Family Network Security
In episode 24 of The Secure Dad Podcast we discuss the importance of family network security. I explain why this is important and how you can digitally protect your family even if you're not tech savvy. If I can do this stuff, then you can do it too.
The podcast covers more that what is noted here. This is more of a timeline of what I did so you have an idea of what you may be able to do with your network. I’m not an expert in this field. But I discovered a few months ago that I need to be able to protect my family digitally as well as physically. So I made an effort to learn and now I’m sharing my experience with you.
As a parent and a network owner you need to be aware of what’s happening on your network. If you’re not sure if some strange device is on it, then you need to boot it off your network. The best way to do this is start from scratch by renaming your networks and adding each device back one at a time. That’s exactly what I did.
Family Wifi Network Security Timeline
Before I made any changes to my network I picked a day that I had one or so hours to complete this work. I didn’t randomly start this before bed or try to rush through it before leaving for work. I made a schedule and let my household know devices would be coming in and out for the next hour. I also made sure all of the people and devices were home as well.
The first thing I did was log onto my wifi router using a wired internet connection. It is important that you use a wired connection so you can keep communicating with your router through this process.
If you don’t know how to use a web browser to log onto your wifi router’s IP address, search Google for, “How to log on to my [Brand Name] router.” Chances are you’ll find some good instructions on how this is done. All of our work will be done here.
Once inside the interface I looked for “attached” or “connected” devices. Here I found a list of all the devices that were on my wifi network. In this list were MAC addresses and sometimes device names. Device names are hit or miss, but the MAC address is always listed. I took a screenshot of this for future use.
Update the Router Firmware and Password
Next, I checked to see if my router needed updating. This is very important. You need the latest firmware in order to fight exploits and bugs that hackers may use to gain access to your information. My router needed to reboot after the update, chances are yours will too.
Once the router updated and was back up and running, I changed the admin password for the router. Do not use the default password that comes loaded on your router. While the password may be “SilverDuck34” that’s still a default password for your brand of router.
Someone can find a list of those default passwords and try to gain access that way. When I googled “default passwords for routers” I found a vast list of bands, models, login names and passwords. There’s actually a website called RouterPasswords.com.
I used a strong, unique password that is a minimum of 10 characters long. The longer the password, the longer it should take a bad actor to hack it. But what you really needs is a passphrase like TheSecureDadPodcastisFantastic. That phrase is 30 characters. Isn’t that a lot more secure than your 7 character one? If you do that, then the chances increase that the thief will stop and move on to another, softer, target.
Cyber criminals have similar habits to that of a common criminal who kicks in your home’s front door. The longer it takes to breach your home network, the chances increase of them being detected or caught. They want to strike quickly and not be noticed. That’s why making your network a hard target is so important.
New Network, Who Dis?
Next, I changed the names of all of my networks (SSID). On this router I have a 2.4 GHz and 5GHz network along with a segregated guest network. So I needed to change all three names. Don’t use the default names as they can give away information like brand and model number of your router. It’s best to keep this information private.
When choosing new network names, don’t use anything that groups your networks together like, “Smith 2.4, Smith 5 and Smith Guest.” Use different names that are not associated with each other and are generic like: “cheeseburger”, “axe” or “Hal 9000”. Don’t use your last name or house number in the network name. Don’t make it easier for a thief to figure out who and where you are.
When you change the name of your network, all of the connected devices from the old network name will be removed. Those devices think that the network they were on just disappeared and that’s exactly what you want. If there was an unwanted device on the network, it was just booted out with no explanation of where the network went or what happened. These intruder devices will no longer be on your network.
Now when a hacker tries to reconnect to your old network name, it will be gone. There won’t be a clue as to what happened. Some may assume that you moved and the network went with you. They’ll be forced to try something else.
Unique Passwords for Everyone
Now that I changed the network names, I need to change the passwords to those networks as well. If you don’t change the passwords too, then you've not really solved your problem. Again I used a unique 10+ character passphrase that will take someone a long time to hack. You may want to write it down and store it in a safe place.
Next comes the tedious part. Since I’ve changed the network names, SSIDs, and the passwords. No devices will be connected to my network. When I changed the names of the networks, I kicked off all the attached devices. Now I have to manually add back each device one at a time.
For example, you want to connect your iPhone. In settings, find your new network name and log in with your new password. Then go to your router’s list of connected devices and you’ll see on device. You should see an IP address, MAC address and device name. Some devices won’t have a name, so we need to go by MAC address.
A MAC address is a Media Access Control Address. Think of it like a VIN number for a car. It is a unique number that identifies the device. Now I write down that MAC address and device name so that I have a record of each device’s MAC address for identification in the future. I did this one at a time for every wifi device I have - smartphones, thermostats and cameras - making sure to note each new as I went.
I’m almost done. Now that I know every device and MAC address on my network I’ll take one more step to secure it. Next comes MAC filtering or “access control”. This is will tell my network to block any MAC address that isn’t already on my list. If someone still gets my network name and password their device won’t be allowed on because it’s not been approved by me.
Yes, this does mean that you’ll have to add each new MAC address for each new device you get. But chances are that won’t happen every week. So access control is a worthwhile step to take to secure your family’s network.
Also take a look at adding parental controls for your network. There’s tons of great information online about that. I may go over that in a future episode, but we’ve gone over a lot here today.
What we’ve done should deter a lot of small time thieves from gaining access to my family network. Remember we’re making our network a hard target for a bad actor. All of the chances I discussed were done natively in my router’s web interface. There were not downloads or third party apps used. This stuff is free for us to use.