Home Network Lock Down

Secure Your Network

So, you’ve bought a router, vigorously clicked through all the setup screens, agreed to all the terms of service and policies without reading one word of the multiple pages of fine print which is surely written with your best interest in mind. Bingo, your home network is setup and you’re all set. Streaming media across your home, Wi-Fi on your phone and even got your thermostat and washer & dryer mixed in there. (Seriously, who doesn’t need remote access to the dryer…right?)
You’re coasting the digital super highway, and the setup seemed all too easy. So proud of yourself, for a second you envision yourself running IT operations at the Pentagon. What could possibly go wrong?

Answer: Everything. Everything bad you can possibly imagine.

In many cases tech product companies build in certain features for ease-of-use purposes to make it usable for the non-technical audience, but by doing so, open vulnerabilities in other areas. Personally, I rank security over convenience all day long. I’d much rather take on the chore of maintaining passwords, than have a hacker hijack my home network.
Most hackers (cyber criminals) tend to have wild imaginations and are creative in their schemes. And let’s face it, they know how to do things that most people wouldn’t even begin to understand. Ever setup a SOCKS proxy server using IPv6 protocol? Me either. So, they sort of have a super-power in terms of understanding how to take advantage of consumer unfamiliarity in the technology game.

Why would they do it?

Here are only a few of the more common motives:

  • Spying on you. File monitoring, webcams, audio. All entirely possible.
  • Uploading or downloading files (of any type and content) onto any connected device.
  • Speed throttling – slowing down your network just to be annoying and disruptive (aka DDoS attack).
  • Redirecting users of your network to fake lookalike websites with the goal of capturing login credentials when entered (aka MitM attacks or DNS Hijacking).
  • Using your device’s IP address as a proxy location to visit websites and test stolen credit card information (got your attention?)

There’s a lot of technology out there in the modern world. Every single day we use mobile devices, routers, Wi-Fi and many other modern technologies, but do we really know what’s going on with these devices? Someone, once stated that “Never has so much technology been in the hands of so many, who have no clue as to how it works.” I really wish I could remember who stated that. Sadly, this rings true more often than not, however understanding complex technologies can be overwhelming for most. And understandably so, these topics aren’t simple.
The recommendations below are intended as an overview on how to tighten up your home network, to help keep the unfavorable out. Good news is, you don’t have to be a senior network engineer to harden your home network. These recommendations will be common among most routers, however if you’d like more detailed information on this topic, I’ll include some links to popular online resources at the end of the article.

How do they get in?

Here are the most common holes in home networks that allow unwanted access.

  • Gaining access to the network through the system default credentials.
  • Taking advantage of known flaws in outdated firmware of the router.
  • Remote access exploitation.
  • Exploiting outdated and insecure encryption types that are set in the router.

Easy Tweaks

Change defaults – Most of the time you will be prompted to do this during the setup process. If the default network name and admin password aren’t changed, this helps hackers get into your network as this information is common knowledge to them, and can be easily discovered.

Disable Broadcasting of SSID – There will be an option on most modern routers to disable broadcasting of your wireless network name, called the SSID. This way, users must know the name of the network to log onto it, and the devices that are in range of your network will not automatically list your network in the available connections menu.

Password Strength – Use strong passwords. Go long, 16 characters minimum, and use a combination of letters, numbers and special characters.

WPA2 Encryption – Choose WPA2 wireless encryption. If WPA2 isn’t an option on your router, then get a new one, asap. As of the time of this writing it is the current standard for Wi-Fi security. WEP and WPA are other options that may be available, but these are outdated and not secure, both have widely known vulnerabilities.

Disable WPS (one button Wi-Fi) – This allows devices to connect to the network with a push of a button, which also allows the devices to circumvent the Wi-Fi password and replace it with an 8-digit pin. Which creates vulnerabilities to brute force attacks, which is a tactic where a bot will rapidly guess every combination of a password using a certain number of digits, one of these bots can chew through an 8-digit combination sequence quickly. The shorter the password, the fewer possible combinations there are.

Guest Wi-Fi – Setup a guest Wi-Fi, with unique credentials that is set to turn on and off at certain times. So that you don’t have to give out your main network credentials.

Cloud Based Router – Do not use cloud-based router management. Terrible idea. You’re putting a middle man in-between you and your router. Some newer routers, called mesh routers, only have this option.

Turn it Off – Turn the router off when not home for extended periods (vacations, biz trips). When network devices are offline, hackers cannot target them.

Incognito Browser – When accessing the admin interface for your router, use an incognito/private browser window, so that no history is saved in the browser cache. Both, Firefox & Chrome have these options.

Advanced Tweaks

Firmware Updating – All routers have firmware built into the device, firmware is the permanently embedded software that controls a device. Some routers have auto updating capabilities for this, but older routers probably won’t. You can find your firmware version in the admin panel of your router’s interface, and then compare that to the current version on your router manufacturer’s website. Be sure to follow the instructions that the manufacturer provides, as improper firmware updating can render the router inoperable.

Disable Remote & Wi-Fi Admin Access – Remote access allows anyone with login credentials to access the router’s admin interface from anywhere in the world. While this could possibly be convenient for some, I don’t think this is necessary for most home users. Same thing with Wi-Fi access to the admin panel, administrating the router from an ethernet connection will be more secure.

VPN (Virtual Private Network) – Use a VPN to encrypt all network traffic. Think of a VPN is as a secret passageway between your PC and destinations that you visit on the internet. Your web activity passes back and forth through the VPN server. Resulting in your browsing activity appearing to come from that server’s geographical location, not your computer’s location.

More resources:

F-Secure Router Checker
F-Secure Router Checker is a free, web-based tool that checks your router’s settings and detects if it may have been hijacked by criminals. If your router is compromised, every single device on your network is at risk of being hacked.Click Here

Manuals Online
Lost your router’s manual? This is a handy website that can track that down for you.Click Here

Lots of how-to articles on a variety of technologies and gadgets. Click Here

Kaspersky Secure password checker
Great demonstration of strong passwords Click Here

Colby Albarado

Colby Albarado

Colby is a fullstack developer

Back to Home Page