In today’s world, a home network security plan is crucial, but what is the proper way to go about it? It can sometimes be difficult to decide what security measure is most important, while also deciding which ones are useless. The truth of the matter is that what is important and what is useless depends entirely on the situation. I’ll explain what I mean below:
There is something that you need to understand first, something that might come as a surprise, but should not scare you or discourage you. In fact, it should make you want to make the right decisions to implement your home network security plan. Here is that crucial piece of knowledge:
A home network will never, ever be completely secure. A secure home network does not exist. If a person wants to get into your network badly enough, it is possible. There is nothing we can do to stop it, only deter it.
Now, this is not the time to become distrustful or give up. This is simply a fact of life that many others know. Anyone in IT or security knows this as well, and will tell you the same thing. Still, so many IT experts recommend having a home network security plan because they do help.
HOME NETWORK SECURITY’S GOAL
When it comes to choosing and building your home network security, you should go into it keeping in mind that it will not be one hundred percent secure. Instead, you should be focused on making it as difficult as possible for intruders to enter the network. Having a plan that is creative and implemented well is the best possible first step.
You need a plan in order to be successful.
Nothing great is ever achieved “by accident” and that is true here. This article will teach you how to design and implement a fantastic home network security plan that will achieve your goal of deterring intruders.
BUILDING HOME NETWORK SECURITY PLANS
Much like layering in the winter to protect against cold, the best home network security plans have layers. To create those layers, you implement a different technique.
Having only a WPA2 encryption on your WiFi is like wearing a t-shirt in a blizzard. All a person has to do is crack the password and they are into your home network. But, if you add in a mac address filter, they have to go through that as well – possibly deterring them.
Think about what happens if you add even more. To get around many different layers, a person will have to have many different knowledge basis and tools at his disposal.
Simply put: the more security you have in place, the harder it will be for one person to break due to the sheer amount of knowledge, time, tools, and brainpower it will take.
WiFi Security Layers to Consider
The following security options are popular because they work and they are fairly simple. You can use just a couple or a majority of them to provide the level of security that you feel you need. However, it is highly unlikely that you will need to use all of them, as doing so will only stop your own progress and access within your network. Keep in mind that these security measures can slow down performance. This is only an example of a home network security plan:
- Change the Default Password
As soon as your get a router, changing the default password is highly important. If you do not change it, someone could easily login and change the settings to whatever he wants them to be without your knowledge. This step is simple, but it also crucial so the rest of the home network security plan works.Note: This is not the same thing as the password one would need to connect to the wireless.
- WEP Encryption
WEP Encryption is very simple to use and should be your next step. However, this should not be the only step you take. It keeps the average user from hacking in, but someone with the tools and knowledge can crack the code in seconds. When paired with other types of security, however, it is another hurdle that might add up to a job that a potential hacker will not do. Remember, you are trying to deter hackers.
- WPA vs WPA2 Encryption
WPA (Wireless Protected Access) has a new version: WPA2. These two options are far stronger than WEP. They use an encryption method called Temporal Key Integrity Protocol or TKIP is a thing of the past due to security holes, and now WPA2 uses Advanced Encryption Standard (AES). Why are WPA and WPA2 so difficult to crack? They require special software, knowledge, and tools. With a WPA2, even someone who has the software can need weeks to get the password and hack into your network.Remember: Using a common word (such as a word from the dictionary, a street name, or a pet’s name) makes it easier for the hacker to crack. It is highly recommended that you use a complicated password with capital letters, lowercase letters, numbers, and special characters in a nonsensical way. You can always write down the password and keep it somewhere safe for future use. Typically, you won’t use this password every day, so it won’t be a hassle.
- Enterprise vs Personal:
WPA/WPA2 Enterprise necessitates an authentication with a Remote Authentication Dial-In User Service (a RADIUS) server before anyone can gain access to a network. WPA/WPA2. Personal simply needs a pre-shared key or passcode to end the network. A Personal is the most popular choice, but if you have the funds, a RADIUS server is an option as well. Remember that while this is a strong defense, the strength of the WPA2 encryption falls in the strength of the password.
- Don’t Broadcast the SSI
This is a basic low-level security measure for you home. Simply put, your WiFi network can show up to anyone in a certain radius that has WiFi. Through this step, it no longer will, making it less of a target. Hiding it makes it that someone will have to know the name of the network in order to connect. Of course, there are programs that will find these hidden networks, so it isn’t fool-proof. Still, a random hacker probably won’t go to that extreme, especially when most of your neighbors won’t have their SSID hidden. The only downside to this method is that you will have to manually type the name of your network into a new device in order to connect it. Still, you can just write that down wherever you have your passwords, and it won’t cause too much trouble.
- Wireless MAC Filtering
Wireless MAC Filtering allows you (or someone else with access) to create a list of authorized mac addressed that have the access to connect to your network. You can also create a list of banned mac addresses that will not be able to connect. Still, the addresses are sent to your wireless router without any encryption, meaning that the hacker can dig around until they find a mac address they can take over and use. They can even simply take over your computer and give themselves, or many other people, access to your network. Once again, the malicious hacker will need to have the software and know-how to do such a thing. This system can complicate things if you buy new devices frequently and can take up some time to edit the list of authorized addresses and remove the old ones.
- Limit the Number of Devices Able to Connect
Another step you can take is to only allow a small number of devices to connect to your routers. This is great if you have a small family or only use a small number of devices. If a device is turned off, another one can take its place, making it easier for guests or family members to connect. Taking this step means that a hacker cannot attach a bunch of devices to your network in order to overwhelm it.
- No Access to Admin Interface via WiFi
You can prevent any device that is connected to the router through WiFi from using the administrative interface. That means the only devices that can use those tool shave to be connected to the router using a LAN port. That stops many hackers because they would have to be in your house. No one from outside the home will be able to change any settings or lock you out of your own network in order to do something malicious.
- Turn Off DHCP
While this isn’t a strong type of security, it is another hurdle for a malicious hacker to jump over. By turning off the Dynamic Host Configuration Protocol or DHCP, you will have to configure the IP settings on each and every device by hand to connect to the system. Still, it is not that difficult for a person to guess the IP address they would need to get into the system. One might have to understand subnetting for that access, and the simple “guess and check” method could take time.Remember: It is all about the layering of security to deter the malicious user.
- Require HTTPS for Web Administration Access
Another great security tool for your home network is to require HTTPS rather than just HTTP to access the administrative interface. By doing this, you ensure that there is a secure or encrypted connection between the device you are using and the router when you decide to make any changes. All you need to is use a modified URL when using the web: https://192.168.x.x instead of https://192.168.x.x. All browsers support HTTPS because it is such a great security measure for your home network.
- Decrease the Size of the WLAN Subnet
We have already discussed a similar setting that limits the number of devices that can be connected to the router at a single time. There is a difference between this measure and that, however. If you are using a small subnet or there are less IPs available to be assigned to devices, it lessens the chance of a large group of people connecting to your router and overwhelming your system. Most routers, by default, have a full Class C network for your LAN, which means 253 IPs can be assigned to devices. Unless you have a rather large family with a super large budget, you will not have near that many devices. The manual you receive with your router probably won’t cover how to do this, especially because you need knowledge of IP subnetting, but there are various sources on the internet that should be able to help you.
EXAMPLE OF A HOME NETWORK SECURITY PLAN
As you can see, there are many different tools available to you for no extra cost (just a little extra time) to provide great security for your home network. You can pick and choose based on your own lifestyle what suggestions above will work for you, and won’t help you.
Remember that layering is the best way to prevent a catastrophic security breach. Remember that you DO NOT have to use all of them. In fact, using them all will only hurt your own usage. Planning for your security is highly important so you know what steps to take in order to achieve the level of protection that you feel you need.
Here is an example of what you might do on a home network.
Remember: this is not a “one size fits all” solution to home network security – it is simply what could work for you.
- Change the factory password for your router to one that is a STRONG (nonsensical word with letters, symbols, and numbers) password.
- WPA2 Personal Encryption with a STRONG password
- Call for HTTPS to access the administrative interface
- Stop broadcasting your SSID
- Put a limit on the devices that can connect
- Think about the number of devices your family uses, and then add one or two for guests.
- The sheer amount of layers is what makes this a good plan. The first thing a person looking to break into a home network looks for is an SSID – yours is gone. Then, he would spend the next week or two trying to break into your WPA2 encryption.
Want to make it even more secure? Change your password every few weeks to deter anyone who could be working on that process. Even if he does crack it, he might not be able to connect because the maximum number of devices are already connected.
Working around all of these layers will take time that the hacker might not have, or they may get bored and move onto someone else who does not have such a secure network.
You might not want to use a MAC filter because buying a new device or having guests can cause problems and take up valuable time. On the other hand, if you don’t mind this, go ahead and add that security measure as well.
The typical user that will try to break into your system will either be a nosy neighbor or someone who wants to use your internet without paying for it. Having these security measures in place will deter those people and make them move on to someone else who is easier to hack. If someone really wants to get into your device, for whatever reason, it is possible. These layers will just make it far more difficult.