encrypted, password-protected .dmg disk image.
Alternatively, if you have just a few sensitive docs you want to protect, use 7-Zip with its strong AES-256 encryption to zip up those files. Using 7-zip is just a matter of right-clicking to send files or folders to an archive or entering in the password to decrypt the zipped file.
Turn Off File-Sharing and Network Discovery
If you're really concerned, look to your system's settings to turn off file and folder sharing, as well as network discovery. Ticking these options off makes your computer practically invisible to other computers on the network (at least to the lay person).
- In Windows, this is under Control Panel > Network and Internet > Network and Sharing centre > Advanced Sharing Center. Turn off file-sharing, printer sharing, public folder sharing and network discovery.
- In Mac, go to System Preferences > Sharing and uncheck all boxes. Then, under Security & Privacy > Firewall's advanced settings, check "stealth mode" to keep your computer from responding to requests to access it across the network.
Hide your Files
If you don't really need full-blown NSA-grade security, however, another option is to bury your files in hidden dot folders (e.g., ".hidden-folder") or, if you're so inclined, hide the file in an image, PDF, HTML or MP3 file via steganography. Neither are bulletproof, but they can add an extra layer of obscurity.
Setup a Private VPN
If you want to share everything between two or more computers and encrypt everything in transit, you can set up your own private network using software like Hamachi. The VPN, or virtual private network, securely connects your devices and encrypts all the data routed between them. So even if the info is intercepted, it can't be read -- making VPN great for people who use unsecured networks or work remotely.
Lock Down Your Network
Finally, if you think there's an intruder on your Wi-Fi network, check your router's devices list to find out for sure. Regardless, if you haven't already, change the default router login and enable strong WPA2 encryption to prevent unauthorised users on your wireless network.
With the recently discovered Wi-Fi Protected Setup security hole, there are also some other considerations, which you can read about at the end of this article on hacking Wi-Fi using Reaver.
Also, since we've got our tinfoil hats on already, remember the good old security basics: enabling your system's firewall, creating strong passwords and keeping your system updated. For a quick review, check out more low-hassle ways to secure your computer system.
P.S. Got your own security tips or ideas? Let's hear them in the comments.
Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.