How to Secure Your Home Network

home network

Something interesting happened last week. A programmer by the name of Matthew Garrett gained access to the lighting and window controls to nearly every room of a hotel he was staying in. (You can read his post here:http://mjg59.dreamwidth.org/40505.html#cmt1611577) This made me think about network connected devices and home network security. I, too, have smart lights, and call me paranoid, but I don’t want someone gaining access to my systems. Apart from the annoyance of them being “funny” and changing my lights randomly, it could give them insight to when I’m awake, and when I’m home. (Granted, if they sat in a car near my house and watched long enough they would get the same information, but that’s more work, and probably not worth it. Simply accessing a network and having that information, that’s a little easier.)

Beyond just lights though, many homes are increasingly gaining various wi-fi connected features and controls which could be potential vulnerabilities if the network were not properly secured. There are devices that will control your lights, your tv, your music, phone and more. There are home security systems that will allow you to set up cameras that can be streamed to your phone. All of this information, all of these systems on your network, means it’s important to be secure, but what does that even mean?

Back in the bad-old days, when wi-fi was in its youth, it was easy to login to your neighbors wifi, maybe “borrow” his printer for a laugh. I had friends who would drive around with a laptop looking for open networks to connect to. Luckily, times have changed and people have become a little more responsible with their home networks. Most people go in and set up their network SSID and password protect it, which is a first big step to keeping interlopers out. But is this enough?

As I read about Matthew’s (somewhat) misadventure, I began to wonder how secure my simple password protected network is. A smart man once said that security is an ongoing thing, it’s continual, and we have to be vigilant. That being said, there are some simple, and sometimes obvious things we can do to help make our home networks a little more unappealing to those who would try to gain access to them.

The Device

Use a device that supports Wi-Fi Protected Access 2 (WPA2), preferably with Advanced Encryption Standard (AES). This will encrypt communication between the router and device, and is currently the most secure configuration for home networks.

Think about the placement of your router. The device will emit signals, which can extend beyond the home. By optimizing the location of the antenna in the house, you can minimize how much of that signal is exposed for outsiders to pick up on. You can also fine tune the transmission levels and signal strength to this end. It’s also a good idea to update the router’s firmware since updates often contain patches for previously discovered vulnerabilities.

The Settings

Most routers have a web browser based interface which can be accessed by typing the router’s IP address into the browser address bar. From here you can improve your security by making some small changes to a few settings.

Routers come with some default settings, which are publicly known, so it’s important to change these to something unique,  making it more difficult to gain access. Give your network a name (SSID) and a passphrase. I say phrase because something long is best. A long phrase, 16 characters or more, is harder to crack than a short, but “complex” phrase. (long and complex is even better!)

It’s not a bad idea to change your router’s IP and interface login password, the defaults are public knowledge and this will make it so that an attacker can’t just plug in the defaults to gain access. (Make them work for it!)

Turn off Wi-Fi Protected Setup (WPS) and  the UPnP feature, if you can. This may sound counter intuitive, but there are design flaws in WPS which allow attackers to brute-force an access code relatively quickly. The UPnP feature allows compatible devices to change router settings without going through the router interface, a very appealing prospect to network intruders. However, many gaming consoles utilize this, so it might not be feasible to disable it. You will also want to keep remote access turned off unless you need it.

Ensure that you logout of the router interface when you’re finished. It is also wise to pay attention to the devices on your network, naming the various devices will help you recognize if there is an unfamiliar connection.

It’s easy to point out how unlikely it is someone would spend time trying to get into your specific network, but why take the risk when you can improve the security of your devices by changing some simple features?

Information Sources:

http://mjg59.dreamwidth.org/40505.html#cmt1611577

http://www.cnet.com/how-to/home-networking-explained-part-6-keep-your-network-secure/

https://www.us-cert.gov/ncas/tips/ST15-002