Blog

You are currently viewing WiFi Networks | How to Protect your WiFi Home Network

WiFi Networks | How to Protect your WiFi Home Network

Almost all families have a WiFi router in their homes nowadays. A router provides internet access to the whole family and is the digital front door of your home network. This front door can be wide open or adequately closed with the right locks. In many cases, the front door is wide open, granting easy access to outsiders that shouldn’t have access.

Easy access can end up in different kinds of issues, like people from outside leeching on your internet connection, criminals that try to exploit you and your family financially, or maybe a friend of your son or daughter that wants to pull off a prank by kicking them out of the network. I dedicated a few posts to the risks of WiFi, but I never dedicated a post to protecting your home WiFi by providing some advice on how to do this. In this post, I would like to guide you into setting up a decent WiFi network that protects you and your family from outside threats. Both from targeted threats by people who intend to do damage and from users outside your family that cause unintended harm to your internal network.

Router Passwords

When friends and family drop by, they might ask for your WiFi password so they can check the internet on their smartphone for free, and can connect to your network whenever they visit you and your family. After a while, many people know the WiFi password and can connect to your router at any time they are visiting. However, a router’s signal also extends into neighboring houses or apartments. Once password access is out there, it is hard to control who can access your network at home. To mitigate the risk of leechers, intruders, and opportunity seekers, you can set up a set of defense fundamentals. Just a few changes in setting up your hardware, in combination with some preventive routines, will already bring you to a satisfactory level of protection. The harder it is for outsiders to access your internal network, the quicker they give up and move on.

Hard passwords are suitable for system security but are a pain to remember. Because of this, many people choose easy passwords for a router. If you give your WiFi password to members of your family and close friends and relatives that visit a lot, you can’t control who they might provide that password. The more complex the complexity of a password, the more difficult it is to offer it to other people. That is why a complex password for your router is essential. A WiFi password should be at least 12 to 20 characters long, and creating a password with a password generator is advisable. In addition, you can enter the password yourself in a person’s device, making it unknown to that person but still granting access to this person. You can look up existing passwords in any operating system, but not many people know about that utility and how to extract the password.

Although you want to be friendly to people by giving them access to your WiFi, you shouldn’t feel obliged to give out a password to everyone that enters your house. Prepare to say “No” to visitors when they ask for the password—especially one-time visitors like external service providers (for instance, the electrician). Commercial visitors should access their data without depending on their internet connection. Also, ensure that outsiders can’t quickly obtain a password, so don’t leave a sticky note on your refrigerator saying “WiFi Password: ….”. Also, Internet Service Providers tend to provide you with a router and the initial WiFi password stamped on that router’s label. Tempted outsiders might check the router and try its password for free WiFi access when you are not watching. Within time many people will know this password, so always change the primary password on the back of the router immediately after you have installed the router to prevent this.

Change your password regularly. It might be a hassle to do this, but because most WiFi routers require you to log in once to be allowed indefinite access, you only have to change the passwords on your devices once. Changing this every two months (60 days) should be sufficient and will give you more protection than most people (who never change their password). Make it a routine process, for instance, on the first day of the new month and put it on your to-do list.

Router Admin Credentials

You can access your router console from any connected device to a network. Most router manufacturers create an administrator account on routers with the same username and password for all routers they sell.

Router access login page: make sure to change the password

Access to a router’s admin area differs from only connecting to a WiFi network, giving you control over the complete network configuration. With some knowledge and the savviness of Google, you can easily find a router’s login credentials making a router network vulnerable. If an external party gets access to the admin console, they can change the admin password and lock you out from access.

Immediately change the credentials when you have a new router, and in case you haven’t done it on your old router: do it immediately. You can find the default username and password in the manual that came with your router, and most of the time, you can also find it on the internet, which might also display on the router’s login screen. When the username and password are unknown to you, you can always contact the router manufacturer or your Internet Service Provider.

After you have the proper credentials, log into the menu system for the account details and change the admin account’s password to a random string of letters and numbers (at least 12 characters long). I advise generating a strong password with a password generator.

Network Segmentation

With network segmentation, you split your network into different cells, meaning you need other keys (passwords) to enter other locations on the network. In companies, strategies to segment a network are very common to protect valuable information against outside attacks. At home, you can do this on a microscale. Most WiFi routers nowadays include an option to set up a “Guest Network.” By setting up a guest network, you create a split between your network and the guests by setting up a guest SSID (Service Set Identifier: the name of the WiFi network).

With this option, guests can connect to your internet with their devices but don’t have access to your internal network and your primary password.

Network segmentation also plays a significant role when managing Internet of Things (IoT) devices. You might not be aware of the dangers of easy access to a network by open Internet of Things devices connected to your network: many people aren’t. Nowadays, many people use smart TVs, smart home assistants, lights, kitchen devices, etc., but this brings in some serious security issues:

  • The more IoT devices you have, the more potential entryways for outsiders
  • IoT devices are not very secure because most suppliers don’t focus on security: they focus on functionality

When using IoT devices, always put them on a separate WiFi network. All valuable assets (computers, phones, critical data, etc.) can be stored on one network, while you can connect unsecured IoT devices to a separate network. Your second network can also be used for guests. If outsiders find a way into the IoT network, they will only see other devices and guests connected. Because they are on a separate network, they can’t jump onto the network with your computers, phones, etc. They can also not steal or set up ransomware attacks on your most important data, which is why segmentation is so important. Not only at a company but also at home. It will take some time to set it up once, but all its security benefits will compensate for this. Additionally, I advise changing the login credentials of all your IoT devices. Some people are unaware that IoT devices have admin credentials, but they do. Changing credentials works in the same way as changing your router credentials.

Just an example: these kinds of credentials happen (!)

Final Thoughts

A lot of people don’t realize how vulnerable they are. They only do it when it is already too late when they become a victim of an attack. Most of the time, people become a victim because:

  • They are not aware of the risk
  • They prefer usability over security

To mitigate security risks, we can help each other by making people aware that these risks exist and can be exploited and by setting up easy security solutions that don’t bite usability (password managers, support in setting up defenses, etc.). By helping each other, we can make this world a better and safer place, which also counts for security. Feel free to contact me if you have questions or in case you have any additional advice/tips about this subject. If you need support or other recommendations for setting up a primary defense system at home to protect you and your family, you can also contact me. If you want to keep me in the loop if I upload a new post, make sure to subscribe so you receive a notification by e-mail.

Tags: , , , , , , ,

Gijs Groenland

I live in San Diego, USA together with my wife, son, and daughter. I work as Chief Financial and Information Officer (CFIO) at a mid-sized company.

Leave a Reply