Is there a course or a segment about how to properly secure a home network?
-
Hi all,
I've been studying networking for about two years now and I always seem to learn something new everyday. Today I heard it was dangerous to have a home network router configurable via a network GUI, (even I suppose with long passwords in place). That got me thinking, is there a good presentation on how to properly secure a home network? I utilize VN' to segregate my IoT devices, and every computer uses an antivirus and has the firewall turned on. My router also has a firewall enabled. I'm just not sure of what I don't know. Plan to invest in a better router soon but I'd rather have knowledge than just throw money at a problem.
Thanks!
-
(edited for clarity)
Hey @marc-brown, great questions and here is what I would recommend:
1 - Disable the Remote Management interface, NO configuration from the Internet
2 - Switch the GUI from HTTP to HTTPS so your local connection to the GUI is encrypted
3 - Enable the SPI or stateful packet inspection functionality
4 - Disable FTP and Telnet, (remember do not use clear-text protocols)
5 - Enable a minimum of WPA2 or WPA3 - Personal, encryption using a strong passphrase
6 - Disable WPS (While most vendors have firmware patches, not using is not enough. Remember to verify that WPS is disabled)
7 - Change the default admin name and password (use a strong password)
8 - Change the default SSID
9 - Apply all current vendor firmware and security patchesThese are a few steps that you can take, and follow up with me @marc-brown, I am happy to lend assistance in your training! Thank you for choosing ACI Learning!
-
And to follow up with an episode in the ITPro Library, browse to the to the CompTIA category and look for the CompTIA A+ Core 2 (220-1102) Course, specifically the Wireless SOHO Security episode found here: https://app.acilearning.com/course/comptia-a-core-2-220-1102/wireless-soho-security
-
I appreciate the thoughts - I'm guessing if I do step 1 then step 2 is moot?
I don't think I have stateful packet inspections - I'm actually considering upgrading my router to a more secure one with a firewall. (Meraki, or Firewalla)
I will certainly check out the show listed above - Thanks all for all you do! -
I do not believe so, In my opinion step 2 still encrypts the communication between the client browser and the "web server" or GUI connection on the network device. This keeps configuration data encrypted. if you do not use step 2, this would be close to "using telnet" or a cleartext protocol for your router config, instead of SSH, because you disabled remote management.