Home Network Lock Down

Secure Your Network


So, you’ve bought a router, vigorously clicked through all the setup screens, agreed to all the terms of service and policies without reading one word of the multiple pages of fine print which is surely written with your best interest in mind. Bingo, your home network is setup and you’re all set. Streaming media across your home, Wi-Fi on your phone and even got your thermostat and washer & dryer mixed in there. (Seriously, who doesn’t need remote access to the dryer…right?)
You’re coasting the digital super highway, and the setup seemed all too easy. So proud of yourself, for a second you envision yourself running IT operations at the Pentagon. What could possibly go wrong?

Answer: Everything. Everything bad you can possibly imagine.

In many cases tech product companies build in certain features for ease-of-use purposes to make it usable for the non-technical audience, but by doing so, open vulnerabilities in other areas. Personally, I rank security over convenience all day long. I’d much rather take on the chore of maintaining passwords, than have a hacker hijack my home network.
Most hackers (cyber criminals) tend to have wild imaginations and are creative in their schemes. And let’s face it, they know how to do things that most people wouldn’t even begin to understand. Ever setup a SOCKS proxy server using IPv6 protocol? Me either. So, they sort of have a super-power in terms of understanding how to take advantage of consumer unfamiliarity in the technology game.

Why would they do it?


Here are only a few of the more common motives:

  • Spying on you. File monitoring, webcams, audio. All entirely possible.
  • Uploading or downloading files (of any type and content) onto any connected device.
  • Speed throttling – slowing down your network just to be annoying and disruptive (aka DDoS attack).
  • Redirecting users of your network to fake lookalike websites with the goal of capturing login credentials when entered (aka MitM attacks or DNS Hijacking).
  • Using your device’s IP address as a proxy location to visit websites and test stolen credit card information (got your attention?)

There’s a lot of technology out there in the modern world. Every single day we use mobile devices, routers, Wi-Fi and many other modern technologies, but do we really know what’s going on with these devices? Someone, once stated that “Never has so much technology been in the hands of so many, who have no clue as to how it works.” I really wish I could remember who stated that. Sadly, this rings true more often than not, however understanding complex technologies can be overwhelming for most. And understandably so, these topics aren’t simple.
The recommendations below are intended as an overview on how to tighten up your home network, to help keep the unfavorable out. Good news is, you don’t have to be a senior network engineer to harden your home network. These recommendations will be common among most routers, however if you’d like more detailed information on this topic, I’ll include some links to popular online resources at the end of the article.

How do they get in?


Here are the most common holes in home networks that allow unwanted access.

  • Gaining access to the network through the system default credentials.
  • Taking advantage of known flaws in outdated firmware of the router.
  • Remote access exploitation.
  • Exploiting outdated and insecure encryption types that are set in the router.

Easy Tweaks


Change defaults – Most of the time you will be prompted to do this during the setup process. If the default network name and admin password aren’t changed, this helps hackers get into your network as this information is common knowledge to them, and can be easily discovered.

Disable Broadcasting of SSID – There will be an option on most modern routers to disable broadcasting of your wireless network name, called the SSID. This way, users must know the name of the network to log onto it, and the devices that are in range of your network will not automatically list your network in the available connections menu.

Password Strength – Use strong passwords. Go long, 16 characters minimum, and use a combination of letters, numbers and special characters.

WPA2 Encryption – Choose WPA2 wireless encryption. If WPA2 isn’t an option on your router, then get a new one, asap. As of the time of this writing it is the current standard for Wi-Fi security. WEP and WPA are other options that may be available, but these are outdated and not secure, both have widely known vulnerabilities.

Disable WPS (one button Wi-Fi) – This allows devices to connect to the network with a push of a button, which also allows the devices to circumvent the Wi-Fi password and replace it with an 8-digit pin. Which creates vulnerabilities to brute force attacks, which is a tactic where a bot will rapidly guess every combination of a password using a certain number of digits, one of these bots can chew through an 8-digit combination sequence quickly. The shorter the password, the fewer possible combinations there are.

Guest Wi-Fi – Setup a guest Wi-Fi, with unique credentials that is set to turn on and off at certain times. So that you don’t have to give out your main network credentials.

Cloud Based Router – Do not use cloud-based router management. Terrible idea. You’re putting a middle man in-between you and your router. Some newer routers, called mesh routers, only have this option.

Turn it Off – Turn the router off when not home for extended periods (vacations, biz trips). When network devices are offline, hackers cannot target them.

Incognito Browser – When accessing the admin interface for your router, use an incognito/private browser window, so that no history is saved in the browser cache. Both, Firefox & Chrome have these options.

Advanced Tweaks


Firmware Updating – All routers have firmware built into the device, firmware is the permanently embedded software that controls a device. Some routers have auto updating capabilities for this, but older routers probably won’t. You can find your firmware version in the admin panel of your router’s interface, and then compare that to the current version on your router manufacturer’s website. Be sure to follow the instructions that the manufacturer provides, as improper firmware updating can render the router inoperable.

Disable Remote & Wi-Fi Admin Access – Remote access allows anyone with login credentials to access the router’s admin interface from anywhere in the world. While this could possibly be convenient for some, I don’t think this is necessary for most home users. Same thing with Wi-Fi access to the admin panel, administrating the router from an ethernet connection will be more secure.

VPN (Virtual Private Network) – Use a VPN to encrypt all network traffic. Think of a VPN is as a secret passageway between your PC and destinations that you visit on the internet. Your web activity passes back and forth through the VPN server. Resulting in your browsing activity appearing to come from that server’s geographical location, not your computer’s location.

More resources:


F-Secure Router Checker
F-Secure Router Checker is a free, web-based tool that checks your router’s settings and detects if it may have been hijacked by criminals. If your router is compromised, every single device on your network is at risk of being hacked.Click Here

Manuals Online
Lost your router’s manual? This is a handy website that can track that down for you.Click Here

Lifewire
Lots of how-to articles on a variety of technologies and gadgets. Click Here

Kaspersky Secure password checker
Great demonstration of strong passwords Click Here

Share on facebook
Facebook
Share on email
Email
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pocket
Pocket
Colby Albarado

Colby Albarado

Colby is a fullstack developer

Back to Home Page

Colby Albarado

Full Stack Developer

A full stack developer is an engineer who can develop client & server side applications. As well as administration of databases & servers.

Languages

  • PHP
  • JavaScript
  • MySQL
  • HTML/CSS

Frameworks

  • Vue JS
  • Laravel

CMS

  • WordPress
  • WooCommerce

Web Dev

Web Development is a process. The creation of a plan to construct something virtual or actual. Websites, graphics and other forms of media require a strong design foundation to be effective.

Capabilities

  • WordPress Plugins
  • Custom JavaScript Apps
  • Front End Development
  • Custom Programming

Contact Me

SEO

SEO Ranking in any search engine requires a persistent endeavor to improve user experience and online visibility, while creating especially relevant content for your audience. Boosting organic traffic to your website can be achieved through relevant content creation, keywords, link building, monitoring and data testing.

Capabilities

  • Local SEO Ranking
  • Organic Search Ranking
  • OnPage SEO Implementation
  • Analytic Reporting
  • Traffic Analysis

Contact Me

WordPress

WordPress is extremely user friendly and flexible. It powers over 75 million sites worldwide. We are WordPress experts and can handle brand new sites, complete redesigns and overhaul and custom plugins for the WordPress system.

Capabilities

  • New Websites
  • Managed Hosting
  • WordPress Updates
  • Plugin Development
  • WordPress Management

Contact Me

Video

I provide full scale post production video services. Social media & promotional video. On-screen graphics, special effects and professional voice-overs are just a few of the services provided.

Capabilities

  • Post Production
  • Social Media Videos
  • Motion Graphics
  • Animation

Demo Reel Coming Soon!

Contact Me

GuyGlassesIcon

Contact

Submit this form to make contact about your project

Clients

I’ve worked with a variety of clients that range in size and industry

Feedback

Holly Lynn-Cope
Moncus Park
Colby at Eyebox Media has not only created a gorgeous website for us at Moncus Park, but he has also made it so easy for a WordPress novice like myself to update our website.
Michelle Morales
Punch Point Tools
I have been working with Colby for a few years now, and he has helped me with everything I asked of him. He has designed my website twice and understood exactly what I wanted each time. Very easy to work with and looking forward to working with him again.
Michael Olivier
CrossFit Amis
Colby is a highly qualified professional website builder and marketing consultant. He works to resolve issues quickly. I have complete confidence in Colby and am absolutely satisfied with our finished product, a complete website overhaul.
Scott Hutchinson
Hutco Inc
Created a unique marketing plan that was executed timely and affordable. Very satisfied.
Laurie Driggs-Fontenot
Ninety-Two West
Colby is professional, thorough, and knowledgeable. Would work with him again!
Brandon Chatham
Blast Tech
Excellent support and very responsive when we need to add functionality. I would recommend them to anyone!

Message Sent!

Thanks! I'll be in Touch Soon!