Friday Night Wiki
TopicsAbout
Buy me a coffee
Cybersecurity

Home Network Security

Protecting your home network, router, and connected devices.

Why Home Network Security Matters

Your home network is the gateway to all your connected devices. A compromised network can:

RiskImpact
Eavesdrop on trafficCapture passwords, financial data
Attack connected devicesInfect computers, phones, IoT
Use your internet for crimeYou may be blamed
Access shared filesSteal documents, photos
Redirect to malicious sitesPhishing without email
Become botnet memberYour devices attack others

Router Security

Your router is the first line of defense. Most home routers ship with poor security defaults.

Essential Router Settings

SettingRecommendationWhy
Admin passwordChange from defaultDefault passwords are public knowledge
WiFi passwordStrong, 20+ charactersPrevents unauthorized access
SSID (network name)Change from defaultHides router brand/model
EncryptionWPA3 or WPA2-AESWEP and WPA are broken
Remote managementDisableClose unnecessary access
WPSDisableKnown security vulnerabilities
FirmwareUpdate to latestPatches security holes

Accessing Router Settings

StepTypical Process
1. Find router IPUsually 192.168.1.1 or 192.168.0.1
2. Enter in browserType IP address in address bar
3. Log inDefault credentials on router sticker
4. Change admin passwordFirst priority
5. Update firmwareBefore other changes

Finding Router IP

PlatformHow to Find
WindowsOpen command prompt, type ipconfig, look for "Default Gateway"
MacSystem Preferences > Network > Advanced > TCP/IP
LinuxOpen terminal, type ip route, look for "default via"
PhoneWiFi settings > current network > Router/Gateway

WiFi Security

Encryption Comparison

ProtocolSecurityRecommendation
Open (no password)NoneNever use
WEPBrokenNever use
WPAWeakAvoid
WPA2-TKIPAdequateUse if WPA3 unavailable
WPA2-AESGoodWidely compatible
WPA3BestUse if devices support

Strong WiFi Password

CharacteristicReason
20+ charactersResistant to cracking
RandomNot guessable
UniqueNot reused from other accounts
Changed when shared widelyLimit long-term access

Example approach: Generate with password manager, share via QR code or password manager sharing.

SSID Considerations

ApproachProsCons
Hide SSIDSlightly less visibleDevices broadcast it anyway
Generic nameDoesn't reveal router modelHard to identify yours
Personalized nameEasy to findMay reveal info about you

Recommendation: Use a generic name that doesn't reveal router brand or your identity.

Guest Networks

Separate networks for visitors and IoT devices.

Why Use Guest Networks

BenefitHow It Helps
IsolationGuests can't see your computers
IoT containmentSmart devices separated from main network
Easy password changesDon't affect your main network
Reduced attack surfaceCompromise doesn't spread

Guest Network Setup

SettingRecommendation
Enable guest networkFor visitors and IoT
Strong passwordDifferent from main network
Client isolationGuests can't see each other
Bandwidth limitsOptional, prevents abuse
Main network accessDisable

What to Put on Guest Network

Guest NetworkMain Network
Smart TVsComputers
Smart speakersPhones and tablets
Security camerasNetwork storage
ThermostatsGaming consoles (if online gaming)
Visitor devicesSmart home hub (if controlling IoT)

Firewall Basics

What Firewalls Do

FunctionProtection Provided
Block incoming connectionsPrevent unauthorized access
Monitor outgoing connectionsDetect malware communication
Port controlClose unnecessary entry points
Application controlLimit which programs can connect

Home Firewall Layers

LayerWhereWhat It Does
Router firewallNetwork edgeBlocks external attacks
Computer firewallEach deviceBlocks local network attacks
Application firewallSpecific appsGranular control

Firewall Settings

SettingRecommendation
Router firewallEnable (usually on by default)
Windows FirewallKeep enabled
macOS FirewallEnable in System Preferences
UPnPDisable if possible
Port forwardingOnly when necessary

VPN for Home Use

What VPNs Do and Don't Do

VPN DoesVPN Doesn't
Encrypt traffic between you and VPN serverMake you anonymous
Hide browsing from ISPProtect from malware
Bypass geographic restrictionsSpeed up your connection
Protect on public WiFiProtect you from yourself
Hide your IP from websitesReplace need for good security

When to Use VPN at Home

SituationVPN Helpful?
Privacy from ISPYes
Accessing geo-restricted contentYes
Extra security layerMarginally
Protection from malwareNo
Anonymous browsingLimited
Remote work requirementsUsually required

Choosing a VPN

FactorWhat to Look For
Logging policyNo-logs policy, ideally audited
SpeedMinimal impact on connection
Server locationsWhere you need to appear from
Device supportWorks on all your devices
ReputationEstablished, trusted provider
Payment optionsPrivate payment if desired
VPNNotes
MullvadStrong privacy, no account needed
ProtonVPNGood free tier, Swiss-based
ExpressVPNFast, user-friendly
NordVPNLarge server network
SurfsharkBudget-friendly

Public WiFi Safety

Risks of Public WiFi

RiskHow It Works
Evil twin attacksFake hotspot impersonating legitimate
EavesdroppingAttacker captures unencrypted traffic
Man-in-the-middleIntercept and modify communications
Malware distributionFake captive portals deliver malware
Session hijackingSteal authenticated sessions

Safe Public WiFi Practices

DoDon't
Use VPNAccess sensitive accounts
Verify network name with staffAuto-connect to open networks
Use cellular if possibleTransfer sensitive files
Forget network after useLeave WiFi on when not needed
Enable firewallAssume the network is safe

Safer Alternatives to Public WiFi

OptionProsCons
Mobile hotspotYour own controlled networkUses cellular data
TetheringSame as aboveBattery drain
Cellular directlyNo WiFi risksData limits
VPN over public WiFiEncrypts your trafficVPN adds complexity

DNS Security

What DNS Does

DNS (Domain Name System) translates website names to IP addresses. Control of DNS means control of what sites you actually reach.

DNS Security Options

OptionBenefitsExample
ISP defaultNone (default)Assigned automatically
Public resolversPrivacy, sometimes speedCloudflare 1.1.1.1, Google 8.8.8.8
Encrypted DNSPrivacy from ISPDNS over HTTPS (DoH)
Filtering DNSBlock malware, ads, adult contentOpenDNS, NextDNS, Pi-hole
ProviderAddressFeatures
Cloudflare1.1.1.1Fast, privacy-focused
Cloudflare Family1.1.1.3Blocks malware + adult content
OpenDNS Family208.67.222.123Content filtering
NextDNSCustomConfigurable filtering
Quad99.9.9.9Malware blocking

Setting DNS at Router Level

Changing DNS on your router affects all connected devices:

StepAction
1Log into router admin panel
2Find DHCP or DNS settings
3Enter new DNS server addresses
4Save and restart router

IoT Device Security

IoT Risks

RiskExample
Default credentialsCamera accessible to anyone
No updatesVulnerabilities never patched
Poor encryptionTraffic easily intercepted
Botnet recruitmentDevices used for DDoS attacks
Network pivot pointEntry to attack other devices

Securing IoT Devices

ActionWhy
Change default passwordsStop easy unauthorized access
Update firmwarePatch known vulnerabilities
Use guest networkIsolate from main network
Disable unused featuresReduce attack surface
Research before buyingChoose devices with security support

IoT Device Inventory

Keep track of what's connected:

Device TypeInformation to Record
All connected devicesName, IP address, MAC address
IoT devices specificallyDefault password changed? Firmware updated?
Unused devicesDisconnect or disable

Network Monitoring

Why Monitor Your Network

ReasonWhat You Might Find
Unauthorized devicesSomeone on your WiFi
Unusual trafficMalware communicating
Performance issuesBandwidth hogs
IoT behaviorDevices phoning home

Simple Monitoring Tools

ToolPurpose
Router admin panelSee connected devices
Fing (app)Network scanner
GlassWireTraffic monitoring (Windows)
Little SnitchApplication firewall (Mac)
Pi-holeDNS-level monitoring and blocking

What to Look For

IndicatorPossible Issue
Unknown device connectedUnauthorized access
High bandwidth usageMalware, unauthorized streaming
Connections to unusual countriesData exfiltration
Lots of blocked DNS requestsInfected device trying to reach malware servers

Home Network Checklist

Initial Setup

TaskCompleted
Change router admin password
Update router firmware
Enable WPA3 or WPA2-AES
Set strong WiFi password
Disable WPS
Disable remote management
Set up guest network

Regular Maintenance

TaskFrequency
Check for router firmware updatesMonthly
Review connected devicesMonthly
Change WiFi password (if shared widely)As needed
Verify security settingsQuarterly
Update IoT device firmwareWhen available

Key Takeaways

  1. Your router is critical - Change default password and update firmware first
  2. Use WPA3 or WPA2-AES - Older encryption is broken
  3. Guest network for IoT - Isolate smart devices from computers
  4. Disable WPS - It's a known security weakness
  5. VPN on public WiFi - Protect yourself on untrusted networks
  6. Change DNS - Filter malware and improve privacy
  7. Inventory your devices - Know what's connected to your network
  8. Update everything - Router, devices, IoT firmware
  9. Monitor for anomalies - Unknown devices may mean compromise
  10. Network security is ongoing - Regular maintenance required