Wi-Fi and Your Home (Security Edition)
Home networks are quite like business networks in that they both need to perform a function while being secure. Just like business/enterprise level infrastructures, there are levels to the amount of security you can have at any given point. These are some of the best practices to perform while setting up your home network.
-bullet points are aimed mainly for Wi-Fi (WLAN) networks. Although, some recommendations can be applied to wired network (LAN) as well most are mainly aimed for the WLAN setups. Bullet points that can be applied to LAN will be marked accordingly-
- Change the router’s admin credentials
- The default username and password may be printed in a booklet that came in the box with the router or you may be able to find it in the support pages on the Wi-Fi manufacturer’s website.
- If you cannot find the username and password anywhere try sys/admin, system/admin, admin/admin, user/user, system/password, and admin/password for the username/password combination.
- Use a complicated password when securing your Wi-Fi network
- Make your password a random sequence of letters, numbers, and special characters, mixing uppercase and lowercase.
- Ideally, the password should be 20 characters long.
- Limit access to the password.
- Change this password frequently. I recommend you change this password every month (turn this practice into a routine, use this practice on everything you secure with a password)
- Change the network name that is being broadcasted from your router
- Each network is identified by a name, called an SSID.
- Log into the router and changed the Broadcasted name (change it whether you decide to broadcast the name or hide the SSID).
- Do not use identifiers like “home number” or “street name”.
- Consider hiding the SSID. This will allow for the listing named “Hidden Network” to show up instead of your network name.
- Strengthen Wi-Fi encryption
- Three types of Wi-Fi protection systems are commonly used to secure transmissions:
- Wired Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access 2 (WPA 2)
- Mainly use WPA2 with Auto Cipher (AES or TKIP)
- Three types of Wi-Fi protection systems are commonly used to secure transmissions:
- Turn off Plug ‘n Play (Do this at your own risk)
- This is what allows your gadgets at home to ‘play nice’ with each other and the internet to get updates.
- This is known as the acronym UPnP.
- Although having this on makes for a smoother connections and usability with all your tech toys, this also does make your network vulnerable to all attacks.
- Turn off Remote Management
- Remote management allows you or any other person to access the router from an outside connection (like any other part of the planet)
- Only access the router when in your home and near the router itself.
- Limit WPS (Wi-Fi Protection Setup)
- This is an easy way to connect a device to your home network
- WPS button on the back, pushing it will send out a signal that adds the device to the network and passes it log in credentials, so you do not have to enter a text password. This creates a weakness in the network.
- Keep the router firmware up to date (this applies to all hardware)
- Add this to your monthly routine. Although, hardware firmware is not usually released monthly like patches or other updates are, is it still good practice to keep checking every month as to not miss an update of this sort.
- Firmware patches and closes security vulnerability a manufacturer might have missed when the router (or other hardware device) left the manufacturing plant.
- Allocate static addresses
- This one is a bit more technical (you might want to consult a tech professional to perform this process correctly)
- The process is long and tedious if you have many connected devices
- This step requires DHCP (Dynamic Host Configuration Protocol, this is what grants authority to the router to issue IP address to any device connected) to be disabled on the router.
- MAC address filtering
- This is another level of security that limits the devices connect to your network.
- Again, consult an IT professional if this step proves too technical for the level of knowledge you are comfortable with.
- MAC Address is the unique identifier of a hardware device, in other words a MAC address is the ‘fingerprint’ of a device (no two devices in the world are issued the same MAC address).
- MAC Address look like this: XX:XX:XX:XX:XX (usually a combination of numbers and letters).
- You can ‘Allow’ or ‘Deny’ a device through this restriction.
- This solution is not 100% unbeatable. Packet sniffers used by hackers can get the mac of a device and clone it. Nonetheless this is a good way to add another layer to your security.
- Turn off your network when going away for long periods of time or while you sleep
- This recommendation is done by little folks because of the inconvenience it represents.
- This requires everyday to turn off the router (best to unplug) and turn on (plug in) every night which can become tedious and cumbersome.
- This becomes easier if you are leaving your home for extended periods of time and you do not have a wireless enabled home alarm system.
- Albeit not the most practical solution in 2020 it does align with the fact that a secured network is one that is turned off and not connected (then again if its off then it defeats the purpose).
- So, perform this task at your discretion.
- Set up a separate network for IoT (Internet of Things) devices
- The more IoT devices, the more endpoints, and the greater the number of potential entryways for hackers.
- IoT devices have a poor security track record so it makes sense to give them their own network.
- This process requires a tech professional to correctly setup.
- This is not to be confused with the comparison of 2.4GHz and 5GHz, which are just signal frequencies.