Is my home network secure?

LaraC

LaraC

Honorary Master
Joined
Mar 11, 2014
Messages
42,673
Reaction score
1,847
There are so many reports of security breaches and hacking that it made me wonder how secure my home network is.

Steps that I’ve taken is the following:
  • Changed the routers’ admin account name and created a complex password.
  • Disabled remote login to the router.
  • Use WPA/WPA2 encryption set a strong password for Wi-Fi access.
  • Disabled broadcasting of the SSID.
  • I keep my anti-virus program up to date and do regular scans.
  • I do not open questionable or unknown emails.
  • I do not visit websites that are risky.

Is there anything else I should do to make it more secure?
Recommendations will be most welcome, thank you.

Ps. I’m using a TP-Link WD8970 Modem Router.
 
No home network will really ever be save unless you have a full blown UTM firewall and use two factor authentication for wireless. that said, why do anyone want to hack into your home network? Hackers go after big companies, not home users.
 
I'm in the process of going the IPCOP or pfsense route.

I'm not sure about the differences between the two or which would serve me better.

I'm actually looking for better QoS options, better option s for rules and specially better report tools. I think both will give better security, although it is not my main reason at looking at the 2 options.
 
Last edited:
Hiding your SSID doesn't meant much at all if someone who even half knows what they are doing is trying to get in.

Worse still is people who run no security because they think hiding the SSID is doing the job...this is the worst idea ever.

Home networks are generally not a worry, it's public Wifi that you should worry about.
 
SauRoNZA said:
Home networks are generally not a worry, it's public Wifi that you should worry about.
Click to expand...

When you say "Public Wi-Fi" do you refer to hotspots or 3G/4G/LTE connections?
 
Two important things you are missing.

Regularly run malware removal applications like Malware-bytes. Keep all your applications and operating systems up to date. Especially browser, Java and anything from Adobe. Your network is still not secure, but it will be more secure than most.
 
LaraC said:
When you say "Public Wi-Fi" do you refer to hotspots or 3G/4G/LTE connections?
Click to expand...

Hotspots.

You have no idea how that network is setup and effectively all your data can be intercepted and you can be attacked in a very easy man in the middle attack from the inside.
 
irBosOtter said:
No home network will really ever be save unless you have a full blown UTM firewall and use two factor authentication for wireless. that said, why do anyone want to hack into your home network? Hackers go after big companies, not home users.
Click to expand...

You could do it cheaper...

Put in an AP, put a smoothwall firewall between the AP and the router. Then disable the wifi on the router, and put a firewall between the router and the network. That way the external connection and the wireless are secured. You could also disable DHCP if you have a limited number of devices connected to the network. Add to that a hidden SSID as well as the WPA2 AES with a Alphanumeric password with a mix of capitals and symbols (I would suggest 13+ characters).

Add to that a decent internet security package like ESET Smart Security with its own software firewall and a professional license for Malwarebytes. Then you have a home network which could be considered slightly secure. But hardly close to being enterprise secure.
 
I gave up on security a long while ago.

Just create a folder called "nekked selfies" with eye-bleeding images of moobs and sick stuff... :whistle:



:p :D


Of course I'm using Smoothwall at the moment, at home.
 
ghoti said:
Two important things you are missing.

Regularly run malware removal applications like Malware-bytes. Keep all your applications and operating systems up to date. Especially browser, Java and anything from Adobe. Your network is still not secure, but it will be more secure than most.
Click to expand...

My programs are all set to auto update.
Thank you for the advice on Malware-bytes.
 
Most important two points :

If you visit dodgy sites, such as porn or warez sites, do expect that they will offer you drive-by infections, whether you want that or not.

Stay to kosher sites, and chances of a drive-by infection is less than 1%.

As for emails, don't open unknown emails. If there's attachments, don't even open these.

Follow the above, and you won't get any nasty surprises.

As for USB sticks/USB hard drives, simply create a folder called 'autorun.inf' in the root of each device, and disable the autorun feature in Windows, as this is a major attack vector.

If a friend of yours tell you about this "hot new program" be careful, as ne'er-do-wells can embed their nasty code in such programs, and you won't even know it.
 
There's a very fine line between security and usability.

Too secure and you might as well disconnect and pull out the pen and paper.

Last thing I would ever want is a Block All allow some level of security at home and need to open ports and **** every time I try to do something.

My data isn't that special that anyone cares about it anyway.

Put on reasonable efforts like WPA2 strong password and changing the router username and password and I feel your job is done.

If you really want to get crazy put an Astaro UTM home edition behind your WAN. But even as a professional using these devices I don't bother.
 
If you really want a secure network, Get a Mikrotik. Although for a home network - not really necessary and you are more protected than most.
 
Disable WPS, or even better, flash a rom on your router that does not have the WPS functionality.
 
Enable 'MAC Address filtering' on the wireless router. It is a hassle to discover and enter the MAC Address of each permitted wireless adapter, but it is another hurdle for the hacker.
 
MAC address filtering and hiding SSID is useless, very easy to find if you know what you are doing.
 
Thank you all for your assistance.

From what you are saying is that my network does not fall within a high risk area. Going overboard with additional hardware wouldn’t make much of a difference in my environment.
I also don’t want to make my internet so restrictive that it is near impossible to do anything with it.

Your advice was to keep my programs up to date, do regular virus and malware scans, stay away from dodgy sites and software and I should be fine.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X