Home Network Security
Best Practices for Keeping Your Home Network Secure
Don’t be a victim. Cyber criminals may leverage your home network to gain access to personal, private, and confidential information. Help protect yourself and your family by observing some basic guidelines and implementing the following mitigations on your home network.
Electronic Computing Device Recommendations
Electronic computing devices include computers, laptops, printers, mobile phones, tablets, security cameras, home appliances, cars, and “Internet of Things” devices. Take special care to secure them and prevent misuse.
1. Migrate to a Modern Operating System
The most recent version of any operating system (OS) inevitably contains security features not found in previous versions. Many of these security features are enabled by default and help prevent common attack vectors. Utilizing the latest available and supported 64-bit OS for desktops and laptops increases difficulty of gaining privileged access to a computer by an adversary. Employ the OS auto-update feature to keep computers updated. Alternatively, download patches and updates from a trusted vendor on a monthly basis at a minimum.
2. Install a Security Suite
Install a comprehensive security suite that provides layered defense via anti-virus, anti-phishing, safe browsing, host-based intrusion prevention, and firewall capabilities. Several security suites also provide access to a cloud-based reputation service for detecting and preventing execution of malware. To prevent data disclosure in the event that a laptop is lost or stolen, implement full disk encryption.
3. Protect Passwords
Ensure that passwords and challenge responses are properly protected since they provide access to personal information. Passwords should be strong1 , unique for each account, and difficult to guess.
4. Limit Use of the Administrator Account
In every OS the highly-privileged administrator account has the ability to access all files and configurations on your system. Malware can more effectively compromise your system if executed while you are logged on as an administrator. Create a non-privileged “user” account for normal, everyday activities such as web browsing, email access, and file creation/editing. Only use the privileged account for maintenance, installations, and updates.
5. Update Software from Trusted Sources
Attackers often exploit vulnerabilities in unpatched, outdated software applications running on your computing device. Enable the auto-update feature for applications that offer this option and promptly install patches. If automated updates are not available within an application, seek out products that can quickly survey the product health/status. For mobile devices, disable third-party software installations, don’t jailbreak/root the device, and disable developer mode.
Network Recommendations
Home network devices include modems, routers, and wireless access points (WAP). These devices control the flow of information into and out of your network and should be carefully secured.
1. Improve Administrator Control
Your Internet Service Provider (ISP) may provide a modem/router as part of your service contract. To maximize administrative control over the routing and wireless features of your home network, use a personally owned routing device that connects to the ISP-provided modem/router. Use modern router features to create a separate wireless network for guests.
2. Employ Firewall Capabilities
Ensure your personally-owned routing device supports basic firewall capabilities. Verify that it includes Network Address Translation (NAT) to prevent internal systems from being scanned at the network boundary. WAPs Best Practices for Keeping Your Home Network Secure CFS U/OO/802635-16 generally do not provide these capabilities, so it may be necessary to purchase a router. If your ISP supports IPv6, ensure your router supports IPv6 firewall capabilities.