You probably don’t think much about your home network. When it’s working correctly, you usually don’t need to. It’s worthwhile, though, to make sure that your network is secure, and that there’s a good barrier between what’s inside and outside your network. This can seem daunting, but taken a step at a time it is not too difficult. Your network will probably consist of one to three devices, fulfilling the roles of modem, router, wireless access, and firewall. You may need to look around to find the needed settings for each role, but they should all be there somewhere.
First, if your equipment is more than a couple years old, you should consider replacing it. You will almost certainly notice a boost in performance, as well as better security. If your internet provider supplied your equipment, they will probably give you updated equipment for the asking. Otherwise, there are many great options for relatively little money.
Before starting, you should write down the manufacturer and model number for each device. You’re going to need to find the manual for each device online, and record the default username and password. I recommend finding the procedure for a factory reset, just in case something goes wrong. The manual will also tell you the management address, which you will type into your internet browser. This is most commonly 192.168.1.1, but may differ according to the device. Once you pull up the management site, you’ll need to make a number of changes. The device may need to reboot between changes, so allow 45 minutes or so for the whole process.
- Change the default password
This is the most critical step, and the one most often forgotten. If you do not change the default password of your network equipment, there is a good chance that your device will be hacked. One side of your equipment is on the internet, so it can be probed from anywhere to see if passwords have been changed.
The manufacturer will patch security problems as they are identified. These are applied through firmware updates. You should check for updates every few months, at least. There should be an easy way in the management page to check for and apply these.
- Disable remote management
Remote management allows you to change your device setting from the internet. Unless there is a specific reason you want to do this, you should turn the feature off.
- Disable Universal Plug and Play (uPnP)
Universal Plug and Play is a feature meant to allow certain devices and applications to get through your firewall. It has a number of known vulnerabilities, however. Unless there is a specific reason you need this service, you should disable it.
There are a number of settings needed to secure your wireless network. Most importantly, you should make sure you are using WPA2 encryption with a strong password. Without encryption, someone can easily monitor everything that goes over your wireless network from a quarter mile away. Make sure a good password protects your network. You should also change your network name (also called SSID) to something other than the default. You should avoid using identifying information. Finally, you should disable WPS. This is a service meant to make connecting easier, but it has some significant security flaws.
This may seem like a lot of work, but it will go much faster than you may expect. Once it’s done you will have a fairly secure home network, and you won’t have to think about it again other than occasional checks for firmware updates.
United States Computer Emergency Response Team