The monumental growth in popularity of the Internet has changed the way we live our lives each and every day. The Internet has changed the way we handle previously time-consuming tasks; bills can be paid at the push of a button, information found through a quick search, and communication delivered instantly. Our connected, Internet-driven world has opened millions of opportunities for individuals and business, and forever changed our lives. Internet security is now an imperative for the individual; we must understand the risks, and create secure environments for us to enjoy the wonderful benefits of a vastly connected world.
The Internet and Internet of Things (IoT) has paved the way for a world where our devices learn about as as we use them. They use this information and do things that make our life easier. Our smartphone may learn when we get out of bed, and communicate with a coffee machine to brew the perfect coffee for us, before we get to the kitchen. Our smartphone will know where we work, when we need to get there and can then map out the most efficient route, based on traffic reports in real time. The Internet is fascinating, and providing enormous possibilities for us.
But the Internet has a dark side. The increasing functionality, speed and reach of the Internet, facilitated by rapidly-improving technology, has opened opportunities for illegal activity. With the development of the dark web facilitating organized crime, through to almost 1 million new pieces of malware (viruses, worms, Trojans and any other malicious piece of code) being released daily, there’s plenty of bad stuff to watch out for.
The consequences of the bad side of the Internet can be devastating. Data loss is common through Ransomware and other nasty viruses, through to identity theft and siphoning of funds from bank accounts. And with the growing sophistication of these threats, they can be extremely difficult for the average user to identify.
Keeping Yourself Safe
Your home WiFi network acts as your gateway to the Internet. All your devices connect to your router, and then have open access and communications to the world-wide web. You can indulge in entertainment, communicate with people from all over the world, and perform daily tasks at will, from any Internet enabled device. The world is in your hands.
A secure home WiFi network can be a simple, yet extremely reliable way to ensure that you and your network users are protected against the dark side of the Internet, whilst simultaneously allow you to enjoy the many benefits of our modern world. By having a secure home WiFi network, you’re proactively mitigating the ever-present threats of the Internet, and ensuring that you eliminate the threats before they strike.
We have complied a list of 17 steps to a creating a secure home WiFi network. These tips are immediately actionable, and all work towards creating a strong and secure environment.
17 Steps to a Secure Home WiFi Network
1. Change the Default Administrator Login To Your Router
By default, all routers come with a vendor assigned default Administrator username and password combination. This allows the user to easily access the router configuration page, and change any details necessary. This enables the quick and easy configuration of a network, meaning users can get online faster.
The downside of this, however, is that most home users never change these settings, which creates a huge security flaw! Website owners have developed lists of default router passwords, readily available to anyone. All you have to do is determine the make and model, and anyone can instantly find the default login. In the wrong hands, this can cause serious issues.
When you set up your router, it is a good idea to change the administrator username and password combination to something unique and secure. This is a simple step to take to create a secure home WiFi network with little effort; it is immediately actionable, but increases security tremendously. Don’t fall into this trap.
2. Change the SSID of Your Network
It’s debatable whether changing a network name (SSID) will increase security of a network. On the one hand, a WiFi name has no bearing on whether a potential attacker can find and penetrate your network.
However, much like the default administrator username and password, not many home users will bother to change the SSID (Service Set Identifier). Thus, a default SSID indicates that there is the possibility that the network has been poorly set up, with minimal security considerations (like default passwords). Changing the SSID acts more as a mask; it makes it look like your network is impenetrable, because you’ve taken the time to set it up correctly.
The SSID of your router can be changed through the router configuration page. Again, this is another simple step to creating a secure home WiFi network. Network security does not need to be complex; often, the simple steps are the most effective!
3. Ensure That You Use Encryption
Encryption is the method of scrambling data with an encryption key, so only those who have the decryption key can read it. It is a way of ensuring that the data remains secure and private, so only the intended recipients can read it.
Encryption can be added to your network, and is a great way to create a secure home WiFi network. It acts in a similar manner to normal encryption; it encrypts data communicated over a network.
Turning on network encryption is just as easy as changing the SSID or administrator username and password. Simply navigate to the router configuration page and follow the steps. Often, you’ll be confronted with multiple types of encryption. It has been widely documented that WEP encryption is very insecure and easily compromised. In the interest of creating a secure home WiFi network, make sure you use WPA2 as the encryption type, as it is the most secure offering at this point.
4. Double Up on Firewalls for Twice the Protection
A firewall is a network security method, either hardware or software based, that controls the flow of traffic in and out of your network. It acts as a gatekeeper; by using predetermined rules, the firewall will either allow of block traffic in or out of the network.
Most routers come with an inbuilt firewall, which is classified as a hardware based firewall. As it is built into the router, it uses packet filtering; it compares the data coming into or leaving the network, either blocking or allowing access after being compared to predetermined rules. Like most of the tips given here to creating a secure home WiFi network, the inbuilt router firewall can be enabled by simply navigating to the router configurations page and following the onscreen steps.
Some operating systems (such as Windows) also come with inbuilt software based firewalls. As with most firewalls used by home users, you can pretty much “set and forget”, as they typically work without too much intervention. You can navigate to your operating systems software based firewall and follow the steps to enable it.
However, there is always the chance that third-party software installed may clash with the firewalls. In this case, the user can add exceptions and allow the software to receive or send traffic at will.
Firewalls can be complex in theory, but are quite simple in practice. When building a secure home WiFi network, it is critical that you utilize firewalls. These can act as the first and last point of security for your network, and can be the difference between a secure and insecure network. Doubling up ensures that there is no single point of failure, and allows for one firewall to detect things that the other may miss.
5. Ensure You Use (and Keep Updated) Antivirus Software
Your antivirus software protects you and your network from malicious programs that can infect your entire network. As mentioned earlier, almost 1 million new pieces of malicious software are released every day; it’s your antivirus that ensures you don’t fall victim!
It is imperative that you ensure you are utilizing some form of antivirus when creating a secure home WiFi network. Viruses can allow backdoor entry to your network, or hold it to ransom. Prevention is the greatest form of security against malicious software.
Antivirus vendors frequently update their virus databases by adding “virus definitions”. Once a new virus is discovered by a vendor, they release the definitions for users to download, which protects against infection.
There are numerous antivirus vendors, some offering paid software (Norton and Kaspersky) and free software (AVG). Regardless of vendor, they all provided full antivirus security features, which help build a secure home WiFi network. Make sure that you keep your virus definitions up to date, and perform regular virus scans, and you’ll be well on you way to fighting against malicious software.
6. Do Not Allow Guest Networks
In theory, having a “guest network” sounds like a great idea to keep your WiFi network secure. And while sometimes a guest network can be setup securely, it’s better practice to not have one at all.
Guest Networks allow your guests to connect to a separate WiFi network on your router, which only provides Internet access. Sounds great, right? Well, guest networks are generally open WiFi networks, which means that anyone can connect. Compounding this is the fact they are not encrypted, meaning that data can easily be snooped on by attackers.
As they’re generally open, this means that anyone can connect to it at any time. Your neighbours can use all your bandwidth and exceed download limits. This can allow for anybody to use your network connection, potentially for illegal activity; the blame will be placed squarely on you as the network owner.
When creating a secure home WiFi network, it is best to disable the guest network feature. By doing so, you’ll not only increase the security of your network, but you’ll increase the security of data passing through from users connected to it.
7. Utilize VPNs for Secure Communications
In today’s connected world, we send information to and from each other prominently in a digital form. With the sophistication and growing number of threats present, these communications can be easily intercepted and read.
VPNs evade this issue. VPNs (Virtual Private Networks) act as a tunnel for information and data to be passed through, such that it cannot be intercepted or monitored. It is used by both individuals and businesses in ensuring that private and confidential communications remain that way.
With some effort, a VPN can be set up at the router level, which means that all communications, information and data transmitted by devices through the router pass through the VPN to the destination. This protects all data transmission to and from your network.
Though not necessarily mandatory in creating a secure home WiFi network, VPNs can be great at adding additional security layers to your network. With a little bit of effort and some free resources, a VPN will maintain the security and integrity of your data and information as it is transmitted over your network.
8. Regularly Update Router Firmware as Updates Become Available
Each and every piece of hardware has software that gives it instructions. In the case of your router, it has firmware which instructs the hardware on what to do and how to do it.
As with any piece of software, the is the potential for vulnerabilities and bugs. Savvy attackers can exploit the vulnerabilities and bugs, giving them easy access to your network. No matter how good your security is, if there is a vulnerability that is not fixed, it’s an open door for attackers.
Router vendors know the risks, and release updates and fixes for vulnerabilities uncovered, or performance enhancements. By releasing these updates, you can potentially enhance the performance of your router, and enhance the security of an already secure home WiFi network (if you’ve been following our steps!).
Just like the previous steps on how to create a secure home WiFi network, router updates can be accessed through the router configuration page. There will be an option for updates, with on screen steps.
Vendors release updates for a reason. As soon as they become available, download and install them. They can make a huge difference to the security of your network.
9. Turn Off WPS
WPS (WiFi Protected Setup) is a method implemented by many router vendors to assist guests and visitors in connecting to your network and getting online faster. Rather than typing in a long, complicated WiFi password, WPS allows for users to connect to the router using an 8-digit PIN number that is imprinted (generally) on the base of the router.
This is especially useful for mobile users, as it can be a pain to change between keyboard sections (between letters and numbers), which can lead to errors in typing. Instead, the user can simply type in the digits.
The problem with WPS is in the way it authenticates the digits that are entered. Instead of checking all 8 digits at the same time, it checks the first four, then the second four. This means that instead of having an 8-digit combination, there are two weaker 4-digit combinations, which can be much more easily cracked.
WPS was meant to create convenience for users, but it has just really introduced vulnerabilities. In order to really create a secure home WiFi network, it is advisable (if possible) to disable WPS.
10. Disable DHCP And Use Static IPs
DHCP (Dynamic Host Configuration Protocol) is a connection protocol utilized by your router to assign an IP address to each device that connects to your router. A router works by routing devices connected to the network out into the world wide web. Your router will assign local IP addresses to each device that connects, and then routes each device to the destination they wish to visit.
DHCP will assign an IP address to any device, whether it has connected in an authorized or unauthorized manner. Thus, if your neighbour has cracked your passwords and gained unauthorized access to your network, it’ll be assigned an IP address and will have the ability to connect to the Internet. Each time you connect, you will be assigned a different IP address.
Utilizing static IP addresses means that each device is assigned its own address manually. Each device has one, and only one, IP address. Therefore, as each device is connected to the network, an IP address won’t automatically be assigned; it’ll have to be manually assigned. This makes it slightly more difficult for attackers to gain access to your network.
Assigning manual IP address can be done through your routers configuration page. This will allow you to create a more secure home WiFi network by limiting connection to your network to known and trusted devices only.
11. Don’t Disable “Broadcast SSID”
There are schools of thought in the internet security world that not broadcasting your routers SSID will make it invisible, thus more secure. Whilst this sounds great in theory, in practice it doesn’t really do much to secure your network.
The SSID was never meant to be hidden; it is an identifier for your network, so you know where to connect. By hiding it, yes it becomes invisible (somewhat), but it makes it a pain to connect to. Moreover, any attacker who really wants to compromise your network will simply use tools to find your “hidden” network.
You’d be better of following the other steps to create a secure home WiFi network; hiding your SSID really doesn’t do much to protect your network. Focus your efforts on something that will!
12. Filter MAC Addresses
All devices that connect to a network have a network adapter. Each of these network adapters have a unique identifier called a MAC Address (Media Access Control). This, in conjunction with IP addresses, is how data transmission is facilitated. These two address ensure that the right data is being transmitted to the right device.
Similar to static IP addresses, you can create an even more secure home WiFi network by filtering MAC addresses. Essentially, the router will check a database of MAC addresses against the MAC addresses of devices that are attempting to communicate over the network. If they match, communication is established. If not, then communication is blocked.
Though MAC addresses can be faked by determined attackers, having MAC address filtering makes it that much more difficult for an attacker to gain unauthorized access to your network.
13. Disable Remote Access
Remote Access allows a device to login to the routers configuration page without being connected to the network. This is great if you want to login and change network settings when you’re away from the network. But the same convenience allows attackers to potentially gain unauthorized access to you network, without actually being connected to it.
Disabling remote access means that a device can only login/access the router configuration page if they are connected to the network. Basically (if you’ve been following our tips so far and have set up a secure home WiFi network to this point), to access the router configuration page:
- A device must be connected to the network
- A device must have a valid assigned static IP address
- A device must know the SSID, administrator username and password, and
- A device must have a trusted and known MAC address
This essentially means that, unless you meet all the above criteria, you cannot make changes to the network settings, thus making it very difficult to gain unauthorized access to the network. Disabling remote access (again like the other steps laid out to create your secure home WiFi network) can be accessed through the router configuration page. It’s a simple task that adds another solid layer of security to your network.
14. Turn Down the Broadcast Power
Just like buying a house, placing your router for maximum connectivity is all about location, location, location! The closer you are, the better the signal; this provides a much better browsing experience for the user.
But having too much range may not be such a good thing! Sure, it’d be great to be able to connect to you WiFi network from 100 meters away. But if you can do it from such a distance, so can a potential attacker.
Reducing the range of your routers signal can be achieved in a couple of ways. Firstly, you can point the antennas away from the street or where your neighbours live, so that the signal does not transmit in that direction. Alternatively, modern routers have a setting in the configuration page that can be used to limit the range. Most routers operate in the 2.4GHz and 5GHz ranges; 5GHz has a shorter range, but does not compromise on speed and reliability. Thus, setting your router to a 5GHz channel can effectively limit range.
By limiting range, you limit the options for outsiders to connect and compromise your network. This simple settings change can go a long way in creating a secure home WiFi network.
15. Utilize DNSCrypt For More Secure Browsing
When you browse the internet, you will generally type in a website address (beginning with www.) and your web browser will take you to that website. This is made possible through the Domain Name System (DNS), which links an IP address of a website to a domain name. This makes it easier for users to navigate to the website they wish to visit.
Your ISP will provide a DNS server for you to use, which performs the basic functions. There are, however, third-party alternatives that you can use, including DNSCrypt. These third-party DNS servers offer greater security and privacy on the internet, such as encrypting communications, protection against malware and botnets, and ensuring that websites returned by the DNS are legitimate and haven’t been tampered with.
Third-part DNS servers are free and can be quite easily configured. Utilizing DNSCrypt is a great way to add an additional layer of security; by increasing your protection online, this has a flow-on effect by reducing the threats that you are exposed to. This will assist in creating a more secure home WiFi network, by reducing potential threats before they strike your network.
16. Disable UPnP For a More Secure Home WiFi Network
Have you ever wondered how, when a new device connects to a network, you can automatically see it in Control Panel? This is an example of UPnP (Universal Plug and Play). UPnP allows network connected devices to discover each other’s presence when connected on the network, without having to manually configure anything.
In terms of a router, UPnP can allow applications to automatically forward ports on your router, to allow incoming and outgoing communications. This is convenient, as you don’t need to manually forward all the ports to enable applications and devices to communicate at will.
The problem is that UPnP can allow malicious software on your computer to forward ports on your router. Thus, if a Trojan Horse virus forwards a port, it can allow backdoor access to your network through the port that it asked the router to forward. This means that an attacker now has access to your network! Most vendors have UPnP implemented on their routers; therefore, most people around the world have this vulnerability in their network.
If you don’t have applications that need port forwarding turned on, then disabling UPnP is a good way to create a more secure home WiFi network. It means that, if any Trojan Horse viruses bypass your firewalls and antivirus, they cannot communicate through their desired port.
Whilst UPnP does have inherit flaws, the likelihood that a piece of malicious software will exploit this vulnerability is low. Still, for the most secure home WiFi network, disabling UPnP is a good move.
17. Turn Off WiFi When Not In Use
Last, and probably the simplest step to creating a secure home WiFi network, is to simply turn it off when it is not in use.
If nobody is using the network, turning it off can make 100% that nobody can connect to it. This increases the security of your home WiFi network dramatically, as there is no possible way to connect to it if it is turned off.
This is most practical when you’re going to be away from the network for extended periods, like on holidays. It is not practical during peak usage time, so really it’s just a last resort. If it’s off, it’s protected!
These simple, easy to implement steps will ensure that you create the most secure home WiFi network, protecting all your users from the bad side of the web!