Securing a Home Network
By Robert Townsend on September 4, 2018
Background:
Most day-to-day tasks are normally done from the safety of home. Tasks include: checking your banking statements, paying bills, reading emails, chatting on social media, or simply browsing the web. These tasks done on a day-to-day basis, is the reason securing your network is important. The data on our home and small office networks are, essentially, just as important as the data that might be on a large enterprise network for a big company.
Home Wi-Fi Network:
What exactly is a Wi-Fi network and why is securing it so important? This type of network is typically the one you have set up at home to allow wireless connectivity between devices. When you “go” wireless it typically means connecting an internet access point – DSL or cable modem – to a wireless router. The router then sends a signal through the air which can reach hundreds of feet, depending on the router. So, why is it important to make sure your network is secure? Well, any device that your neighbor uses within range could pull the signal from the air and piggyback your internet. Your neighbor or a hacker could then access your network and even access the information on your devices. The only way to prevent others from using your network without your permission is by taking certain precautions.
Fig 1- Source: What is a home wireless network?
Importance of securing your network:
Securing your network is essential because your privacy and bandwidth should not be accessed by others. Without network security and data encryption: the websites you go to, the accounts you have, the emails you send, the passwords you type, and everything else that you store on your computer could be at risk. Most times a person or company may think that securing the data on their network may not be important. The only time they realize that it is, is when they have been breached and data is stolen, or the privacy of their data is lost. Examples of devices or tools, besides your computer, that can be exploited and can compromise your network include: routers, printers, smartphones, VoIP phones, TVs, and almost any IoT device.
Steps to securing your network:
The following steps are the recommended essentials that should be implemented when setting up your home wireless network at your small office at work or at home.
- SSID- The first step to be taken should be to change your default Service Set Identifier (SSID). By changing your SSID it makes it harder for neighbors or hackers to know what type of router you are using. This is because the default SSID is normally the name of the type of router you have. The reason this information is important to hide is because if a hacker knows what type of router you are using then it makes you susceptible to vulnerabilities that router may have which can lead to exploitation. The final step you can take for SSID is to disable the broadcast altogether. This way, no one can see your wireless network name easily.
- Password- The default username and password for your router web page manager is normally the same. (Ex: Username- admin – Password- admin) Therefore, changing your default password to a complex password is a step that needs to be taken from the beginning. A complex password is at least 15-20 characters and includes letters, numbers, and special characters.
- Encryption– Routers support different forms of encryption. What encryption does, is it scrambles messages the you send over the wireless network, so they cannot be easily read by the human eye. Examples of encryption protocols are “Wi-Fi Protected Access” (WPA) and WPA2. The recommended protocol is WPA2 if it is available on your router. This security protocol supports CCMP (an AES-based encryption mode) and is required for all new devices to bear the Wi-Fi trademark.
- Positioning– The place that you put your wireless router in your home should be thought of strategically. The best place is in the middle of your home. This makes it, so the Wi-Fi range is distributed evenly throughout your house, and that the range will not go outside of the perimeter too far. (See figure 1)
- Static IP– Dynamic host configuration protocol (DHCP) is normally turned on by default. This makes it, so the IP addresses are set automatically for each device that you connect to your network. By turning off DHCP and assigning a specific range on IP addresses on your router interface, you can then set each device on your network with a specific IP within the range you set your router to allow. This makes it harder for a hacker to obtain valid IP addresses from your networks DHCP protocol pool. It is also recommended to change your router’s default IP to a different one as most are set to something like 192.168.1.1. Change it to something like 192.168.1.5 to make it harder for an attacker to snoop.
- MAC Filtering- Wi-Fi devices have something called a “Media Access Control” (MAC) address that is unique to each device. Your router normally has the option to allow you to key in each MAC address that you want connected to your network. This makes it so only the MAC addresses of the devices you own can connect to your network. By enabling this option, it adds another level of security. However, be wary as hackers can use different methods to fake MAC addresses of their devices, so this security method should not be used alone.
- Firewall- A hardware firewall is different from the firewall on your computer. The hardware firewall for routers allow for rule-based incoming/outgoing traffic management. The best part is most routers have this built-in. You just need to make sure it is enabled through your router interface. A good rule to have is the “Deny All” rule first then add exception rules. (If your router firewall supports this) This keeps everyone out at first, then you can start adding “allow” rules for specific traffic in and out of the network.
- Update- Your router does not come with auto-update features. Updating your firmware is important because if a vulnerability is discovered on your router, the company who makes the router normally comes out with a firmware update to address it. To update your firmware you log into your router interface on a web browser. There should be an update tab which allows for easy updating.
- Power- The best thing to do when you are away from home for a long period of time is to turn off your router and any device that is connected via Ethernet or WiFi. This method reduces chances of being targeted, and even from things like power surges. While you are away from home you do not want people to be able to brute force your network. This will remove the possibility of someone breaking in.
Conclusion:
Securing your home network should be the number one priority when setting it up for the first time. The most important step that should be taken is defense-in-depth. The layering aspect of this defense type will allow your network to have top notch security. While there are no bulletproof defense methods, this will allow most bases to be covered and will protect the network thoroughly.
Sources:
https://www.professormesser.com/free-a-plus-training/220-902/securing-a-soho-network/
https://www.itproportal.com/2014/01/22/a-step-by-step-guide-to-setting-up-a-home-network/
https://www.tbngconsulting.com/blog/bid/295923/Why-is-Network-Security-so-important
https://www.consumer.ftc.gov/articles/0013-securing-your-wireless-network
https://heimdalsecurity.com/blog/home-wireless-network-security/
https://www.lifewire.com/wireless-home-network-security-tips-818355
-
Russia’s Cyber Strategies
Russia’s Cyber Strategies
12/2/2021 -
The Next Generation and Cyber Security
The Next Generation and Cyber Security
12/2/2021 -
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
12/2/2021