Helping people with computers... one answer at a time.

Being on the same local network as another machine implies a certain level of trust. Without that trust, additional security steps are called for.

Is it possible for a person to access my previous correspondence via email and MSN via our router? The 4 of us share one router. I delete my email correspondence but I am a little afraid that my old correspondence can or may be accessed by some means via the router. Some of the correspondence is of a personal and business nature and I would not like the info to fall into the hands of a person not screened to view it. If it is possible to draw old correspondence via the shared router, how do I go about preventing such an eventuality?

There are several possible scenarios that your question might be asking about. I'll try and cover the most common.

But the short answer is that, yes, you do need to understand whether the people that share your router can be trusted. If not, you need to take steps.

First, a quick refresher: a side effect of using a NAT router is that it provides a firewall that helps protect "us", the good guys on the local side of the router, from "them", the bad guys on the internet.

That means that if you cannot trust people who share your router or local network with you, you effectively need to treat your local network as untrustworthy, and act as if you were connected to the internet directly.

Accessing Your Hard Drive

The common way that someone on your local network could access your previous correspondence is to simply access your hard drive and your mail folders over the network. (Remember, a router doesn't store any information, it simply routes data from one place to another.)

The solutions are relatively simple:

"Many people believe that packet sniffing is a WiFi only problem, and it's not."
  • Turn off printer and file sharing

  • Turn on the Windows Firewall and make sure that it's blocking any file sharing attempts

The good news is that Windows File Sharing is difficult enough to set up that if you haven't done so, it might not be an issue by default, but it's definitely something you want to ensure.

In an extreme case, you might consider getting an additional router to act as a firewall between you and the other machines on your local network, and in fact is one approach that can be used by parents to keep themselves safe from the mistakes their children might make on computers that share an internet connection.

Sniffing Your Data

Depending on the router and exactly how your local network is configured, it's quite possible that the folks sharing your router can eavesdrop on your network traffic if they're tech-savvy enough. This is exactly like WiFi sniffing in internet cafe's, even if everyone is connected by Ethernet cables.

Many people believe that packet sniffing is a WiFi only problem, but it's not. Depending on how a local network is configured, it's very possible and often very easy for someone to listen in on the data that's being transmitted to and fro on that network.

But once again, the solutions are well known, and look exactly like the WiFi solutions:

  • Use a firewall; enable the Windows firewall if nothing else.

  • Use https when surfing for as many websites as support it.

  • Secure your email. Most email is transmitted in the clear by default, but many providers allow for encrypted connections to send and receive.

  • Consider a VPN to encrypt all of your internet traffic.

Walking Up To Your Machine

Many people overlook this. If the machines are in close enough proximity to share a router or local network, that often means that the people involved can easily walk up to the machine when you're not around. In fact, I've discussed How to gain administrative access to any machine as long as you can insert a CD and reboot it.

I've said it many times: if it's not physically secure, it's not secure.

Ultimately, there's nothing about the router itself that exposes you to any more or less risk. The risk comes from being on the same local network with people you don't necessarily trust. If and when that's the case, you do want to make sure you're taking appropriate steps to prevent intrusion.

Article C3560 - November 9, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Snail
November 11, 2008 5:30 PM

I would like to have a single access Internet connection but at the same time one which my family could access the Internet on using a network(preferably wireless).
How would I set up through my ISP to do this?
Is there a way to have the access given from my ISP to go like this:
__My Personal Network
Source(ISP):

Michael Horowitz
November 12, 2008 2:49 PM

Snail,

I'm not sure I understood your question.

Leo addressed the issue of keeping adult computers safe from childrens computers on the same LAN, and he linked to his article above. It's

http://ask-leo.com/how_do_i_protect_myself_from_my_children.html

I addressed the same issue on my blog:

A second router protects adults from kids Y
http://news.cnet.com/8301-13554_3-10049768-33.html

Shawna
December 6, 2009 9:19 AM

I have a question. I was recently told that after my computer was cleaned by a professional, that I could still get viruses from the other computer in the house that goes through the one router we use. Is this true? If so, how can I be online at the same time as the other computer & have no sharing whatsoever so I don't get their crappy viruses? Is that possible or do I have to get a seperate internet connection altogether? Please help!

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.