KEEP YOUR HOME NETWORK SAFE
Protect the devices and resources that PC-based security software can’t reach
“Anything that doesn’t need to talk directly to another device across the LAN should be kept on a guest network”
Asecurity suite can keep watch over your PC – but what about all the other devices in your home? Here are some tips on keeping the rest of your network safe.
1 Use your guest network
Almost all routers let you set up a second wireless network that’s isolated from the main one. It’s always a good idea to have visitors connect to this separate network to ensure that they can’t snoop on your personal devices – or unwittingly spread malware onto them.
These days, though, that’s not the only use for a guest network: as our homes fill up with smart gadgets and IoT devices, the likelihood increases that something on your network will have an unpatched vulnerability. Anything that doesn’t need to talk directly to another device across the LAN should be kept on a guest network, to limit the damage it can do if compromised by a remote attacker.
2 Disable exploitable features
WPS is a great system for getting devices online with a minimum of fuss – but the PIN-based option that some routers offer is wide open to abuse. Anyone who visits your home can simply note down the code then use it forever after to connect to your network. Even with no access at all, a determined hacker should be able to guess the eight-digit code in just a few hours; the best defence is to turn PIN access off.
Another potential concern is Universal Plug and Play (UPnP). This protocol lets devices on the network talk to and change settings on the router and other clients, and it can be great for getting things like videostreaming devices to work. If abused, though, it could blow a big hole in your defences – so if you’re not using it, we recommend you disable this.
3 Be pessimistic about passwords
Almost every time you set up a new smart device, you’ll be prompted to create a username and password, and perhaps to provide some personal information as well. Ask yourself: how well protected are these credentials going to be? If you’re installing a TP-Link smart plug or a Philips Hue lighting system, you might feel confident that your details will be handled securely. But when it comes to the cheap, no-name gadgets that are becoming commonplace in our homes, you have no way of knowing how your details will be transmitted or stored, and you certainly can’t assume you’ll be notified if there’s a breach. That means unique passwords are a must, and if you’re prompted for other information, consider giving fake details to further reduce your potential exposure.
4 Set up a home security gateway
The Windows Firewall blocks unwanted connections to and from your PC, but it doesn’t do anything to protect all the other devices on your network – or to isolate them, should they become infected.
Many routers include their own basic firewall, which can help protect your home network from intruders. If yours doesn’t, you could try installing the OpenWrt router firmware ( openwrt.org), which adds various security functions. If you want to go further than that, and you’re not afraid of a spot of advanced network configuration, it’s even possible to turn an old PC into a dedicated firewall and security appliance: have a look at the free, open-source Endian UTM solution from endian.com, or go for the Sophos UTM Home Edition, which is free for up to 50 devices from pcpro.link/306utm.
5 Observe basic network hygiene
We all know that you should change the default administrative password on your router; that doesn’t mean we all actually do it. Be warned, though – we’ve seen plenty of malware attacks that use this as their way in, and once your router is compromised, it’s game over. Similarly, you should change any default credentials on NAS appliances and other storage devices, or you’ll be a sitting duck for ransomware.
Ensure your firmware is up to date too. Most exploits and malware attacks that target routers and smart devices are rapidly patched by the manufacturers, but that won’t do you any good if you’re still running the old code. If there’s an automatic firmware update option, turn it on – and if there isn’t, set a reminder for yourself to check every month, or as frequently as you can tolerate.