By Ben Kast   /   May 5th, 2020

How to Secure Your Home Wireless Network

Many organizations rapidly switched to remote work, and chances are that your organization is one of them. Hackers are aware of this and are targeting home wireless networks just like yours. So how do you secure your home wireless network?

Home wireless networks have suddenly become important components of our employers’ networks and systems. It is now more important than ever that you secure your home wireless network. No one wants their insecure home wireless router to be a weak link that leads to their employer getting compromised.

How to Secure Your Home Wireless Network: A Checklist

To secure your home wireless network, you need to gather some basic information, and you must take precautions in three primary areas:

Know your wireless router

    1. Make and model. This can generally be found written on the side of the router.
    2. Administrative console location. Instructions for how to access your router’s administrative console will be included in the router instructions.
      • If you no longer have the printed instructions that came with your router, googling the make and model will usually return links to the instructions.
      • Once you’ve identified the location, connect to the console while connected to the wireless router.
    3. Admin credentials. If the router is already in use, you should already know the username and password to the admin console. If you haven’t already changed the credentials from the defaults the router came with, it is important that you do so now. Always changing default passwords is one of the most important steps you can take to secure your home wireless network.
      • Make sure the admin user’s password is strong. 25 or more characters with upper case, lower case, numbers and symbols included in the password.
      • Ideally, change the admin user’s name. By default, it will likely be something like admin, so by changing the username to only a name you would know it will reduce the risk of users connected to your home network being able to gain authenticated access to the router’s admin console.
      • What if you don’t know the username and password for the wireless router? First, try the default credentials on the wireless router to see if they still work before committing to a factory reset. In the event they don’t work, you will need to restore the router to its factory settings. Most routers have an easy process for doing this from the outside of the device. Follow instructions for the factory reset in your router’s instruction manual. You will then need to configure the wireless router from scratch, including updating to the latest firmware, network settings and security configuration.
    4. Router age. Once you’ve determined the make and model, it should be easy to find the router’s age using a google search.
      • If the router is more than 3-4 years old, replace it with a newer model. Wireless routers improve regularly, and these improvements frequently include security enhancements. The older models are often not as well supported with firmware updates as the newer models.
      • If the router is less than 3-4 years old, verify that the manufacturer still issues firmware releases on a periodic basis.
    5. Firmware version. Know your firmware version status. This is done through the router’s admin console, and directions for reviewing and updating the firmware should be included in your router’s instruction manual. Security updates are included in the router firmware updates.
      • If no firmware updates have been released in over a year, replace your router with a newer model. Generally, the frequency of firmware updates can be an indication of the vendor’s commitment to security.
      • Ensure the router is updated with the latest firmware. This is an important foundational element that helps secure your home wireless network.
      • Check for firmware updates at least quarterly or set it to auto-update to ensure your router’s firmware remains current
    6. SSID (network name). Don’t use the router’s default SSID. Instead, create a unique name that does not draw unnecessary attention or reveal information about you.
      • Set a ridiculously strong password for your primary wireless network’s SSID. The password should have 25 or more characters with upper case, lower case, numbers and symbols included in the password. The longer the better. Once set, protect this password securely, ideally in a password manager.
      • Establish a guest network SSID that also uses a strong password.
      • Limit access for guests to only the guest network.
      • Never allow guests or any otherwise untrusted devices to connect to your primary wireless network. Keep this network for the exclusive use of your personal devices and employer owned and managed equipment. This is another critical factor that helps to secure your home wireless network during remote work.
    7. Network and security configuration considerations.
      • It is likely that your router is already running the WPA2-Personal authentication method, but this is a good time to check. If you are running either WEP, which is outdated and easily compromised (if this is the case, buy a new router), or an open system, which provides no encryption of traffic for connected users. If you are setting up a new wireless router, use WPA2-Personal.
      • Do not run an open system authentication on your router. It puts users’ data and systems at increased risk of compromise, due to lack of encryption.
      • Disable remote access to the router, limiting the admin console access to only users connected to the wireless router.
      • Disable WPS, although it makes connecting devices to the network simpler, it also makes it easier for unauthorized devices to gain access. It is not worth the risk.
      • Likewise, disable Universal Plug and Play (UPnP) to further reduce risk of successful malware attacks.
      • Learn the admin console to the best of your ability. In particular, learn how to monitor connected client devices through any provided network maps and lists. Also learn the logging capabilities of the router and how to review them, as well as how to perform firmware updates, as stated above.

Know your asset list

    1. In a nutshell, keep a list of the devices that have been provided access to your wireless network, including laptops, iPhones, Android devices, IoT devices, printers, etc.
    2. It you know how, it cannot hurt to occasionally run an Nmap discovery scan on the primary subnet of your wireless network. A google search will provide information on how to do this if you want to learn a new skill. This will provide an additional accounting of any connected devices, with additional information regarding open ports, running services, and operating systems. Periodically cross reference your asset list with the connected devices lists in your router’s admin console. If you see anything suspicious, review your logs and track down unknown devices or remove them from the network.

Change your wireless network’s password frequently, ideally at least quarterly

This is another important step to secure your home wireless network. All wireless network authentication types have their weaknesses. The commonly used WPA2-Personal authentication type is no different. It is trivial for an attacker with proximity to your wireless router to collect the WPA2-Personal authentication handshake. Once collected, off-line password cracking methods can be employed to crack the hashed handshake. The longer the password, the harder the hash will be to crack. Likewise, frequently changing the password reduces the length of time that any one password is in use on the wireless network and further reduces the risk of network compromise. Be mindful that once changed, you will need to update the devices from your asset list with the updated password.

By implementing these actions, you will be able to better secure your home wireless network. This, in turn, will also help provide better security for your employer while you work from home. We hope you stay safe during these challenging times!

About the Author

Ben Kast

Ben Kast is a Principal Consultant at LMG Security. He has conducted penetration testing engagements for companies ranging in size from multi-billion dollar publicly traded companies to small and medium sized organizations. He has over 20 years of IT experience that includes software product development, project management, implementation and consulting. He has a degree from the University of Montana, and is a GIAC-certified penetration tester (GPEN).

CONTACT US