So you want to have an Internet connected thermostat, baby cam, security system, etc. and you think you should just go home and plug it in? Wrong. You need to take steps to protect your family first from hackers, creeps and people who randomly might stumble upon your insecure home network. You also don’t want your devices becoming part of the increasingly prolific army of compromised internet of things and turning your internet connection into a DDoS spewing fire hose. Here are some good ways for you to secure your network as a parent and/or a concerned netizen.
Before I go any further, you must have a router. Almost every major ISP provides one of these with their service these days so I would be surprised if you don’t have one already. However, if you don’t, you definitely need one. It is your first line of defense when it comes to protecting your home network from malicious people on the internet. As of the date this post was written, you can find a selection of the best routers out there for home use over at CNET. Any of these will work for your basic home network and even for gamers most of the very high-end routers are overkill.
I personally take paranoia to the next level and connect the router supplied by my ISP to a router of my own. I don’t like the idea of my ISP potentially having access to my home network if I need them to troubleshoot something for me. I doubt most people will feel the need to go this far but it lets me sleep better at night.
From here on you need to do a few other things to get your router setup and secured the way it should be:
1 – Change the default user name and passwords
First and foremost, change the default user name and password for the administration website for your router. You should be able to follow the instructions that came with your router to do this. In many cases all you will need to do is connect to the router via WiFi or via a network cable and type in an address like http://192.168.1.1 in your web browser to do this. Many routers come with user names and passwords that are both admin or admin and password. This makes it very easy for someone to attack your router and compromise it if you do not change these settings immediately.
2 – Change the default wireless settings
Many newer routers come with randomized WiFi passwords that make them much more secure than the older model routers that usually came setup with no WiFi security out of the box. If your wireless connection does not have a password set, make sure you do that very soon after installing the router. Make this password something that only you know and different from other passwords that you use. Don’t hand this out to just anyone either. Even if your router comes with a nice randomly generated password for the WiFi, I would recommend you changing it to something that you choose.
Second, you need to make sure the wireless network settings are as secure as possible. In this day and age there is no reason to have your router’s WiFi to use anything less than WPA2 AES encryption. This is the most secure setting that you normally can use and any modern WiFi connected device will support it. Using anything other than WPA2 AES encryption will make it very easy for someone to beak into your network even if you are using strong passwords.
Third, change the SSID for your WiFi network to something unique. Don’t name this with your address or any other personal information. Use something that is meaningless to anyone else yet different from any other wireless networks that are in your area. Leaving your SSID set to the same as it came out of the box screams to any would-be hacker that your network has not been secured or properly vetted and makes you a target.
3 – Disable that guest network
So you want to provide your friends with a way to connect to your network and that cool guest network feature of your router sounds great for that right? Wrong. Enabling this feature will leave your router open for anyone to connect to and while the guest network won’t allow people to connect to your internal home devices, it will allow a hacker to connect to your router. This makes it that much easier for them to compromise your network since they are already connected to it.
4 – Update your router firmware
In the administration screens for your router that you previously protected with a new user name and password, you should also be able to find a place to update your router’s firmware. Doing so makes sure that your router is always up-to-date with the latest software and security patches which makes it that much harder to hack. You should do this periodically as vendors release updates all the time.
Your Internet of Things
Arguably your router is the most important item to secure on your home network. Once that is done you have already given the bad guys enough pause to go off and find an easier target. However, here are the other basic security precautions you should take when doing anything with a device that connects to the internet to automate or monitor your home:
- Always change the default user names and passwords for any logins on these devices. The majority of them are hacked because they are never changed.
- Only expose them to the internet if you have to.
- Don’t use any connected devices that try and make your home security more convenient. They are not ready yet. Bluetooth deadbolts on your door are still to buggy to want to trust your family’s safety to.
- Only use WiFi enabled switches for things that, if they were hacked, could not put your or your family in danger. It is one thing to turn on and off a light, it is another to allow someone to overheat your crockpot and burn down your house.
- Don’t connect web cams to the internet that monitor your kids while they sleep. Don’t leave your children’s safety to chance when faced with potential online threats.
Ultimately this all comes down to using your head. If you can think of a bad situation coming from connecting something to the internet, it is likely going to be tried or happen to someone. Only connect what you need to and for those devices, make sure you secure them to make yourself less of a target. Hackers are lazy, they are going to take the path of least resistance. If you are the tougher nut to crack, they will move on to an easier one.