Home Wi-Fi Network Security Guidelines

Overview

There are a couple of basic principles to securing your home network: 1) keeping the devices connected to it up-to-date and secure and 2) securing your home wireless router.  Each manufacturer of equipment is different and some internet gateways have wireless built into them; for specific instructions see the documentation from your internet service provider (ISP) or the manufacturer of your device. 

Information

  1. Keep all your internet-enabled devices, tablets, and computers updated with the latest operating systems, applications, web browsers, and security software. This includes anything that connects to your network, such as Internet of Things (IoT) devices like personal assistant devices (e.g. Amazon Echo), thermostat, smart speaker, TV and so on. Check your devices regularly for updates and where possible, configure them to automatically update. Security software includes anti-virus or anti-malware software.  See more best practices at Personal Computer Security Guidelines for Windows,Personal Computer Security Guidelines for macOSInternet of Things (IoT) Device Security Recommendations (e.g. Amazon Echo, Apple HomePod, Google Home, etc), and Mobile Device Security Recommendations.
  2. Secure your wireless router. Your home Wi-Fi network is created by either connecting a wireless router to an internet access point, such as a cable or DSL modem or a single unit that acts as an internet gateway and has a built-in wireless router.  The default settings on your wireless router, such as the default username and password, can be compromised by an attacker.  Here are ways to secure your network. If necessary, please refer to the detailed instructions from your ISP or the manufacturer of your wireless router.
    • Change the name of your wireless network. The SSID (Service Set Identifier) is the name of your network. The default SSID broadcast by your router is assigned by the manufacturer. Change it to a SSID that is unique to you and does not reveal information about the model or manufacturer of the wireless router used on your network.
    • Change the preset password for your router log in. Leaving a default password unchanged makes it much easier for unauthorized people to access your network. Some routers allow you to select a username, if yours does, change the account from ‘admin’ or whatever the default is to something unique. Choose a strong password and store the username and password in a safe place, you will need this username and password if you ever need to change your router’s settings again.
    • Encrypt your Wi-Fi traffic.  When choosing your router encryption algorithm, select Wi-Fi Protected Access III (WPA3) or Wi-Fi Protected Access II (WPA2).  WPA3 is the newest, most secure Wi-Fi encryption.  You must make sure that all of your devices that will be joining the network support the encryption algorithm, WPA3 is not as widely supported as WPA2.
    • Disable remote administration. It is unlikely that you will need to remotely administer your home network.
    • Position the router strategically and limit your Wi-Fi network’s coverage. Do not place your router in a location were anyone can plug a cable in to connect to the network.  Try to position it where the wireless signal reaches only the locations where you want access to the network.
    • Use a firewall. A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined security rules. It establishes a barrier between your internal network and the outside Internet. Your operating system and/or security software likely comes with a pre-installed firewall. Make sure it is turned on.
    • Power Off Wi-Fi if not in use.  If you are going on vacation or will not be using the network for an extended time period, it is a good idea to turn off Wi-Fi to prevent unwanted access to your home network.