-
@ GHOSTn2H
2024-09-25 16:11:17PROTECT YOUR HOME (NETWORK)
This is actually a rather large topic depending on your needs and how far you are willing to go. I will most likely have to put out several posts on this topic. For today we will start at the very beginning and build from there.
This is going to be more of a beginners guide but that doesn't make it any less important. First you must get your home in order before you can do anything else. If bad actors get access to your network then they can use it for illegal things that will be tied to your IP address, use it to launch a bot for a DDoS attack, gain access to any of your home devices, or just hangout and watch you log into bank accounts or whatever.
I will be blunt, your home network sucks. It's slow and unsecure but we will be fixing that.
I. EVERYONE
- WHAT DO YOU HAVE?
Somewhere in your house you have either a phone cord or a cable coming out of the wall running to a box. Go find it. This is your modem, it "translates" the internet signal from your ISP to your house so you can use the internet.
Found it? Good. Now is there a cable coming from the modem to another box or do you just have one? This other box is your router, it is pretty common now that you will have a all in one modem, router, WIFI, etc. That's fine. Write down the model number of the router or all in one. Also there should be a sticker on the side with the administrator password (sometimes listed as access code) and maybe the WIFI password. Also look if the IP address is listed as well. You will need these for the next step.
- LOG IN
Go to your computer and fire up a web browser. Enter your routers IP address if it was listed, otherwise we are going to have to find your router's IP address.
In widows and Mac you can look under Network & Internet, scroll down to your internet connection and look for details or properties. Inside properties you are looking for something listed as default or gateway or IPv4 DNS Server. It will be a 192.168.X.X number.
Or you can open a command prompt and type: ipconfig /all
Or you can just do a internet search for your router model number IP.
You will know when you get the right one because a control screen for your router will pop up in the browser.
- UPDATE
First thing first check if there is any available updates. This could be it's own tab or listed under device or in diagnostics. If it asks you for a password use the one that was written on the side of the router. Install any available updates. Honestly they rarely update these things so if there is one then it must have been pretty needed.
- CHANGE THE LOCKS
You have to realize that this device is the front door between every internet device in your home and the outside wild internet. You are probably blasting WIFI signal all the way to the street. All someone has to do is connect to your WIFI and then they will have access to your router as well. The default administrator password for these mass produced ISP devices are not exactly secret. You can even find lists of them by brand. It is like locking your front door but leaving the key under the mat, not very secure.
Look in the settings and change the administrator password. Use your password manager to generate a 10 word passphrase. Change it to that and SAVE it in your password manager.
- RENAME AND CHANGE WIFI PASSWORD
In the settings change the default name of your network to something memorable. Do NOT use anything personal like your name, address, or router brand (Netgear or whatever). If you want to be cute you can use: Not Available, or Network Error or something like that.
Now change the WIFI password. Again use your password manager to generate a passphrase. You can cut it down to 6 words since you will probably be entering this one much more often. Be sure to SAVE it in your password manager.
- ADD A GUEST NETWORK
You don't just give your WIFI password to all the kids in the neighborhood that swing by to play with your kids or to your friends visiting do you? If so, STOP it. Setup a guest network. A guest network allows people to have WIFI access at your house without giving them access to the router. Yes I know we put a strong password on the router but it doesn't matter.
Setup a guest network with a easy password. If you have given this out to several people already that are coming back often you can name the guest network the old default name and use that default WIFI password. When friends and family come over their devices will have that name already saved and will connect automatically. This way you don't have to do the whole song and dance everytime someone comes over.
- CHANGE YOUR DNS SERVER
DNS is the Domain Name System. Remember the IP address we found earlier for the router? Every device connect to the internet has a unique IP address. Every server hosting a website, etc but luckily you don't have to remember 142.250.188.14, you can just go to Google.com
This works because behind the scenes your computer is checking with a DNS server to provide a human readable address instead of a bunch of numbers. The equivalent would be a phone book that gives you John Smith and not just a address somewhere.
There is a little bit more to it than that but you don't need to know all that in order to grasp the concept.
The default DNS in your router is probably the one provided by your ISP. Your ISP can see everything that pings against that DNS server and probably uses it to feed you ads. The DNS server provider impacts how a lot of your data is handled. It's speed, it's security, how it's logged, shared, and sold.
So change your DNS server. The default one your ISP gave you is shit. It will improve your speed and security but just remember that privacy and security are not the same thing. The Google Public DNS (8.8.8.8) is very secure and a good choice but as you can imagine the privacy is not really great. But not to worry, all the data they are collecting is anonymized ; )
Your best bet is to use your own DNS server with something like Pi Hole or Adguard home. Setting that up is a little bit beyond the scope of this article so I will cover it in greater detail in a future one. Until then Cloudflare (1.1.1.1) is probably your best choice until you run your own.
Now you have probably better privacy and security than most people with only these simple changes. Next steps would be to upgrade your hardware for faster internet, better firewall, more control, etc. Will detail in future drops.
Always Forward, GHOST