10 Easy Tips to Secure Home Networks

Secure your Home Network in Ten Easy Steps

Following the suggestions below will greatly increase the security of your home network. Attackers know home networks are usually not well protected and they target them to create botnets and other underground activities; don’t be a victim.

  1. Update your software – This may sound trivial but it’s the number one thing that causes issues for home users.  Pay special attention to Windows Updates and Adobe Acrobat, Flash, and Java updates, as they are common targets for bad guys.
  2. Run Antivirus – Even in this day and age Antivirus still matters!  For home networks it’s especially important because there are less layers of defense than corporations.
  3. OpenDNS – OpenDNS provides DNS servers free for home users where you can customize and see reports about where devices on your network are going online.  This is a great way to provide content filtering for all devices on a home network.  The easiest way to use this service 
    is to set your routers DHCP DNS servers to OpenDNS’ servers.  Setting this in your router will ensure that all your Internet connected devices are protected.
  4. Check your router to make sure “Remote Administration” is turned off.  You can do this by going to http://192.168.1.1 or http://192.168.1.0 on most models.  The username and password on most models will be admin/admin or admin/password.  On a Linksys it will typically look something like this:Linksys e4200 Remote Administration Page
  5. Check your router’s wireless settings and make sure you have WPA or WPA2 enabled.  WEP has been broken for many years and its trivial for any attacker to break into.  At NBG Networks we still encounter clients that have wired equivalency protection (WEP) networks; they have usually already been hacked into.
  6. Port Scan Yourself – Scan for common open ports and close any that shouldn’t be open in your router.  You may have to disable UPNP if you can’t find another way to close open ports that you don’t need open.
  7. Don’t connect unnecessary devices to the Internet!  I’ve seen my fair share of webcams that were accessible to the whole world.  If you need to access devices remotely, create a VPN with dd-wrt or a firewall that supports VPN.
  8. Install DD-WRT – This is a great upgrade if your router supports it.  List of supported routers.  With DD-WRT you can turn your old Linksys into a fairly powerful home firewall with VPN support.
  9. Encrypt important documents with TrueCrypt.  The easiest way to do this is to create a “virtual encrypted disk.”  TrueCrypt will create a flat file that you can mount as a drive letter only with your password.  Don’t lose your password there is NO way to recover it.
  10. Create your own firewall from scratch with pfsense.  Don’t throw away that old PC; turn it into a powerful, fully functional firewall!  You’ll need at least two network cards and some free time to install pfsense and configure it.  Pfsense offers great caching, arp spoofing protection, network antivirus and, best of all, its free!

CV3NCSCAVHPK

 

Follow Me

Nick Gibson

Nick Gibson is a United States computer security expert and founder of NBG Networks LLC. He has worked in security regulated industries like healthcare and finance for over a decade.
Follow Me

Latest posts by Nick Gibson (see all)

2 Responses

  1. Those are some good points that you’ve displayed. I would like to add one more tip, change the router’s wi-fi password at regular intervals.

    At certain time we may have visitors that we share our passwords with for them to connect to the Internet. They might intentionally or unintentionally leak our passwords to a malicious third party, thus updating the wi-fi password may prevent future harm.

  2. Hi Fauzul,

    That’s a good tip! Another one I see a lot is when Verizon installs FIOS service for business or personal use, they set the encryption to WEP and the password is easily decrypted by putting the SSID into a calculator that can be found online.

Leave a comment