1:36 pm - 12/01/2017 | Categories: Security
Concerned about the recent increase in hacking? Surely nobody is interested in your humble network though, such with its low security and everything, oh wait…
It really doesn’t require complex skills either to start taking the necessary steps to tighten up your home network security and help make it that bit harder for any would-be-hackers. Why bother? Your entire gateway to the internet is at stake, if your network becomes compromised they are free to snoop on your data right under your nose. Privacy concerns aside there are other serious implications such as your network being used to help illegal activity by forming part of DDoS attacks to disable webservers by forming huge chains of individuals home networks which are then used to bombard and overload websites.
So even if you’re half brain-dead and don’t care for your privacy or about illegal activity on your own hardware, perhaps the idea of your favourite sites going offline will.
Accessing your Router Settings
In order to start taking some action it would probably help if you knew where to start. Your network comes with a load of default settings installed, which can be increasingly worse depending on who put the settings in place. Most people never change their settings at all which is what makes them so vulnerable when you can reuse the same exact attack across thousands of identical systems if an exploit is found in a particular router. To start changing your router settings you need to log in to your admin account through your browser, this is different for each provider, you would have been given this information with your router, you could probably find it online by a bit of searching or you can open the command prompt (on windows) and type:
You’ll then need to look for the gateway address which is local to your network, it will look something like this:
Simply copy the address and enter it into the address bar of your browser. You should then be taken to a settings page, again, it’s slightly different for each ISP. You’ll then need to enter your admin account which is probably printed on the bottom of your router (*sigh*).
Change the Default Passwords
Surprise surprise, using the default passwords isn’t exactly great security. Start with changing the admin password, then change the password required to connect to the WiFi. It’s a good idea to tell anybody using it first though as they will be disconnected and the router may need to reset. Changing this is an absolute must-do security practise for any system.
If you’re concerned about forgetting your password – don’t write it down again. Instead consider using a password manager software instead which will safely store your passwords in an encrypted file.
Encryption is the future!
For some reason networks still aren’t implemented with good security and privacy settings in place such as encryption. If the traffic between your device and your WiFi router is unencrypted there is nothing to stop a hacker from intercepting and reading the data being transmitted over the network.
Luckily this can be easily changed by upgrading to something more secure such as WPA, or WPA2 (Even more secure!).
Another good measure to take is to change the SSID which is the name of the network broadcasted (it stands for Service Set Identifier if you were interested…), by default this will normally contain the name of your ISP.
Why bother? If I see somebody is using the default SSID it is highly likely the rest of the settings remain unconfigured and are set to default too. This gives any network an appearance of poor configuration and usually suggests it is less secure and more vulnerable to attacks.
Don’t give the hackers an invitation – Change your SSID.
Don’t broadcast your SSID
You can even switch off broadcasting your SSID altogether. While businesses and organisations need to publicly broadcast their network (such as for free hotspots) to everyone there’s really no need to do so at home as your only increasing the visibility of your network to others.
This is known as security through obscurity, and while it won’t make it harder for people to hack into, it will reduce the liklihood of an attack ever being made similiar to changing your SSID.
Control connecting devices
You can restruct who is able to access your network by setting rules for individual MAC addresses (used to indetify devices within a network). You can configure the network to only allow certain addresses, add set times they are allowed to connect as well as adding blacklists to restrict devices altogether.
Network security has come a long way from the days of Windows XP where systems were unprotected and could be attacked within minutes upon making an internet connection thanks to well known flaws within the OS which were easily exploited. These days Windows comes with a half-decent firewall as defaul, plus if you’re using a router, you probably already have a basic form of hardware firewall functionality built into it.
What’s the difference between hardware and software firewalls? Software firewalls are what most people are familiar with, which is the software running on their computer. Hardware firewalls are just as important though as they can block incoming data before it even reaches your system, plus even if you’re PC becomes infected and your firewall disabled, you still have your hardware.
Software firewalls often come with additional functionality allowing you to tweak and configure the system to your specific needs rather than simply blocking network ports. You may also want to try additional third party firewall software if you feel like upgrading from the basic windows package, you can even run both alongside each other though I’d reccomend choosing one to prevent any inteferrence between the two.
If all else fails – Turn it off
The age-old 100% guaranteed way to secure your system from attackers. Turn off your router and go live in a cave somewhere. If that doesn’t quite appeal yet you’ll just have to make do and implement some of these methods instead and try your luck. If you’re looking to improve further, there’s plenty of excellent reads on the topic which helped inspire this very post.
If you’re just getting started you might enjoy this one, it’s suprisingly up-to-date and accurate for most cyber security books you’ll find around the place talking about Windows 2000 etc.
Did I make any mistakes or have a tip that you think I should add. I’m no network security expert, just sharing a few tips I’ve learnt. Feel free to share your thoughts in the comments below.