Wi-Fi Home Security
To create a secure home network, you need to start by securing your Wi-Fi access point (sometimes called a Wi-Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi-Fi to create a far more secure home network for you and your family.
Focus on The Basics
Often the easiest way to connect to and configure your Wi-Fi device is while connected to your home network. Point your web browser to the specific IP address documented in your device’s manual (an example of this would be https://192.168.1.1), or use a utility or mobile app provided by your Wi-Fi device vendor.
CHANGE THE ADMIN PASSWORD
Your Wi-Fi access point was most likely shipped with a default password for the administrator account that allows you to change the device configuration. Often these default passwords are publicly known, perhaps even posted on the Internet. Be sure to change the admin password to a unique, strong password, so only you have access to it. If your device allows it, change the admin username as well.
CREATE A NETWORK PASSWORD
Configure your Wi-Fi network, so it has a unique, strong password as well (make sure it is different from your device admin password). This way only people and devices you trust can join your home network. Consider using a password manager to select a strong password and to keep track of all of your passwords for you.
FIRMWARE UPDATES
Turn on automatic updating of your Wi-Fi access point’s operating system, often called firmware. This way you ensure your device is as secure as possible with the latest security options. If automatic updating is not an option on your Wi-Fi access point, periodically log into and check your device to see if any updates are available. If your device is no longer supported by the vendor, consider buying a new one that you can update to obtain the latest security features.
USE A GUEST NETWORK
guest network is a virtual separate network that your Wi-Fi access point can create. This means that your Wi-Fi access point actually has two networks. The primary network is the one that your trusted devices connect to, such as your computer, smartphone, or tablet devices. The guest network is what untrusted devices connect to, such as guests visiting your house or perhaps some of your personal smart home devices. When something connects to your guest network, it cannot see or communicate with any of your trusted personal devices connected to your primary network.
USE SECURE DNS FILTERING
DNS is an internet-wide service that converts the names of websites into numeric addresses. It is what helps ensure your computer can connect to a website when you type in the website’s name. Wi-Fi access points typically use the default DNS server supplied by your internet service provider, but more secure alternatives are available for free from services such as OpenDNS, CloudFlare for Families, or Quad9 that can provide extra security by blocking malicious or other undesirable websites. Log into your Wi-Fi access point and change the DNS server address to a more secure alternative.
Securing your home Wi-Fi access point is the first, and one of the most important, step in creating a secure home network. For more information about securing your Wi-Fi access point, refer to the device’s manual, or if your internet service provider provided your Wi-Fi device, contact them for more information on security features.
Guest Editor
Joshua Wright (Twitter @joswr1ght) is a senior director at Counter Hack Challenges, LLC, leading the coordination and development of cyber challenges for NetWars and the Holiday Hack Challenge. Find Josh at LinkedIn.
About OUCH!
OUCH! is a monthly security awareness newsletter for everyone. It is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it.
Editorial Board: Walter Scrivens, Phil Hoffman, Alan Waggoner, Les Ridout, and Princess Young.