Scroll Top
Get in Touch
SECURITY GUIDE

Table of Contents

Related Articles

How to Secure Your Home Wi-Fi

Introduction

Our homes are now packed with a number of gadgets and devices that need an internet connection, thanks to our increasingly technological environment. Our increasing dependency on the internet to connect all of our things, whether it’s our computer, tablet, phone, fridge, TV, or baby monitor, has opened the door to many risks and security issues. Many people are simply unaware of the security threats that these devices might pose if not adequately secured by a secure Wi-Fi network. We will never leave our front door unlocked, but keeping our Wi-Fi networks unlocked exposes us to the same security threats. Unlike physical networks, Wi-Fi systems can reach outside your home’s confines. It’s difficult to keep track of who has access to your home network once the password is out in the open. As a result, you should think about making some adjustments and creating some habits to defend yourself from intruders, snoopers, and internet carpetbaggers.

When it comes to keeping attackers out and protecting your data, securing your home network is critical.

  1. Basic Security Measures:

    • Change default Wi-Fi name (SSID) to deter hackers.
    • Create a strong, 20+ character password with varied characters.
    • Enable WPA2 encryption for enhanced network protection.

  2. Network Segmentation:

    • Use VLANs to separate work and children’s devices for improved security and performance.

  3. Additional Security Measures:

    • Turn off network name broadcasting for added privacy.
    • Keep router software updated to address vulnerabilities.
    • Activate the router’s firewall and consider using VPNs for extra protection.

  4. Wi-Fi Interception Risks:

    • Be aware of ‘WiPhishing’ and rogue wireless access points.
    • Secure Wi-Fi with a strong password to prevent unauthorised access.

  5. UPnP Risks:

    • Disable Universal Plug and Play (UPnP) to mitigate security risks.

  6. Firewall Rules and Privacy Settings:

    • Understand and adjust firewall rules; manage privacy settings for local network access.

  7. RADIUS 801.1x Security:

    • Use dedicated onboarding tools for 802.1X security.
    • Consider separate VLANs for children and IoT devices.

  8. Simplicity Matters:

    • Avoid unnecessary complexity in home network security.

  9. WPA-Enterprise Consideration:

    • Evaluate the use of WPA-Enterprise with caution due to device compatibility.
    • Separate networks/SSIDs/VLANs may enhance IoT device security.

How to protect your Wi-Fi home network

It is important to secure your home network in order to keep attackers out and to protect your information.

  1.  Change the default home Wi-Fi name
    Changing the SSID is the first step toward a secure home Wi-Fi network (service set identifier). The network’s name is known as the SSID. Many manufacturers set a default SSID for all of their wireless routers. It’s the company’s name most of the time. When a Wireless Link system searches for and displays the wireless networks nearby, each network that broadcasts its SSID publicly is identified. This increases the chances of a hacker breaking into your network. It is safer to change the network’s SSID to one that does not expose any personal details, thereby deterring hackers.
  2. Create a secure password for your wireless network.
    A default password is pre-programmed into most wireless routers. Hackers can easily guess this default password, particularly if they know the router manufacturer. Make sure your wireless network password is at least 20 characters long and contains a combination of numbers, letters, and symbols. Hackers would find it difficult to gain access to your network if you use this configuration.
  3. Enabling network encryption
    Encryption is available on almost all wireless routers. It is switched off by default. Enabling encryption on your wireless router will help protect your network. Once your broadband provider installs the router, make sure to turn it on right away. “WPA2,” the most recent and effective form of encryption available, is the most recent and effective.
  4. Segregate your network
    For home users, creating a Virtual Local Area Network (VLAN) to separate work devices from children’s devices is a wise decision for several reasons. Firstly, it enhances security; by isolating your work devices on a separate VLAN, you reduce the risk of sensitive work data being compromised due to less secure activities on your children’s devices, such as gaming or browsing unknown websites. This separation is crucial given that children’s devices are often more prone to malware exposure, and segregating networks minimises the chances of such malware spreading across your entire home network. Additionally, VLANs can significantly improve network performance. Work-related tasks, which may require stable and high-speed internet for video conferences or large data transfers, won’t be hampered by bandwidth-heavy activities like streaming or online gaming typically associated with children’s devices. Implementing VLANs also simplifies the management of network settings, including parental controls. It allows you to apply specific rules, like access restrictions or time limits, to just the children’s network, without affecting your work-related connectivity. Moreover, VLANs aid in troubleshooting; issues on one network (like the children’s gaming devices) won’t impact the other (your work devices), making it easier to isolate and resolve problems. In essence, VLANing work and children’s devices provides a more secure, efficient, and manageable home networking environment, crucial for maintaining a healthy balance between professional responsibilities and family life in the digital age.
  5. Turn off network name broadcasting
    It is strongly recommended that you disable network name broadcasting to the general public while using a wireless router at home. This function is often useful for companies, libraries, hotels, and restaurants that want to provide customers with wireless Internet access, but it is rarely needed for a private wireless network.
  6. Keep your router’s software up to date
    Router firmware, like any other software, may contain bugs that can transform into major vulnerabilities unless they are rapidly addressed by manufacturer firmware releases. To ensure that no security hole or breach is left accessible to online predators, always install the most recent software available on the device and update the most recent security patches.
  7. Make sure you have a good firewall
    A “firewall” is a programme that protects computers from malicious attacks. While most wireless routers have built-in firewalls, they are often delivered with the firewall turned off. Make sure the firewall on your wireless router is turned on. If your router doesn’t have one, make sure you install a good firewall solution on your computer to keep an eye out for unauthorised access to your wireless network.
  8. Use VPNs to access your network
    A virtual private network, or VPN, is a set of computers or networks connected through the Internet. VPNs, such as Norton Secure VPN, can be used by individuals to secure and encrypt their messages. A VPN client is opened on your device when you connect to a VPN. Your machine swaps keys with another server when you log in with your credentials. All of your Internet contact is encrypted and protected from prying eyes until both machines have checked each other’s authenticity.

Securing the home network should be a top priority for everyone concerned about the safety and security of their data. These measures are simple enough for even the least tech-savvy person to follow. Also, bear in mind that the security of your wireless network can be lax at times, rendering it vulnerable to exploits. If cybercriminals can simply hijack your Wi-Fi info, it doesn’t matter how good your password is or if your software is up to date. As a result, we’ve put together this guide on how to protect a wireless network. However, you should still be on the lookout for vulnerable Wi-Fi routers, since most would likely still use WEP and disregard these security measures.

How Wi-Fi can be intercepted

With the increasing availability of wireless technologies for computers, new security issues have arisen. Interception of unencrypted wireless network traffic, resulting in the compromise of sensitive information.

  • ‘WiPhishing’ is the process by which you secretly set up a laptop or a wireless access point to link devices as a prelude to hacking attacks. Some download viruses, worms, and keyloggers, while others intercept network traffic to gain access to sensitive information such as user IDs, passwords, or credit card numbers.
  • Rogue wireless access points are wireless base stations that are installed without authorization on a university network. Rogue wireless access points usually allow wireless transmission intercepts, thereby circumventing network security controls such as firewalls that protect the University from hackers, worms, and other threats.

Who is on your Wi-Fi?

And if you find that a neighbour is stealing your Wi-Fi, you don’t need to go after them or make a scene—a simple change in router protection would put a stop to it. Return to the web interface of your router and search for the option to update your password (usually under the “Wireless” section somewhere). If you don’t have a password, you should create one right away, and it should be powerful. Without a password, any passing amateur hacker can access your personal information. WPA2 is the password type to use because it is far more difficult to crack than the now-outdated WEP. If you have WPS enabled, you should disable it because it makes cracking your Wi-Fi password easier. (You can always activate your router’s guest network if you want to allow guests to use your Wi-Fi without giving them access to your devices and information.) If you already had a password perhaps it was weak and simple to guess changing it to something different should be enough to keep your neighbours out. Of course, you’ll have to re-authenticate all of your computers, but you can feel a little better knowing that everything on your network is yours.

Universal Plug and Play

The Universal Plug ‘n Play approach allows your home’s computers to explore the network and then connect with the manufacturer for firmware updates and supplies. In building the Internet of Things, UPnP is a key factor. It’s the technology that ‘intelligent’ domestic devices. In essence, smart devices can connect to the internet. Hackers have a channel via UPnP. In order for those household devices to connect to the internet, your router must work with the UPnP system.

While the idea of self-tuning devices was appealing at first, the lack of password protection on most devices, as well as the propensity for manufacturers to use the same password on all devices, makes these smart devices a security risk. UPnP makes it easier to set up a computer, but once it’s up and running, switch off its UPnP capabilities. In addition, you can disable UPnP compatibility in your router. Hackers have been able to infect household computers and use them in botnets thanks to UPnP. A botnet is a collection of devices that can be programmed to send access requests to a single computer at the same time, effectively shutting it down.

Firewall rules

Understanding why the firewall isn’t switched on by default and whether you should activate it first necessitates a clear understanding of what a firewall does. It’s more than just a security turn, as some Windows users mistakenly believe. This form of firewall has only one function: it blocks incoming connections. Some firewalls even let you block outgoing connections, but Mac and Windows’ built-in firewalls don’t. Look elsewhere if you want a firewall that lets you select whether or not those programs can link to the Internet. Incoming connections are only a concern if there are applications that are listening for them. That’s why a firewall was so critical on Windows all those years ago: there were so many services listening for network connections in Windows XP, and worms were exploiting those services.

 

Apps that connect to your local network will gather data about nearby devices to find out which networks you join and when. This data could be used to construct a profile of you. Any app that wants to connect with devices on your network, such as WhatsApp, must ask for permission the first time it attempts to browse your local network on iOS and iPadOS. The message can be customized by the app developer to explain why the app needs access. To give the app access to your local network, tap OK. You can tap Don’t Allow if you don’t want to grant access or if the app’s need for access is unclear.

You may also use a system such as Air Print, Airplay, Airdrop, or Home Kit to link to the Internet or to communication with a local network. You can change your mind at any time and allow or deny an app access to the local network. Go to Privacy > Local Network in Settings to see a list of all the apps that have requested access. If you have concerns about whether an app needs access to your local network or how access is used, you can contact the app developer.

RADIUS 801.1x

However, the security of 802.1X is highly dependent on two factors. If end users are left to manually configure their computers, the first variable occurs. The configuration method necessitates advanced IT expertise, and if one stage is missed, they leave themselves exposed to credential theft. Instead, we strongly advise you to use dedicated 802.1X onboarding tools. The second variable is determined by whether a company uses credential-based or certificate-based authentication. The safest way to use 802.1X is with certificate-based EAP-TLS, which decreases the chance of credential theft substantially. It not only prohibits credentials from being sent over the air, where they could be easily stolen, but it also allows users to complete an enrollment/onboarding procedure that ensures their devices are properly configured.

It makes sense to have a separate VLAN (and SSID) for the children. If you’re very paranoid, a separate VLAN (and SSID if necessary) for IoT crap is probably a good idea as well, because so much of it is utterly horrifying. Beyond that, I wouldn’t add much more complexity, particularly for home use.

If you’re feeling very daring and want to exclude one of those SSIDs, you could bypass the separate SSID for the kids and instead use WAP-Enterprise with RADIUS authentication and RADIUS allocated VLANs. The good thing about WAP Enterprise is that the SSID no longer uses a single password, and whoever has the password will connect to your Wi-Fi. With RAIDUS authentication, you have a lot more leverage. When the kids log into Wi-Fi with RADIUS allocated VLANS, you can automatically position them in the appropriate VLAN, removing the need for a second SSID.

The disadvantage of WPA-Enterprise is that certain devices (such as game consoles) do not support it; the easiest solution is to hardwire them as they should be, or you can purchase a Wi-Fi gaming bridge that supports WPA Enterprise. WPA Enterprise isn’t always enabled by IoT users, but that’s yet another excuse to place them on their own Wireless network/SSID/VLAN.

Picture of Daniel Phillips
Daniel Phillips
TO STAY SECURED
Contact Us