Securing Your Home Network
Home networks are used to be simple, where usually nothing more than a wireless access point and one\two computers were connected. Now, we connect more devices to home networks and use them for more than just web browsing. In most cases, the devices on the home network access websites without any protection such as a network firewall and\or proxy. It is possible that the user might plug in the same device (that was used on the home network with an unprotected connection) to the University network and this has the potential to introduce significant risk to University. The chances of a malware (viruses, ransomware, etc.) infection is greater when a device is used outside the corporate network and it is one of the common ways malware makes it into an organization. In this awareness article, we’ve put together the steps that you can follow to improve the security of your home network.
- Change default router passwords and Wi-Fi router settings a.s.a.p. Most of this information is publicly available, and a google search will give an attacker everything he\she needs to gain access to your home network.
- Change the name of your wireless network (SSID) as this is the name devices will see when they search for a connection. A unique SSID name will help you to identify your home network. Make sure the SSID name doesn’t contain any personal details.
- Ensure only trusted parties can connect to your home network by encrypting the Wi-Fi network using WPA2 encryption. This will challenge users with a password prompt when they try a connection to your Wi-Fi router. Other wireless security protocols, such as WEP and standard WPA, can be cracked and are not considered secure.
- Ensure the password to connect to your network is strong and that it is different from Wi-Fi router’s admin password.
- If you have difficulty in remembering the different passwords, use a password manager to securely store them for you.
- Log out of the Wi-Fi router’s admin web interface when not using it. Many of the attacks against routers today are done by forcing the client to perform an action within the administrative interface of the router on behalf of the attacker. This attack is commonly referred to as Cross-Site Request Forgery (CSRF) and is a very effective means of gaining access to a router.
Optional (for more advanced users…)
- Set up a guest network for family and friends to use when they visit. This allows visitors to connect to the Internet, but protects your home network, as any malware on their devices can’t infect any of the other devices on your home network. If you add a guest network, be sure to enable WPA2 and a unique password for this network.
- Setup a separate network for network for Internet of Things (IoT) devices. With the rise in home automation and remote access to physical devices, it is important to segment the network to reduce the risk of an outsider gaining access to your home computer network by way of an exposed service on an IoT device.
- Disable remote access to your home network Wi-Fi router. Remote access to Wi-Fi routers can be very dangerous, especially if default passwords are still in place. Most routers offer a “remote access” feature that allows you to access the admin web interface from anywhere in the world.
- Use a firewall to mitigate attacks against your home network. This would also give more visibility into the network traffic. Most of the Wi-Fi access routers in the market have inbuilt firewall functionality. If your Wi-Fi router doesn’t have an inbuilt firewall, you could use a free open source ones such as pfsense
- Use Honeypots if you have servers exposed to the internet from your home network. Honeypots are a free and easy to use tool that can be used to detect and ban IP addresses as attacks are observed. Artillery is an example of such tool that is easy to implement.