How to Set Up a Secure Home Network
A home network is a group of devices (computers, game systems, printers, smartphones, tablets, and wearable devices) that connect to the internet and each other.
A home network can be connected in two ways:
- A wired network which is used to connect printers and scanners, or,
- A wireless network that connects devices like tablets and mobiles without wires.
A secure home network is an essential aspect of internet safety. Hackers can exploit vulnerable networks to carry out a range of cybercrimes such as installing malware, carrying out data and identity theft, and creating botnets. In this guide, we talk you through the main steps you need to take to secure your home network — helping you and your family use the internet safely.
How to change the name of your default home network
The first step in securing your home network is to change your network’s name. Your network’s name is known as an SSID – this stands for Service Set Identifier. If you open the list of Wi-Fi networks on your laptop or smartphone, you will see a list of nearby SSIDs. Routers broadcast SSIDs so nearby devices can find any available networks.
SSIDs can be up to 32 characters in length. Typically, manufacturers create default SSIDs by combining a company name with random numbers and letters. It’s a good idea to change your SSID name because:
- If criminals know the manufacturer of your router, they may know the model's vulnerabilities and how to exploit them.
- A non-generic name may keep network attackers or hackers away since it shows your router is more carefully managed than routers using default generic names.
Change the SSID so that it doesn’t disclose the router brand or model. Avoid an identifier that includes any personal information, such as your name, address, or phone number. It's good to use a bland name for your SSID – one which won’t attract the attention of hackers scanning Wi-Fi networks in your area.
Use a strong password for your router
Wireless routers typically come pre-set with default passwords. Hackers can guess these, especially if they know the manufacturer of your router. Therefore, changing your password as soon as you can helps with home router security. You can usually do this by connecting to the router’s management interface through your browser – the address should be the router’s default IP address found on its bottom sticker or in the set-up guide.
A strong password is at least 12 characters long – ideally more – and contains a mix of upper- and lower-case letters, numbers, and symbols. For a secure home network, it is a good idea to change your password regularly – every six months or so.
Strengthen your Wi-Fri encryption
Encryption is an important aspect of any Wi-Fi-protected set-up. Most wireless routers come with an encryption feature, which is usually turned off by default. Turning on your home router’s encryption setting can help secure your network. There are four types of Wi-Fi protection systems commonly used to secure transmissions so that only the user’s device and the Wi-Fi router can read the contents of the transmission.
- Wired Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access 2 (WPA 2)
- Wi-Fi Protected Access 3 (WPA 3)
WPA 2 and WPA 3 are the better options for those wondering how to secure Wi-Fi, as they are newer and more secure. The older WPA and WEP versions are vulnerable to brute force attacks.
If your router gives you the option, consider creating a guest wireless network, also using WPA 2 or WPA 3, and protected with a strong password. Use this guest network for visitors: friends and family will most likely not want (or need to) hack your network. Still, they may be using devices that have been compromised or infected with malware before using your network. A guest network helps to enhance home network security.
Use a VPN for additional network security
Virtual private networks or VPNs are mainly used to improve privacy on the internet. VPNs encrypt your data so that a hacker can’t tell what you are doing online or where you are located. The protection offered by the VPN goes through the router, so even if the encryption provided by the router is compromised, you still have the VPN encryption to make your data unreadable.
For those considering how to secure your IP address, a VPN can help. A VPN alters your IP address, making it appear that you are using your device from another location than your home address. VPNs can be used on desktops, laptops, phones, or tablets.
Keep your router firmware up to date
It is good cybersecurity practice to keep your software up to date – and that includes your router firmware. Older firmware will have vulnerabilities that hackers can exploit. Some routers allow users to check from the management interface if firmware updates are available, and a few may offer automatic updates. You can also check the vendor’s support website to see if updates for your router model are available.
Sometimes the triggers for firmware updates are news stories about significant virus attacks. The outbreak of a severe attack will motivate the router manufacturer to review its firmware codes to ensure its equipment is not vulnerable to the new attack. If it is, they will issue a security patch – hence the need to stay updated.
Use a firewall to protect the devices on your network
A home firewall protects the devices connected to your network from intruders on the internet. They effectively act as a one-way digital barrier by blocking access to your network from devices on the internet while simultaneously allowing devices on your network to connect to devices on the internet.
Most routers come with network firewalls enabled, so check that yours is enabled. If your router doesn’t have a firewall, you can install a good home firewall solution on your system to prevent router attacks.
Consider changing your router’s IP address
Default router IP addresses are easy for hackers to find. Sometimes they can even be found online. For extra protection from router attacks, you can change your router’s address.
Log into your router admin console and search for network settings or LAN/DHCP. Change your IP address and save. Note the new address.
It should be sufficient simply to substitute a couple of numbers. Once changed, you use the new address to access your router settings. If for any reason, you need to change your IP address back again, you can restore your router to its factory settings.
Set up a separate network for IoT devices
The Internet of Things (IoT) is a term used to describe physical devices other than computers, phones, and servers, which connect to the internet and can collect and share data. Examples of IoT devices include wearable fitness trackers, smart refrigerators, smart watches, and voice assistants like Amazon Echo and Google Home.
The Internet of Things has cybersecurity implications:
- The greater the number of devices connected to the internet, the more potential entry points for hackers.
- Not all IoT devices have a great security track record.
For those looking to maximize their router security and avoid router attacks, you could set up a separate Wi-Fi network for your IoT devices. This is known as a VLAN – a virtual local area network. With a VLAN, you can ensure your most valuable devices – computers and phones, which contain the most sensitive data – are on one network, and your less secure IoT devices are on another. This removes the risk of poorly secured IoT devices acting as potential entry points for hackers to compromise your computers or phones.
Using a VLAN doesn't limit functionality since most IoT devices are controlled through smartphone apps connected to cloud services. Most of these devices don't need to communicate with mobile phones or computers directly over the local network after their initial set-up if they have internet access.
Turn off Universal Plug and Play
Universal Plug and Play (UPnP) helps devices in your home discover your network and then communicate with their manufacturer for firmware updates and supplies. UPnP is a critical element of the Internet of Things, but unfortunately, it's also a channel for hackers to infect devices and include them in botnets. UPnP can also be used by malware programs to obtain high-level access to your router's security settings.
Your router has to cooperate with the UPnP system so that your household gadgets receive access to the internet. Because many devices don't have password protection or use the same password for all devices, these smart pieces of equipment can be a security vulnerability.
UPnP helps a device get set up, but once it is working, it's advisable to switch off its UPnP capabilities and turn off UPnP compatibility in your router.
Disable remote access to protect your network from intruders
Many routers come with features designed to make remote access from outside your home more straightforward. However, unless you need admin-level access to your router from somewhere else, you can usually safely turn these features off from the router settings panel. If you have remote access disabled, you reduce the risk of people remotely accessing your router and tampering with it.
To do this, open your router's web interface and look for the "Remote Access," "Remote Administration," or "Remote Management" feature. Ensure it's disabled — often, it is disabled by default on many routers, but it's worth checking.
If it turns out that some of the apps and devices on your network rely on remote access, you can always enable the feature again if you need to.
Use MAC address filtering to keep unwanted devices off your network
Many routers allow users to restrict which devices are allowed on their Wi-Fi networks based on their MAC address. MAC stands for “media access controller”, and a MAC address is used to identify devices on a network. Enabling MAC address filtering can prevent attackers from connecting to a Wi-Fi network even if they know its password.
Your router’s console will contain a menu item called “MAC filtering” or “MAC address filtering.” Every device that can connect to a network has a MAC address that is unique. You must find the address of each device you wish to allow on your network and then enter those addresses into the router and turn on the MAC address filtering option.
It is worth noting that MAC addresses can be faked, and sophisticated attackers know how to exploit this. An attacker still needs to know one of the valid addresses for that network to break in, but this is not difficult for anyone experienced in using network sniffer tools. That said, MAC filtering prevents average hackers from gaining network access – so it provides another layer of protection when securing a router.
Think about where you position your router
If you can, locate your router in the center of your home. Not only does this distribute network access more evenly, it also helps to put your network out of reach/view from hackers. It’s a good idea to keep routers away from windows and external doors if you can.
Remember that routers radiate above and below as well as horizontally. If you have a two-story home, placing the router on a high shelf on the lower level will help ensure that the upper level will receive coverage as well as downstairs.
Turn your network off when not at home
One of the easiest ways to protect your home network is to turn it off when you're not at home. Turning your Wi-Fi off while you're away reduces the chances of hackers attempting to break into your home network when you're not at home.
As well as reducing security risks, unplugging the router when you’re not there also prevents it from being damaged by power surges.
Keep your devices healthy
The computers and other devices in your home can provide entry points for hackers to get onto your router. Many of the devices connected to your network will be portable – for example, laptops, tablets, and smartphones. Portable devices are more likely to get infected since they connect to other networks and potentially use public Wi-Fi. There is more risk of virus infection and hacking attempts outside your home. Equipment that never leaves your home is only exposed to one internet access point, making it less likely to be infected. To keep your home router safe, remember to practice good cybersecurity hygiene:
- Keep software up to date and allow automatic updates. Patches and new releases for operating systems and applications are often issued to plug security weaknesses.
- Protect devices with long, difficult-to-guess passwords which are all different from each other. A password manager can help with this.
- Make sure your devices are protected by comprehensive antivirus software. For example, Kaspersky Total Security protects your devices against hackers, viruses, and malware.
By following the steps mentioned above, you can maximize wireless network security – giving you added peace of mind when using the internet at home.