Is your home network secure? PROBABLY NOT... especially if it wasn’t set up by a network savvy individual like an IT professional.
At a recent HOPE X hacker conference in New York the takeaway message from one security expert was that most routers used for home networks are profoundly unsecure, and some are so vulnerable to attack that they should be thrown out! Michael Horowitz, an independent computer consultant stated that “If your router is sold at an [electronics chain store], you don’t want to buy it!” He also recommended that if your router was given to you by your internet service provider, you shouldn’t use it. They give away millions of them and that makes them attractive targets for hackers and other cyber criminals. Trouble is, that’s where most of us got our home network equipment.
So how do you secure your home network and protect your personal information? The first step is to evaluate your router and modem equipment. If it’s a cheap consumer-friendly router, consider buying a low-end commercial grade Wi-Fi/Ethernet router. Consumer-grade routers are designed for ease of installation and use, not security. Many easy to use features are inherently unsecure and shouldn’t be used on a network that has internet access. Also, if your router and modem are a single device, ask your internet service provider to adjust the box to act just as a modem so that you can add your own router. Otherwise, you will have very little control over your own network settings.
Other steps you should take to enhance the security of your home network are important whether you have a commercial- or consumer-grade router. These involve accessing your router’s administrative interface and adjusting the default settings. If you aren’t comfortable getting into the router’s controlling software, you can enlist the help of an IT professional.
Easy Non-Technical Fixes
- Change the administrative credentials from the default username and password. If you leave the default values, a hacker can log into your router unimpeded!
- Change the network SSID. That's the network name that it broadcasts and its default value is usually the name of the manufacturer which just makes it easier for a hacker to figure out how to break into your network.
- Enable WPA2 wireless encryption so that only authorized users can access your network.
- Disable Wi-Fi Protected Setup if that option is available.
- Set up a guest Wi-Fi network for times when a friend or visitor needs to access the internet from your network. If possible, set the guest network to turn off after a set period of time and don’t leave it on.
- Don’t use cloud-based router management if your router’s manufacturer offers it. Turn off this feature if possible.
Moderately Difficult Technical Fixes
- Keep firmware updated to ensure your router has all the latest security patches.
- Set your router to use the 5-GHz band for Wi-Fi instead of the farther reaching 2.4-GHz band. Make sure all your devices are compatible with 5-GHz band first.
- Disable remote administrative access and administrative access over Wi-Fi. Only connect to your router’s administrative interface via wired ethernet.
Advanced Tips for Tech-Savvy Users
- Change the settings for the administrative web interface. It’s preferable to use a secure HTTPS connection over a non-standard port.
- Use your browsers incognito or private mode when accessing your routers administrative interface.
- Disable PING, Telnet, SSH, UPnP and HNAP if possible. These remote-access protocols should all have port settings for “stealth” so that no response it given to unsolicited external communications from hackers trying to probe your network.
- Change the router’s Domain Name System (DNS) server from the ISP’s own server to one maintained by OpenDNS, Google Public DNS or Cloudflare.
Following these steps will maximize the security of your home network and protect your personal information while your online shopping, paying bills, emailing friends or coworkers. It will also help protect your private data like tax returns and bank statement. If you want help securing your home network, we’ll be glad to help. Just give On-Site Techs a call at 619‑884‑8141.