11 Simple steps to a more secure home network

Working in cybersecurity is, in many ways, just like working in any other IT field. People assume that you know everything there is to know about technology and they want advise for using it at home.  My favorite of these types of requests is when people ask what they can do to secure their home networks. Because the topic of security is not often well understood, people don’t even know what to ask besides simply “what can I do to make my network safer?”. Occasionally, there is the more pointed question such as “how do I keep my kids safe on the Internet?” or  “How do I keep hackers out?”, but I’ve yet to encounter a more specific inquiry than that.

To address these concerns, I’ve held special forums and classes specifically focusing on steps people can take to gain control over the security of their home networks.  For those who have not had the pleasure of attending any of these events, I’ve decided to write a series of articles focusing specifically on Internet security at home, starting with this one.

Primary concerns about security at home

From my experience, there four general concerns that people have with regard to security in their home networks. Most often, these concerns come from parents with children old enough to start using computers and smart devices. Interestingly, each of these concerns align with the same security principles I work to implement in businesses. All of which can be addressed using a handful of simple measures. In no particular order, the home security concerns I most often encounter are:

  • Protecting against intruders.
  • Protecting against malware (commonly known as “viruses”).
  • Controlling the content children have access to.
  • Maintaining visibility over what children are doing on the Internet.

Whether your concern is about protecting the information and systems you have at home or more about preventing your children from getting into trouble online, all households could probably do more to secure their networks. The following solutions can go a long way towards that goal.

Anti-malware (aka “antivirus”) software

Anybody who is old enough to remember using Windows XP is more than likely very familiar with “antivirus” software.  There was a time when most people were concerned about anti-malware protection because it was a threat to everyone. In the past decade, Microsoft and Apple have developed many security mechanisms, changed their operating systems significantly, and improved system patching. The result is that many people now simply don’t worry about malware anymore. It has become too easy to simply trust that your system is protected, not concerning yourself with whether you are truly protected.  That is, until you fall victim to it.

Anti-malware software won’t stop malicious programs from reaching your devices. It will, however, help to protect your devices against being affected if and when it makes its way onto your system. In order for it to do that job effectively, though, your anti-malware software must be active and kept up-to-date. To provide the best protection, ensure every device has anti-malware software. This includes computers, tablets, and smart phones.

Updates

The greatest source of vulnerabilities that malware takes advantage of is flaws in software and operating systems. Patches and updates are the method used by all software companies to fix those flaws. When software and OS updates are delayed, the flaws remain. One of the most important things you can do to protect your devices from hacks and malware is to keep them up-to-date. All of them.

Firewalls

Firewalls are an oft misunderstood technology. They offer unique protection to your network, but only if used properly.  The purpose of a firewall is to act as a sort of gate-keeper for various types of network traffic. When configured appropriately, they allow the traffic you want to pass through while blocking traffic you do not want.

Computer communications are complicated and use many different protocols through many different channels, called “ports”.  Internet traffic uses specific protocols and ports that are different than those used by your cloud storage, Netflix, or even your favorite video games. The point is that each of the different tasks we use the Internet to perform use different ports and protocols.

Malicious software and hackers often exploit open, unrestricted ports to gain access to networks and systems. By configuring your firewall to restrict all inbound and outbound traffic and then explicitly enabling only the traffic that you want to allow, you can seal up the figurative sieve  that is your network and turn it into a controlled set of pipes only allowing the traffic you want and to where you want it. This limits the ability for intruders to gain access and can even help restrict malicious code from functioning and spreading.

Firewalls come in two flavors: software and hardware. Software firewalls run on a device and restrict only traffic to and from that single device. It is best if a software firewall is installed and active on every device. Hardware firewalls exist on the network, usually as a function of a home router, and restrict network traffic flowing in and out of the entire network. To be best protected, you should use both.

Web filters (aka web proxy)

A technology that is often confused with a firewall is the web proxy, also known as a web filter.  This confusion happens because, similar to a firewall, a web proxy can block Internet traffic, something normally attributed to firewalls. Web proxies are not firewalls, though. They function differently and offer a different kind of protection and benefit. Like firewalls, they come in two flavors: hardware and software. Both serve the same ultimate function for the home network, though hardware versions have some added benefits. Software web filters are simpler to set-up and manage and, in most cases, are more appropriate for home use.

Without getting into how exactly web filters work, the benefit they offer is the ability to categorically control access to Internet content. Unlike a firewall, which requires you to explicitly restrict each and every address you wish to block (or allow), a web filter is able to allow or deny access to websites simply by their classification. Several companies, including Symantec, maintain databases that aim to categorize every website on the internet. Web filters use these databases to provide control over what can be accessed. For example, someone might chose to allow access to sites categorized as shopping, sports, entertainment, and social media but deny access to adult content.  Someone using a computer under these restrictions would be denied access to every pornography site that has been identified and categorized as adult content by these companies.

A web filter will not affect malicious programs or intruders in any way. They can, however, help to keep you or your children from accessing untrustworthy websites that might be used to spread malware. It is the most effective tool for gaining control over what content children have access to. If you are using software web filters, they must be installed and configured on every device to be ultimately effective.  They will require some manual maintenance as not all sites are appropriately categorized and you may wish to make explicit exceptions for some sites.

Access controls

When we talk about access controls, there are two types of access that we’re concerned with: physical access and technical (or logical) access. The first should be self-explanatory in that it concerns having physical access to the device. The later is a little more convoluted.

Physical access controls

In the security world there is a saying: “physical access is complete access”.  This is true in the sense that a computer in the hands of someone with knowledge of how to crack into computers is doomed to be cracked. For this reason, computers and devices should always be protected against theft. They should not be placed in plain-view. Places that might entice a potential intruder to break into your home, such as in a window or other areas easily viewed from the outside, are a bad location for computers. Mobile devices, like smart phones, tablets, and laptops should likewise be protected from theft when away from home. Keep them out of plain sight when not in use. Don’t leave them sitting on car seats or other places that would tempt a theft to snatch them up.

Logical access controls

Logical access control is a little different. It addresses who is allowed to have access to what when logging into the system. In basic terms, commonly accepted security doctrine says that people should only have the minimum level of access needed to do their jobs on a computer. At home, that translates to having only the level of access needed to do homework, look things up on the Internet, and watch cat videos. Each person should have their own user account. Only the person responsible for applying system updates and installing software should have administrator rights. Even the person who is the administrator should have a non-administrative account for daily use.

The purpose in assigning non-administrative accounts to everyone is to protect the system. Requiring an administrator to login before anything is installed helps to protect against malicious programs being installed inadvertently. It also helps to protect against intruders gaining access to more than whichever user’s account they’ve compromised. Anything that runs or installs while logged in as an administrator does so with full, unrestricted permissions to the system.

More importantly, the reason for assigning each person their own account is for the sake of attribution and non-repudiation (not being able to deny having been involved in something). Think of it this way. If child A and child B share the same account and you find porn in the Internet history, who do you punish? What do you do when they both deny having looked it up? Separate accounts gives visibility over the activities of each person using the computer and precise control over each of those accounts. Believe it or not, having separate user accounts has even saved people in criminal persecutions, allowing them to prove that they weren’t responsible for illegal content accessed by that computer.

Smart home devices

Smart home devices stand in a category of their own. Mostly because they may or may not have varying degrees of security features. This category of devices ranges from smart phones and tablets to network-connected light bulbs and other IoT devices. Because these gadgets are being developed from the ground-up, there isn’t a well-established standard set of security measures to protect them. There are, however, some basic rules to follow that will make them safer to use in the home.

  • When purchasing devices, try to choose ones that incorporate security features to prevent unauthorized use.
  • If they have a PIN or password, enable and use it, especially for the purpose of making purchases or administering changes to the device.
  • Change default credentials for devices that come preconfigured to require authentication.
  • Use different PINs and passwords of each of your devices.
  • If available, set limits on the number of failed logon attempts.
  • Disable or cover cameras when not in use, if possible (This obviously doesn’t apply to security cameras).
Wireless routers and access points

Wireless access points, such as the built-in Wi-Fi provided through home routers, are the gateway to the home wireless network. They are the single mechanism that provides or denies wireless access to everything else connected to your network. An unprotected wireless network provides anybody who wants to connect easy, unrestricted access to every Internet-connected device in your home. While securing your wireless may not entirely prevent intruders, it will make the task of breaking in much more difficult.

Securing your wireless with a key, or password is the most basic measure you can take to prevent unauthorized access to your network. Like with everything else, if your access point came preconfigured with a password, change it.  If you must enable wireless authentication, there are a few options. For those who may not understand the various security options your router or access point may provide, I’ll lay them out in order of least to most secure.

  • EAP – One of the earliest wireless authentication protocols. Provides basic protections and can be easily broken into.
  • WPA – Developed to provide a better level of security than EAP. Still easily broken into with the right tools.
  • WPA2 – Currently the most secure option for the typical home wireless network.
Wireless devices

Wireless devices pose a danger the most when they are used outside the home. There is the risk that they can be lost or stolen (discussed previously). There are also risks associated with connecting them to networks away from home. It is fairly easy for a malicious nerd to set up a computer intended to wirelessly connect to your device to access your data or to simply monitor traffic on public networks and capture network traffic. That network traffic includes everything people do on it, such as transmitting usernames and passwords to log into private accounts.

It is advisable that you simply do not connect to public Wi-Fi. If you can’t avoid it, only use it for media consumption, like reading the news. Avoid using apps and visiting websites that require you to login. It is better to use your cellular data (if you have it) for things like checking bank accounts, email, and other sites that contain personal or sensitive info.

To prevent hackers from connecting to you, simply turn wireless off. One of the least secure wireless capabilities is Bluetooth. While it is handy, unless you’re using it, you should turn it off. Wi-Fi should also be turned off when not in use. In addition to increase security, disabling Bluetooth and Wi-Fi will also help extend your battery life.  d

Practice safe email

Email remains the avenue of choice to distribute malware as well as for various types of social engineering scams. This has been the case for quite some time and will remain that way as long as it is effective. To help protect yourself against the threats posed through email, learn to distinguish between trustworthy and untrustworthy messages. Here are the basics:

  • Be immediately suspicious of messages from addresses you don’t recognize.
  • Do not click links or open attachments from unrecognized addresses.
  • Nobody wants to give you anything for free. Do not respond to requests for your information.
  • Men and women do not randomly initiate contact with strangers through email to hook up. It’s not 1995 anymore.
  • If you’re still tempted to open a message from a stranger, remember that misspelling common words and use of poor grammar are the signature of Spam and phishing emails.
Social media

Social media is gaining in popularity with individuals committing fraud. They use the platforms to gather valuable information on large numbers of people. This information can be sold to others who will misuse it or simply used for identity theft or other fraudulent purposes. It is advisable that you restrict your friends list to only people who you actually know. Because that may not be realistic for many, simply do not post sensitive information. This includes responding to random surveys about your life, posting about where you live and work, sharing your contact information, and posting about when you will be attending events and traveling. These things can be assembled together to provide much more information about you than any stranger likely should know.

Kids should be discouraged from using social media all-together. There are countless dangers lurking in social media for young people. Bullying, adult content, inappropriate relationships with adults, and even recruiting into prostitution rings are all things kids and teenagers can be exposed to while using these platforms. If children are allowed to use social media, their activities should be monitored.

Establish rules

The best thing you can do to protect your network and your family is to simply establish rules. The weakest link in security is always people. This is especially true with cybersecurity. Clearly communicating rules that address how and when technology is to be used will help to ensure that all the other measures you implement are as effective as they can be. If you are the one setting the rules, you must also follow them. Set the example. You cannot expect others, even your children, to respect and follow rules that you’re not willing to abide by yourself.

About Dustin Wilson

I have been working professionally in Cybersecurity since 2011. I earned my A.A.S. in Computer Science, a B.S. in Cybersecurity, and am currently working on a M.S. in Cybersecurity. Prior to working in this field, I was a computer programmer for nine years.

View all posts by Dustin Wilson →

Leave a Reply

Your email address will not be published. Required fields are marked *