The best tips and tools for your home network

You can always keep tinkering with your home network. Older devices are replaced by new ones and new devices are constantly being added, such as mobile devices, an IP camera or a NAS. As a de facto home network administrator, you have to manage, monitor and secure that increasingly complex network. You can manage your home network on the basis of these tips and (free) tools.

In a typical home network, of course, there are no centrally controlled policies like in a company. These are all separate devices that are loosely connected in a network via a router. That is precisely what makes it quite difficult for a home network administrator to keep everything clear and manageable. Plus, it is not the intention at home that maintaining the home network costs too much money. That is why we mainly focus on free tools in this article.

01 Mobile scan

It can be very useful to have an up-to-date overview of the devices connected to your network. You can already find out a few things via the web interface of your router, for example in a section like List of devices. You get a lot more information with a mobile app like Fing, available for both Android and iOS. As soon as you perform a scan on the device (which is connected to your home network, both wirelessly and wired), all detected network devices are clearly listed, including host name, IP address, MAC address and manufacturer. You only have to tap such a device and additional functions become available such as wake-on-lan, ping and traceroute. It is also useful that you can have such a device scanned for available network services such as ftp, telnet, http, netbios, etc. We regularly use this app, for example, to check whether the (http) service of our ip camera is still working. . A solid alternative is HE.NET Network Tools, which is also available for Android and iOS.

02 Network scan

You get even more options with the free application Axence netTools for Windows. However, you will be asked to register with the manufacturer during installation, after which you will receive an activation code by e-mail. It is a real toolkit with all kinds of possibilities. This way you can use the button Scan network have your entire network analysed: it is sufficient that you enter a random IP address within your network, after which netTools will scan your network. Through Options in the left pane you decide what exactly you want to scan: Hosts only (where really only a ping is performed), Services or Ports. With the latter you can also have the port numbers you want to check yourself. The information will then appear in the right pane: ip address, host name, mac address, response time and possibly also the active network services and/or port numbers. You can perform such a scan, for example, if you want to find out the IP address of a device or if you want to check which services are active on a device.

03 Remote System Information

You do not necessarily have to be at a specific (Windows) computer to use the functions of netTools: netTools can also access the system from a distance. The system in question must of course be switched on and there are also a few technical preconditions. Instead of setting everything up manually, leave that to netTools. Copy the file WmiEnable.exe (located in a subfolder of the netTools installation folder) and run it once as administrator on the Windows system you want to scan remotely. For those who want to know exactly what this tool prepares: you can find out here and by clicking WinTools / Enabling WMI on remote computers.

Then start netTools on your own PC, press the button WinTools and enter the host name or IP address of the remote system, as well as the local Windows login information, after which you click Connect press. From the left window you can now request various information, both in the section General (system information, processes, services, registry, log files, etc.) as with Custom WMI queries (available memory, installed hotfixes, etc.).

04 Permanent system information

Via the tools mentioned so far, you only get to see a snapshot of a device (remote or otherwise). It would be more convenient to run a scan in the background that notifies you as soon as something significant happens, for example a device that is suddenly (no longer) active in your network. That is also possible with netTools. Press on the button NetWatch, enter the IP address or host name of the device in question and press the button Add >, after which the tool sends continuous ping requests (with Disable monitoring stop it again). Then click on Set alerts and indicate the condition(s) when you want to receive a notification. This can be, for example, if the host stops responding for more than x minutes or if the response time is too slow. You can also indicate here what kind of notifications you want to receive: a pop-up window, a sound or an e-mail. If you go for the latter, you have to use the button Setup first fill in the correct settings, such as email address and smtp server.

05 Port Scan

It is also a good idea to regularly check that no unnecessary ports are open on your network. The best way to do this is to have your network checked from the outside – much like a hacker does. A handy online scanner is ShieldsUP. Click here Process and then All Service Ports. Your network will be scanned immediately and each port scanned - from port 0 to 1055) will be displayed in the form of a colored box. A blue box indicates a closed port, but a green box (stealth) is even safer, since such a port does not respond to incoming data packets at all: the scanner – or hacker – in this case does not even know that a port is available. is present. A red box indicates that the gate is indeed open: click on such a box to get more feedback. For example, a red box on port 80 may indicate that you have a web server active within your network. If you know that web server is there and you do need it, then that shouldn't be alarming right away, as long as you are sure there are no known vulnerabilities for that particular web server.

Here's how to check whether there are applications on a PC that are listening for incoming data on certain ports. Press Windows Key+R and tap perfmon /res in and press Enter. Open the tab Network and check the section listenerports. Close all applications or remove them if necessary if they are not really necessary. If necessary, reset your Windows firewall to its default settings: tap firewall in the Windows search bar, choose Check Firewall Status, click on Restore Defaults and confirm your choice. Keep in mind that you may have to give certain (legitimate) applications permission to use your network again.

06 Router Configuration

If a firewall is active on your system, such as Windows' built-in firewall, you may find that most ports are automatically set to 'stealth' as ​​they should be. If a number of ports still appear to be open, this may have to do with certain settings of your router. After all, your router may often act as additional security, but you can also make your network less secure if you just opened ports here via functions such as 'upnp', 'port forwarding' or 'dmz'.

By the way, you will quickly find out whether it is your router if you connect the computer as an experiment – ​​and with the firewall enabled – directly to your modem, so without an intermediate router. Provided you are able to bypass the router and connect your PC directly to your modem, because in many cases users have a modem-router in one. An alternative is to disable the router functions.

If the port scan is suddenly much 'greener', we recommend that you check the settings of your router. There may be certain port forwarding rules that are redundant, so you can safely disable them.

Back and forth

Do you use your laptop both at home and at work, but find it annoying to have to reset a series of network and system settings every time? Settings such as gateway, ip addresses, workgroup, default printer, dns server etc. Then use NetSetMan; Here you register all settings in a profile, after which you select the desired profile and activate it with the Activate button. Keep in mind that in the free version you can place all settings in such a profile, except domain, browser start page and any proxy server.

07 Cloud Management: Setup

Ideally, as a home network administrator, you have an up-to-date status report of all devices within your network, and if possible such analysis and reporting is completely centralized. There are indeed powerful tools for this (such as the free SpiceWorks), but they mainly target a domain network. And they are also difficult to get to work on a home network.

A simpler alternative, where the management module also runs entirely in the cloud, is Opswat Metadefender Endpoint Management (free up to 25 devices). Register your free account, click on the link in the confirmation email and log in to the online dashboard. You will receive an (currently empty) overview of the devices that you have connected to your cloud management module. click on +Devices and on Download MetaAccess agents for distribution. A client is available for Windows, macOS, Linux, Android and iOS. We'll take the Windows version as an example and assume you want to use that client on an ongoing basis. Therefore click on install and run the downloaded msi file. You then carry out this installation procedure on all desired devices within your network.

08 Cloud Management: Configuration

Immediately after installation, the client scans your system for various security issues. You get an overview of this when you double-click on the corresponding icon in the Windows system tray: your browser opens with the first detected problem. Click on the bottom left Next issue to scroll through the various problem situations. For example, this could be the finding that your antivirus is not up-to-date or has not performed a scan in a while, but also that you have not encrypted one or more disk volumes. It should be clear that not all reported issues have an equally high security risk.

Conveniently, all added devices report neatly to your cloud management module. Open it Dashboard and click on the top left Devices monitored, after which you click on the desired device: you will now see a report with information such as: the status of your firewall, the free disk space on your disk, the result of the daily Metadefender anti-malware scan, detected vulnerabilities, missing patches etc.

Be sure to open the section in the menu on the left Settings. Bee Global Settings / Device Agents you can set the desired scan frequencies, among other things. Bee Reports and Notifications indicate how often you want a report to be emailed and how detailed that should be. Incidentally, you can also download various reports here at any time. To change certain settings, you will first have to enter a personal PIN code: you can set it here.

Group Policy

From a real Windows server, it's easy to impose a variety of policies on your users. This is less obvious in a home network, but it is possible in Windows 10 Pro to determine specific rules for non-administrators, for example. That does require some preparation. Tap mmc into the Windows search bar and enter it mmccommand as administrator. Open the menu File and choose Add/Remove Module. Select Group Policy Object Editor, click on Add / Browse. Open the tab Users and choose (for example) Users who are not administrators. Confirm your choice with OK / Complete / OK. Go to File and choose Save as. Start the saved module with a double click on it: you will notice that all restrictions you have from here within the category User Configuration imposes, automatically and only for the selected user group (non-administrators in our example).

09 Cloud Management: Antivirus

In a professional domain network, virus protection is of course centrally arranged and as a system administrator you can check the status of detected malware on each of the clients at any time. That is slightly more difficult in a home network, but with Sophos Home, suitable for Windows and macOS, you come pretty close. The free version is limited to three devices, with the Premium version you can monitor up to ten computers (40 euros for one year).

After you have registered yourself and clicked an activation link, you can get started. Log in to the online dashboard and click PC Installer (to install Sophos Home on the current PC) or visit the above link to install the tool on another computer. After the installation you can immediately start a first. You will notice that the devices you have installed Sophos Home on have also been added to your online dashboard. Click on the desired system and check the tab Status: Here you get an overview of the possible threats. On the tab Protection you can specify which protections you want to activate – keep in mind that quite a few components are part of Sophos Premium (and in the free version become inactive after 30 trial days). On the tab Web filtering you can activate parental controls for a whole laundry list of categories. You can always choose between allow, warn and block.

10 Parental Controls

If (young) children also use computers in your home network, then you probably want to have some idea of ​​what exactly they do and which sites they visit. This can largely be controlled centrally. For example, some routers provide a module for parental control, regularly in combination with a (paid) subscription with one or another antivirus manufacturer. You can also use the aforementioned web filtering from Sophos Home (see previous section). Or you use Microsoft Family, available to those who sign in to Windows 10 (or Xbox One) with a Microsoft account. More information about this can be found here.

A free alternative is Cisco OpenDNS Family Shield, which works on the basis of DNS filtering. Basically, you set the addresses 208.67.222.123 and 208.67.220.123 as dns servers; and preferably at router level so that the filter works immediately on your entire network. That is enough to automatically block (most) pornographic sites.

Network repair

When your network at a certain moment stutters (for example, you can no longer access the internet or you simply cannot connect to the rest of your network), it is often difficult to trace the correct cause, given the many possible causes. A handy tool is NetAdapter Repair All in One, especially if an incorrect setting of your network adapter or your network settings is the cause. You start the (portable) tool as administrator, after which you are presented with a large list of possible repair actions in one window (see image). There is also the button Advanced Repair, which, among other things, reinitializes the Winsock/TCP-IP stack and restores the Windows firewall. You don't have to do much more than click on the desired intervention, but it is of course included if you actually understand what the options stand for.

Recent Posts

$config[zx-auto] not found$config[zx-overlay] not found