It is easy to secure your home network (guide)
To cybercriminals and hackers, most home networks are like an unlocked door inviting entrance, looking around and stealing whatever is there. Well, fortunately, it is easy to secure your home network.
Not that cybercriminals have the time to look at the trillions of internet-connected devices. Instead, a global network of bots scours the internet looking for insecure routers, IP cameras, Internet of Things, etc.
For example, when the Russian-based Mirai botnet (and its knock-offs like Mozi) finds an insecure device, it seizes control for eventual use. This includes using it to launch a DDoS (denial of service attack), phishing campaigns, click fraud, and stealing files, passwords, and banking details. If you were wondering, my home router had over 8,000 bot break-in attempts in March alone. My network is secure, is yours?
Let’s start with a simple test
Go to Gibson Research and run Shields Up to test your network. You will know if you need to read the rest of this guide in a few seconds.
What is an insecure device?
Anything that connects to the internet is at risk. It has two main features. First, and most important is that it still has the default administrator password – usually admin/password. Changing the admin password alone should slow any Bot attack.
Unfortunately, the second feature is old or outdated firmware, which can be harder to fix. Billions of IoT devices have never had a firmware update to close security loopholes, and Mirai can take advantage of these. Most loopholes are manufacturer back-doors to allow them access for testing purposes. Some loopholes use the IoT device’s inbuilt webserver to launch a brute force password attack. Updating firmware (if you can) should reduce the chances of a Bot attack
This applies to routers, cameras, lights, thermostats, robovacs – any smart device. If your devices are a few years old and can’t update, you need to replace or take stronger measures.
What are those stronger measures?
At a minimum, move all IoT devices to your home router’s 2.4Ghz guest network. This is a physically separate network that cannot interact with devices on the main network.
Double NAT is very good.
All that means is that you put another router before your home network router. Many already have an NBN ‘gateway’ modem/router – see Crappy NBN FTTN Modem – here are a few better ones (guide). This, for example, has an IP address of 192.168.1.1 (you should change this anyway as Bots start looking at this address). Attaching your home network router and giving an IP address of 10.0.0.1 means bots only see the gateway.
Install a network protection device
I use Trend Micro Device Security Ultimate. It is a black box that allows authorised home network devices access to the internet but denies external access. It is like a firewall but focuses on IoT and network security. Trend constantly updates it to ensure the latest bots and threats are detected. This $312 device (on special for $238 includes a one-off purchase of the box) has software for three devices for a year and protects all network devices.
But there are several new cloud security anti-virus/malware like Kaspersky’s Total Security that do a similar job.
Enable Wi-Fi encryption between the router and the device
Most routers have Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA 2), and Wi-Fi Protected Access 3 (WPA 3). Security experts advise that WPA 3 is best, but older devices (especially pre-2016) don’t support that, so you may have to use WPA 2.
Many experts suggest using a VPN for all external traffic. Yes, you can, but it is not easy to set up, so all users on the router use it, and it is not free. Not all routers support VPNs either.
CyberShack’s view – It is easy to secure your home network – often at no cost
- Change Admin passwords
- Update firmware regularly
- Put IoT on the guest network
The more complex your home network becomes, the more you will look at Trend’s solution, if only because it does everything for you.