5 Tips for Securing Your Home Wireless Network

As we’ve been adding more and more devices to our home network I’ve been less concerned about monitoring who is doing what on our home network and more concerned about who has access to our home network.

Way back in 2007 I wrote about adding our first password to our wifi to keep the creepy guy from using our wireless to do his creepy back-of-the-van browsing. But now, with so much of our lives revolving around internet connected devices, I really want to make sure that our system is as secure as I can reasonably make it without obstructing normal day-to-day use… at the very least, we don’t want to be the easiest target on the block.

Why does this matter? It’s actually fairly easy for people to get on your network, access your computers hard drive, and grab stuff. That might not seem like a big deal… but it is! Do you really want someone finding your folder labeled “Tax Returns” or looking through your bank records? I think not.

So, while not bombproof, here are some practical tips for securing your home wifi.

5 Tips for Securing Your Home Wireless Network

Tip #1 – Password Protection

Screen Shot 2016-03-04 at 10.21.15 AM

This is the simplest thing you can do but I’m really surprised by home many people skip this step. Don’t use something that’s a combination of the word “password” and don’t make it the same word as your network… if you want to pick a network password that’s really, really hard to guess, use something like the Strong Random Password generator. Afraid you’ll lose it? Print it out on a notecard, tape the notecard to the back of the router. Sure, that’s not absolutely secure… but let’s face it that you’re wanting to keep people off your network who will never come in your house.

Extra Tip: If you regularly have guests… make a little wifi instruction card for the guest room, it’s much appreciated!

AirPort Extreme - WAN Access to Network Drives
AirPort Extreme – WAN Access to Network Drives

Extra Tip: We use the AirPort Extreme, which both does regular backups for all of our Apple devices and allows us to add cheap USB hard drives for extra network storage. You can easily set this up so that you can access that USB drive anywhere in the world… just make sure you’ve got that password protected, too!

Tip #2 – Upgrade Your Physical Equipment

While there haven’t been giant leaps in wireless routers and modems in the past decade, chances are good that you might have an older wireless router that’s actually slowing things down for your home network AND has outdated security settings. Honestly, when was the last time you even logged into your home wireless router to look to see if there was a firmware update? Probably never!

A couple years back we upgraded our entire system and things got a lot faster AND Apple’s AirPort Extreme has a great little interface you can access from any Apple Device. That makes it easy to login, see what’s up with the router, update any settings, and make sure the firmware has been updated.

Most of the newer routers have a similar interface. The point isn’t that you have to have the newest, fanciest stuff. The point is that you should probably replace this equipment every 3-4 years just to keep things secure.

Extra tip: If your router allows for automatic firmware updates, do it.

Tip #3 – Know Who is Connected to Your Home Wireless Network

Would you know if a new device got onto your network? In most cases, as long as someone enters the password… you’d have no idea that a new device even logged in. (Once a device is logged in they can pretty easily access what’s on the hard drive of other devices on your network. Surprise! They can even spoof your network into thinking their device is your devicedouble surprise!)

You could use the terminal to see who is on your network. But that’s cumbersome and you’ll never really do it.

Instead, I would recommend a couple easy and free options. I use a free app called “Who’s On My Wifi?” (Mac & PC) It gives you a basic look at what devices are on your network, allows you to add labels to them, and then alerts you when an unknown device logs in.

skitch.png

Extra tip: You really don’t need to spend any money on this… there’s a subscription service but a home user really doesn’t need it.

Extra tip: You could step it up a notch by using a software firewall to monitor your home network’s traffic and block unwanted access using software with something like Glasswire. You could step it up two notches by adding a physical firewall that you’d install and configure between your network’s modem and the router.

Tip #4 – Hide Your Home Wireless Network Altogether

skitch

We don’t do this. But if I lived in a high density area, say a residential high rise, I’d want to make it a little harder for anyone to even know I had a network… just to make it a little harder for the casual thief. Most routers make this very simple, turn it on, save your changes, presto.

Tip #5 – Set-up a Guest Network

skitch-2

A lot of the newer routers have a built in option to create a guest wireless network using a built-in software firewall that separates guest traffic from your home wireless network itself. I think this is great if you have occasional guests over who you want to allow internet access. (Say, friends of your children!)

Extra tip: If you want to do this in a more secure way buy an additional wireless router and a physical firewall. (Say if you rent out a guest room on Airbnb or regularly have people over at your house whom you don’t really know or trust.) You would connect your ISP’s modem to a physical firewall, then connect your home network with one port of the firewall and the guest network to a different port of the firewall. You could then configure the firewall to control access to the internet separately. That physical separation would ensure that your guests would have no access to your home network whatsoever.

Share Your Ideas!

Did I miss something? Have you tried something that’s helped at your house? Let me know in the comments!

By Adam McLane

Kristen and Adam live in Ahwahnee, California.

4 comments

  1. Years ago I used to hide our network’s name, but it was a bother. It worked right more than half the time, but when it didn’t work right… hoboy. It was a hassle to get everything talking again.

    Perhaps the technology has improved but I haven’t tried it since.

    1. Yeah, I haven’t done it in a long, long time. I bet if a scan can’t find your SSID it’s totally annoying! But if I lived in a highrise apartment I’d be looking for some ways to be a slightly lesser target. I mean, the newer wireless routers extend your signal like 1000 feet. That’s a lot of sniffing range!

  2. I just read your old, related article and two thoughts came to mind:

    1. As far as encryption goes WEP was pretty much worthless (better than no encryption though…). Everyone should use WPA2 until something beefier comes along. I hope something beefier comes along.

    2. A DMZ’ed guest network could allow you to share your WiFI with neighbors if you so chose. I can see arguments for and against doing this. I’ve opted against it on our home network. In my opinion WiFi’s still immature and too insecure and I don’t want to help someone get a foot in the door.

Leave a Reply

%d bloggers like this: