If you are setting up a home or small office network, here are some best practices you can follow to enhance the security of your computer and your network.
The following are general security guidelines for all home and small office networks.
To help keep the computers on your network safer, turn on automatic updating on each computer. Windows can automatically install important and recommended updates, or important updates only. Important updates provide significant benefits, such as improved security and reliability. Recommended updates can address non-critical problems and help enhance your computing experience. Optional updates are not downloaded or installed automatically.
For more information, see Understanding Windows automatic updating and Turn automatic updating on or off.
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.
For more information, see Turn Windows Firewall on or off.
Firewalls help keep out worms and hackers, but they're not designed to protect against viruses, so you should install and use antivirus software. Viruses can come from attachments in e‑mail messages, files on CDs or DVDs, or files downloaded from the Internet. Make sure that the antivirus software is up to date and set to scan your computer regularly.
There are many antivirus programs available. Microsoft offers Security Essentials, a free antivirus program you can download from the Microsoft Security Essentials website. You can also go to the Windows Security software providers website to find a third-party antivirus program.
Consider using a router to share an Internet connection. These devices usually have built-in firewalls, network address translation (NAT), and other features that can help keep your network better protected against hackers.
When you're using programs that require Internet access, such as a web browser or an e‑mail program, we recommend that you log on as a standard user account rather than an administrator account. That's because many viruses and worms can't be stored and run on your computer unless you're logged on as an administrator.
For more information, see Why use a standard user account instead of an administrator account?
If you have a wireless network, there are some additional security precautions that you should take.
If you have a wireless network, you should set up a network security key, which turns on encryption. With encryption, people can't connect to your network without the security key. Also, any information that's sent across your network is encrypted so that only computers that have the key to decrypt the information can read it. This can help avert attempts to access your network and files without your permission. Wi‑Fi Protected Access (WPA or WPA2) is the recommended wireless network encryption method.
We recommend using WPA2, if possible. We don't recommend using WEP for network security. WPA or WPA2 are more secure. If you try WPA or WPA2 and they don't work, we recommend that you upgrade your network adapter to one that works with WPA or WPA2.
If you have a router or access point, you probably used a default name and password to set up the equipment. Most manufacturers use the same default name and password for all of their equipment, which someone could use to access your router or access point without your knowledge. To avoid that risk, change the default administrator user name and password for your router. Check the information that came with your device for instructions about how to change the name and password.
Routers and access points use a wireless network name known as a service set identifier (SSID). Most manufacturers use the same SSID for all of their routers and access points. We recommend that you change the default SSID to keep your wireless network from overlapping with other wireless networks that might be using the default SSID. It makes it easier for you to identify which wireless network is yours, if there's more than one nearby, because the SSID is typically shown in the list of available networks. Check the information that came with your device for instructions about how to change the default SSID.
Wireless signals can transmit a few hundred feet, so the signal from your network could be broadcast outside of your home. You can help limit the area that your wireless signal reaches by positioning your router or access point close to the center of your home rather than near an outside wall or window.