It is in everyone’s interest that you secure your home network, even if you are not a tech person. Having an open network where other people can (and will) spy on you is something that I think we both agree is a bad thing. I just came bad from a work-trip where I spent some time setting up a new office. While that was on another level of network configuration, I couldn’t help to wonder how many people that simply connect the ethernet cable to the router and then lives happily ever after.
It is not hard to secure your home network. Most of it is basic things like having a strong password, keeping software up to date and turn off features that you don’t need. However, you should not have to turn off features that are there for a reason. Some say that you turn off DHCP because it’s more secure. Well, it’s even more secure to have no internet at all, but who wants that?
That is my realization. When I sat down to write this post, I did as any other blogger do when they are about to write a new blog post, they google the topic. When I searched for this topic, I found multiple “tips” that told me to turn off DHCP or enable MAC filtering. I am speaking for myself here, but that is not tips, that’s stupid. More on this later…
Why Should You Secure Your Network?
Are you one of those people that, when asked about security, gives any of the following answers?
- Why bother? If they want to get in, they will get in anyway
- Who cares? I have nothing to hide
- Why would they be interested in my selfie-images?
First off, shame on you. Second of all, you need to read this article because I will give you reasons why you should care, why you should bother, why you should be interested in protecting your selfie-images.
If you have an unsecured network, people will be able to surf on it without your control. Technically, this means that criminals can use your network for their business and if the police would notice, it’s your name that they will have. Not happening to you? Criminals know that there are unsecured networks out there and they are looking for them.
It is possible to monitor the network traffic if you have access. This means that someone else can see the sites you are on or see when you purchased something and from where. They could then send a fake invoice to you where the money goes into their account. With network access, they could also plant ransomware or viruses on the devices in your house, making you pay them money or worse, taking your bank credentials and stealing your savings.
If someone would steal images of you or someone else, they could easily pretend to be you. This can be used to create fake personas or even stealing your identity. An example would be to create a new Facebook-account, upload those images and then contact your friends, asking for a loan. Some friends are not that careful and don’t check much more than the name and the profile image.
There are hundreds of reasons to secure your network, these were just a few examples. Not securing your WiFi is like to outside naked. You would never do it, yet everyone looks the same under the clothes. You have nothing to hide on your network? I dare you to walk outside naked.
Tip #1: Use a Secure Router Password
I’m sure that you have heard this before but not having it as the number one factor when talking about your home network security should almost be illegal. Having a secure password will make your network a much safer place to be. Manufacturers have common passwords like admin or admin:admin so that it should be easy for you as a consumer to configure your network.
It is then up to you to change it yourself. Something that I like to do when I choose a password is to use a phrase and then add some numbers and symbols where it does fit. C=OLb0ySchool is an example of a password that I have used in the past. It has the phase coolboyschool in it but instead of hitting o, I press 0 while holding shift to get an equals-sign.
If an unauthorized user would get access to your router, you are doomed. They will have access to your whole network, your passwords, control of your networks traffic and its devices. If you have admin as password, go change immediately. This article will still be here when you come back.
Tip #2: Use WPA2 Only, Nothing Else
You are most likely already using WPA2 today since all WiFi-certified devices support WPA2 but some people like to be stubborn and like back compatibility. WPA2 stands for WiFi Protected Access 2 and is a security protocol that has been around since 2004. It is the standard security protocol in the industry and is being used everywhere.
In short, WPA2 is an encryption protocol that is mostly used for home networks. It makes sure that the information in your wireless network is encrypted and secure. Before WPA2, there were WPA and WEP, both of them being unsecure. If you are interested in these protocols and want to learn more, I highly recommend this article from Lifewire.
In some routers, you can choose to support WEP, WPA, WPA2 or a combination of them. You should not use anyone other than WPA2. I wanted to take a screenshot of how it can look but it turns out that my Asus-router doesn’t support anything other than WPA2. But what if a device doesn’t support WPA2? If a device that you use doesn’t support WPA2, thus older than 12 years, it’s time to replace it. That device in itself is a security risk.
Anonymous SSIDs. Ermahgerd, Wi-Fi! and Network Not Found is mine 🙂
Tip #3: Make Your SSID Anonymous
Your SSID (Service Set Identifier) is the name of your network. Most people have two different SSIDs today, one for 2.4GHz and another for 5GHz. If you live in an apartment (like me), it can be common to see a long list of SSIDs when looking for a WiFi-connection. What many people are doing here is to set their last name as the SSID or a family member or similar.
The problem with this is that if someone wants to hurt you and your family, all their have to do is to get close to the house and search for WiFi-connections to quickly know which network yours is. If you instead have your SSID being more generic, like a random word, or the street name, it is much more inconvenient to understand what network yours is.
If you have a router from your ISP, this becomes even more important. Many times, the name of the SSID can be something like ISPname123456. Telling everyone which network provider you have is not a good thing, especially if you have a router from the ISP. Since the ISP tell what router they offer on their sales page, an attacker can check what ISP you have based on your SSID and then check the sales page to see the model number of the router. Now, they know what router you have at home, and can find a way into that specific router.
Some say that you should hide your SSID so that you have to enter it manually. While I can understand that, it’s not something that I see would be that beneficial. Sure, my grandmother would probably not know how to find it, but my brother would with a quick Google search, and he does not know IT.
Tip #4: Disable Remote Access from the Outside
Many routers have a feature where they can be controlled and administrated over the internet. Unless you know what you are doing, this is not something that I recommend, at all. I also thought that this was quite an easy one, since it is off as default on most routers, right?
Nope. My Asus-router had it set on ON and when I went to the URL that was listed, I got access to my router, outside of the network. It was when I turned it off and got a message that I understood why it was on as default. In 2018, most routers come with an app that lets you control them from your phone. When I turned this off, I got a message saying that I wouldn’t be able to access it from my phone while not connected to the network.
It should go without saying what type of security issues you might get in trouble for when you expose your router to the internet. Your router has all kind of information and if someone got access to it, and your internet traffic, the person could do serious damage. So, in your router settings, make sure that Remote Access is turned off, especially if your router has an app.
Tip #5: Disable WPS on Your Router
WPS is a feature that is making it easier to connect to a wireless network. Have you ever seen a button on your router that says WPS? This means that when you are about to connect something to the router, you can push that button to automatically connect to the WiFi, without having to enter your password. As long as you have physical access to the router, you can do this.
Another method involves a pin code. This is something that is automatically generated on the WPS configuration page on the router. The problem with this method is that it is vulnerable to brute-force attacks. Bruce-Force is a kind of attack where you guess the pin or password multiple times until you find the correct one. This is something that software can do and it’s the biggest reason why I recommend that you turn off WPS.
And if you start thinking about it, there is no need for it unless you are connecting different devices every day. You enter the password once and then the device will remember it, it’s much more secure and safer.
Tip #6: Use Your Hardware
Something that I always recommend my friends to do is to use their stuff instead of using the ISPs. Many ISPs will send out a router for you when you sign up for a subscription. The problem is that you often don’t have full control over the router and instead, it’s the ISP that has control over it.
If the ISP lets you (which they sometimes don’t), I can highly recommend that you leave their router in the box and instead you purchase a new one, for your own money, that is yours, and yours only. This gives you much more control over your network and even if you don’t plan to do any special configurations, the router you purchase will in 98% of the cases have better performance than the router from the ISP
Tip #7: Keep Your Devices Updated
Lastly, I would just recommend that you keep your software updated on all your devices. Companies are always fixing bugs and filling security holes in their devices and it’s your job to apply that update. I am talking about everything connected to the internet like your router, TV, Philips Hue, computer, phones, tablets, whatever it is. If there is an update, you should update.
Did you hear about WannaCry in May 2017? This was a massive cyberattack that hit all kinds of systems around the world. It encrypted files and demanded a ransom. The ransomware infected over 200 000 computers around the world in just one day. Do you know who got it? The ones that were on old software or hadn’t upgraded in a long time. The ransomware attacked Windows-machines, but Microsoft had already released a fix for their operating systems. However, if you hadn’t update, it was game over.
Don’t Make Security an Inconvenience
As I mentioned at the beginning of this article, I did some research while writing this topic, as I and any other blogger always do. The problem I found was that there were so many bad tips out there, that was there simply to have a bigger list for people to read, not useful.
One of those things was to turn off DHCP on your router. The point here is that devices that connect to your network should not automatically get an IP address, something they need to use the network and internet. No, someone else, like an administrator or a family member should give the device a static IP (having a static IP means having the same IP all the time).
Think about all those times that you have had friends over. What if you were to manually give their phones an IP address so that they could use your home network? It would be a nightmare.
MAC Filtering is almost the same. This means that you only have approved MAC addresses in your network and no other devices can connect to the network. This would also be an extreme measure that normal folks like you and me don’t have to bother with.
So, if you read that you should turn off your DHCP, don’t. It’s not necessary at all.