Securing your home computer to work from home part 4: (Securing the Network)
Increasing the security of your home network sounds like a daunting task, but there are a few easy steps you can take to dramatically improve your security.
Use a wired connection wherever possible. When using a wireless connection you are broadcasting all of your information in every direction for at least 20 meters, and likely further. These communications are secured through different forms of encryption, there are known and actively exploited vulnerabilities (packetlabs.net). Using a wired connection will ensure you avoid these issues, additionally, it will offer you a faster connection to your network.
Upgrade the firmware on your network equipment. Check out our post about upgrading the firmware for all of the equipment in your network.
Change the default password on your network equipment. Changing the password to your own will almost eliminate the possibility of someone else on your network making critical changes, or compromising the security of your network. Make sure this password is unique and is recorded somewhere safe.
Change your Wi-Fi password. It can be hard to remember what you did yesterday, so how can you be expected to remember everyone you shared your wireless network details to. Changing your access has a couple benefits, it helps you verify every device that is connecting to your network because they will all need an updated password. Additionally, you have the opportunity to increase your wireless security by using WPA2 or WPA3 to encrypt all of your wireless traffic.
Disable UPnP. UPnP stands for Universal Plug-and-Play and is designed to allow new network equipment to request firewall changes without user input. The danger with this feature comes when you realize that anything that connects to your network can make these firewall change requests with no user acknowledgement. When you disable this feature, you may need to manually add rules to your firewall, but the manufacturers will provide the necessary information (Medium.com).
Enable SPI. Stateful Packet Inspection (SPI) is a feature of your router that allows it to create smart firewall rules based on the traffic you generate. These rules are temporary and exist only while you need them, and do not persist a reboot. The best part of this feature is that there is no active work from the user’s perspective, and it only needs to be turned on (Lanner-America.com).
Segregate your work equipment. This step is only for the advanced user or the person dedicated to providing the best security on their network possible. Using a feature called VLAN tagging you can restrict what traffic devices on your network can see. This functionality will ensure that all the traffic coming from your work network is invisible to everything else except your router and switches. Typically this feature will not be found with residential network equipment, and if implemented, may require some configuration to make it work correctly, so use at your own risk.
Even if you are not working from home, taking these simple steps will have a dramatic impact on the security of your home network, and help introduce you to the modern systems that allow us to utilize the internet so easily.