The number of devices that connect to your home wifi network is exploding.
Gone are the days of just worrying about spammers blowing up your PC with unwanted popup ads.
Even if you have the best home automation system you still have to worry about someone remotely unlocking the front door or spying on you and your kids inside your own home.
The good news is that you can learn how to secure your wifi network TODAY and keep the bad guys out of your personal home devices and prevent yourself from being the easy target of their vicious attacks.
**Note** This is a really long post. You can click on the links to navigate to one of the strategies that you are interested in below...
Here are 17 proven tactics to lock down your network so tight that it just might take a state level Russian hacker to get in.
#1. THE MODEM YOU GOT FROM YOUR ISP IS “LAUGHABLY” UNSECURE
Most modems provided by your Internet Service Provider (ISP) come with a backdoor installed so that their technicians can help setup the device and troubleshoot any problems you might have with your service.
The problem is that this backdoor is poorly secured, allowing hackers easy access to your network.
Once in, they can wreak all kinds of havoc as you could probably imagine.
If you have one of the following modems provided by your ISP you are especially at risk:
- Arris CM820A
- Arris DG860
- Arris DG950A
- Arris TM501A
- Arris TM602A
- Arris TM602B
- Arris TM722G
- Arris TM802G
- Arris TM822G
- Arris TG862
- Arris TG862A
- Arris WBM760A
All a hacker would have to do is find a password of the day generator easily found on the internet, enter a few parameters and then they are supplied with a backdoor password straight into your network.
Another issue is that some cable modems from your ISP won’t let you in to configure some really important settings. They take control of your security and completely lock you out.
I can understand why they would want to do this. The less someone can mess something up, the fewer support calls they get and the less they have to spend on customer service reps.
The problem is that they can’t be entirely trusted to do the job right. The password backdoor above is just one example.
The solution is to get your own cable modem where you control the security and there is no backdoor to exploit (Side Benefit - You’ll also save money because your ISP charges you a $5 - $12 Dollar monthly rental fee to use their equipment so the new modem essentially pays for itself after a few months).
You’ll want to get a modem that supports fast speeds even if you are on a lower data plan so that you don’t have to buy a new modem if you decide to upgrade to faster speeds later or if your ISP force upgrades your service.
My recommendation is the ARRIS SURFboard SB6183 DOCSIS 3.0 Cable Modem
(**Note - I have no affiliation with Arris or any of it's products and do not receive a commission if you purchase it.**)
Even though it is an Arris modem, since it’s not manufactured and provided for your ISP it doesn’t come with backdoor password access installed.
I like this modem because it offers fast speeds, it’s reliable and it works with most ISP’s (make sure that the SB6183 is compatible with your internet company).
It’s important to note that this only applies if you have cable internet service. Not a DSL line or if you use your modem for IP telephony / VoIP (where your cable service is also your home telephone provider).
Hook It Up To Your ISP
Once you purchase and plug in your new modem you’ll have to connect it up with your internet service provider.
This is pretty straight forward.
First, write down the mac address located on the bottom of your new arris modem.
You’ll need this for later.
Second, unplug the cable line from your ISP provided modem and plug it into the new arris cable modem.
Third, if you have a router, TV or any other device connected to the old modem, unplug the ethernet cable and plug the router into the port on the back of the arris. If you have any other devices connected directly into the back of your cable modem you will need to get a separate wifi router with ethernet ports (which I recommend anyhow because you know… security).
Finally, take the mac address you wrote down in step one and contact your internet provider's customer service and let them know that you installed your own modem. They will ask you for the mac address. You supply it to them and you’re done!
No more backdoor into your network and no more ridiculous rental fee from your ISP.
In the next step, we'll setup your wifi router and lock it down like Fort Knox.
#2. CONFIGURE YOUR ROUTER SETTINGS LIKE A PRO
To begin, I recommend getting The Linksys MAX-STREAM AC1900 Multi User-MIMO Router.
It’s blazing fast, can handle high traffic and supports up to 12 wifi devices at the same time without slowing down your network.
For this guide, I will be using the Linksys router for all of the tutorials. If you have another router that you want to use, the basic principles still apply. You will just need to find the equivalent setting for your router.
If you don’t have a router or you want to upgrade to the Linksys Max-Stream You can get that here:
(**Note: I am not affiliated with Linksys and do not receive a commission if you purchase this product. I just think it's a good, secure router and trying to demonstrate these steps with several different interfaces would be impossible.**)
Now, the default, out of the box settings for your router is riddled with security holes easily exploited by hackers. Here is what they are and how to change them.
A) Turn On The Firewall
Firewalls are an essential part of your network defense strategy. While not the end all be all, without it, you are just asking to be hacked.
What a firewall does is prevent unwanted network traffic. If it sees traffic coming from an unauthorized source it drops it and doesn’t let it through.
Most routers come with the firewall turned on by default but some models have it turned off.
1. To turn it on first, go to "Security"
2. Simply Check the boxes to turn on the firewall
You can also get a dedicated hardware firewall which we’ll go over in step #7 but for now, an important first step is to make sure it’s turned on.
B) Disable Remote Administration
Remote administration allows access to the router control panel outside of the network where someone can remotely configure your router without you knowing it.
It’s a good idea to only let authorized computers inside your home network access to your all important router settings.
Here are the steps:
1. Go to "Connectivity"
2. Click on the "Administration" tab and uncheck "Remote Access" Click "Apply" and you're done
C) Change Default Password
Changing the default password is a simple yet often overlooked strategy to keep your network safe.
Think about this. Most people who are even a little bit tech savvy know that your router username is “admin” and that your password is “password”.
They don’t even need to hack your network. They just need to enter in the defaults.
This is easily fixed.
1. Go to "Connectivity" again
2. Make sure the "Basic" tab is selected and change the network and router password
D) Change Default IP Address
As an exercise try this…
Open a new tab in your internet browser and type in 192.168.1.1 in the address bar.
What just happened?
In 9 out of 10 cases typing that into your browser just opened up your router configuration page. If you didn’t change your username and password in the last step chances are that you can just enter in “Admin” and “password” into the appropriate boxes and you’re in.
Even if you did change the username and password it’s still a good idea to keep access to your router configuration settings as hidden as possible.
The more easy steps we can take away from a hacker, the safer your network becomes.
Ok, let's do it.
1. Back to "Connectivity"
2. Click on "Local Network" Select "Edit and simply change it to something else like 126.96.36.199
All of these settings are super important to configure but now we’re going to get into some settings that are so critically important to change that they deserve their own step to complete.
#3. THE BIGGEST, EASIEST HACKER TARGET & HOW TO SHUT IT DOWN
There are professional hackers and then there are amateurs.
If you use outdated weak encryption like WEP on your network then you are just asking to get hijacked by teenagers who use simple programs that they can download from the internet to easily gain access your home wifi just like in this video...
WEP is an outdated encryption scheme that, according to pretty much all security experts is very easy to crack.
Some routers have this encryption setting turned on by default.
Let's go ahead and change it.
1. Go into "Wireless"
2. Change the "Security Mode" for both networks to "WPA2"
#4. BEING A GRACIOUS HOST CAN GET YOU HACKED
Most home routers come with a “Guest Mode” that allows you to create a separate username and password that you can give to a someone without giving them your everyday wifi passcode.
Sounds great in theory but the problem is that with some routers the guest network is completely naked. No encryption whatsoever. That means that anyone with a packet sniffer nearby can pull your guest password and have instant access to your network.
We also have that default password problem again.
People in the know, know that the password “bemyguest” will open up guest access to your network and they can immediately start stealing your bandwidth.
You could change this password to something else but I recommend turning off guest mode completely.
1. Select "Guest Access"
2. Set "Allow Guest Access" to "off"
If you really need a separate login for guests because you don’t want to give someone your embarrassing password (CharlieIsMySnuggleBunny anyone?) then I recommend following the steps in Strategy #6 - Create 2 WiFi Networks.
#5. LOOOONG PASSWORD -AND- THE ONLY GUARANTEED WAY TO REMEMBER IT EASILY
Long complicated passwords are a pain so you might be wondering why they’re even necessary.
First, some network breaches come from someone who knows you. They know your pet's name and your favorite baseball team.
While they are probably not motivated to steal your banking information (but they could be), if you don’t change your password to something impersonal, they could easily guess your passcode and start messing with you (we all have THAT friend don’t we (if you don’t have THAT friend then you probably are THAT friend… just sayin)).
Second reason is something called a brute force attack.
A brute force attack is basically a software program that guesses your password over and over again until all the characters click and then Bam!... They’re in.
Longer passwords are harder to crack than shorter ones for these types of programs. For every character you add to your password you are adding years worth of time that it takes for the software to guess the correct passcode (I recommend using 14 characters).
There is also some intelligence coded into brute force crackers. They start with words in the dictionary. If you have a password that contains an English word like “PinkFloyd”, these programs will crack your password much quicker than a random string of characters like edCvfr5@#fL9(!dw.
The problem with long complicated passwords is that they are hard to remember and easy to lose. To combat this problem we’re going to go low tech.
First, write down the password it two places. One on a piece of paper that you keep in your wallet or purse and one that you tape to the back of a picture that you hang in your house.
Don’t EVER remove the one from the back of the picture. If you lose the one in your wallet or purse you can write it down on a new piece of paper but if you lose both you’re hosed.
Also, don’t save it on a file in the cloud or on your computer. We want our password secure and there is no way we can completely guarantee that it will safe from hackers in any kind of computer file.
Some would recommend that you use a memory technique to remember your password.
I argue that you shouldn’t try to remember your password at all.
The more random and complicated it is, the more impossible it becomes to crack using logic.
Just write it down in two secure places and pull it out when you need it and hopefully in the near future we can use our thumbprints or a retina scan to gain access to the network.
#6. DOUBLE YOUR NETWORK - DOUBLE YOUR SECURITY
With more and more smart devices being connected to your router, hackers have more and more opportunities to infiltrate your network.
Some smart devices have less than optimum security baked into them and this can allow someone to go from your smart washing machine to the banking information on your computer.
The answer to this is to setup 2 separate networks. One for your computers, phones and tablets and one for your smart devices.
You will need 2 routers to accomplish this. You can get those here...
If you would like to use an old router for your second device you need to make sure that it supports multiple SSID's and you have the ability to install DD-WRT (this is custom, open source firmware for your router that you will need to install).
Now, I'm going to be honest here, this is tough to set up but if you're a thug, here are the instructions on how to do it...
#7. ENTERPRISE LEVEL SECURITY FOR YOUR HOME
It’s tempting to get a little crazy when it comes to securing your network. When you have degenerates hacking into baby monitors and yelling at children, it’s easy for a new parent to get totally freaked out and want to over secure their network.
While you don’t need a server rack full of firewalls and a highly paid team of network security professionals, if you want more peace of mind, consider a unified threat management (UTM) appliance.
A UTM device combines several network security functions in one shell.
1. Intrusion Detection & Protection (IDP) - A standard firewall simply limits access to your network to prevent intrusion. While effective, a more sophisticated hacker can potentially overcome the firewall and gain access to your network.
IDP, on the other hand, has a database of potential attacks (subscription required) that it references so it can stop threats to your network, making it more secure.
It will also stop threats coming from devices INSIDE your network. So if you get a new home security camera with a gaping security hole that the manufacturer didn’t detect, having an IDP will give you a much better chance of stopping it.
2. Anti-Virus Protection - A good UTM device will have gateway level anti-virus/anti-spam protection. This stops the attack before it gets to your network.
In general, a good AV solution will protect you from trojans, rogueware, worms, viruses, spyware and most other software related attacks to your devices.
It will require a yearly subscription, which I personally don’t mind because it helps pay for them to keep updating the system with protection from new attacks.
3. Content Filtering - There are many websites on the internet that will, when accessed, attempt to infect your network with many nasty types of viruses.
A good content filtering system will block these sites from ever being loaded by checking a central, constantly updated database of known threats.
You can also use it to block access to websites that you don’t want your kids to visit, thus making it a very effective parental control package that you don’t have to pay extra for.
If you want a UTM appliance I recommend ZyXEL Home Edition UTM Security Firewall (USG40HE).
You can check all of Zyxels products here...
(**Note: I have no affiliation with zyxel or any of it's products.**)
It has many enterprise level security features without going over the top with things that you don’t need.
It comes with a free one-year subscription to its content filtering and IDP services (anti-virus protection is available at an additional cost) keeping you updated and safe from the latest attacks.
You can set it up yourself or if you want help you have access to a free one-time setup call.
#8. HOW TO MAKE SURE YOU REMAIN SECURE
There are several simple steps you can take to improve your home network security:
1. Put tape over cameras when you're not using them.
2. Turn off devices when you're not using them.
3. Use external drives for really sensitive data and unplug them when not using them.
4. Don't put really critical stuff on networked devices if you don't have to.
Beyond that, no matter how hard tech companies try (including Apple and Microsoft who have entire dedicated security teams) it is absolutely impossible to plug every single security hole before it’s exploited.
Most of them do however patch these problems with software updates once they’re detected.
It’s important for you to keep up to date with all these security updates but it can be a real chore.
That’s why I recommend turning on auto-update.
Some might argue that you’re risking bugs from the update that can shut down your computer.
I would argue that when this happens it is QUICKLY fixed and these bugs rarely lead to complete system failure.
The bigger risk is not keeping your system up to date and secure from hackers.
Now, let’s face it. We all get busy and updating your software programs is not top of mind until disaster strikes.
To stop your network from being spammed or hijacked before it’s too late, here is the easy way to keep up to date with the latest security patches.
All Automatic Updates Are Not Created Equal
There are 3 different types of automatic updates.
1. Important updates that patch critical security holes and bugs for your OS
2. Nonessential updates that install performance enhancements, user interface tweaks, etc. for your OS
3. Software updates for the programs that you run on your computer
These 3 types of updates are handled differently on windows and mac machines so let’s go over them separately.
On a windows machine, you want to enable “Important Updates”. This will keep you up to date with all critical security patches.
You want to enable “Recommended Updates”. These are noncritical updates but can turn into a vulnerability later.
As far as updating software programs go, in windows, there is no built-in way to check if any of your 3rd party applications have an update. Some will have a popup that engages with a message for you to update when you open the program but some won’t.
There is a free program called FileHippo that will scan it’s database of updated software programs and recommend an update.
You can get FileHippo here…
As a side note, it’s also important to keep a backup of your system in case anything goes wrong. This is easily done inside the control panel. Simply search for “Backup”. That will help you find the utility no matter what version of Windows you are running.
On a mac, the process for automatically downloading and installing updates is pretty straight forward.
With the latest versions, OS X Yosemite or El Capitan:
1. Simply go into "System Preferences" from the apple menu
2. Select the “App Store” icon
3. Make sure everything is checked (other than “automatically download and install apps from another mac” unless you have a need for this).
This will ensure that all system and app store downloads are kept up to date.
It’s important to note that the only software programs that will be updated, are the ones that you purchased or downloaded from the app store. If you didn’t get the app from the app store, unfortunately, there is no automatic update solution available.
Also, make sure that you have Time Machine (the backup software that comes with mac) enabled so that just in case something goes wrong with an update you can easily restore your mac.
Time Machine is located in your system preferences.
Last but not least we need to make sure that the firmware on your router is kept up to date.
1. Go into "Connectivity"
2. Make sure the "Basic" tab is selected and check "Automatic" Under "Firmware Update"
#9. IS SOMEONE STEALING MY WIFI?
Want to know if your computer network has been hijacked under your nose or if your neighbor has been felching off your wifi, slowing down the bandwidth that you paid for.
There's a tool for that.
Here I’ll go over a how to catch a thieving neighbor or rogue network leaching itself to your router and I'll show you how to immediately kick them off.
The simplest way to detect if you have an unauthorized device leaching off of your network is to check your router device list. This will provide a list of devices that are connected.
1. Select "Device List"
2. That opens the list
I would recommend making a list of all devices that you have attached to your network like your TV, wifi printer, etc. and then go into your router control panel and try to match the device to your list of authorized devices that you created.
If you find a rogue device connected to your network, simply change your router password and make sure that WP2 encryption is enabled (see step 3).
If you can’t get into your router's device list or it simply doesn’t have one you can check who’s on your wifi by downloading…
It’s an easy to use program that will list all the devices connected to your network.
They have a monitoring service that you can pay for that will alert you if anyone new has attached themselves to your network so that you don’t have to keep checking your logs to see if any new fishy activity has happened since the last time checked in.
Smart Home Devices Have Different Needs
In this section, we're going to talk about securing smart home devices. They are exploding in popularity but their security is notoriously weak. We aim to fix that here.
#10. KEEP DANGEROUS THINGS DUMB
If you like to tinker it is entirely possible to create a smart valve that that would turn on your bath water and fill up your tub with warm water right before you got home.
It could also be completely disastrous.
Imagine a hacker flooding your house by turning on the water and disabling the shutoff sensor when you’re at work.
Other than custom setups, there is also a danger in hooking some common items in your home to a smart plug that allows you control things remotely by shutting on and off power to the device.
I would avoid space heaters because of their reputation for starting fires in the home. You can’t be sure that someone didn’t move it close to a curtain or sofa when you were out and if you turn it on remotely when you’re away from the house it could spell disaster.
Blenders are another appliance that I would shy away from hooking into a smart plug especially if you have children. That just sounds like a horror story waiting to happen to me.
#11. SOME SMART LOCKS AREN'T SO SMART
There are many smart locks on the market that you can open with your phone or hook up to a smart assistant like Amazon Echo.
Recently at a hacker conference it was shown that many of these locks can be opened easily due to manufacturer neglect or complete indifference.
All of the manufacturers were contacted and made aware of the easy hackability of their products and they either didn’t respond or they flat out said that they weren’t going to fix the problems.
Here is a list of locks that were opened by a variety of attacks -
- Quicklock Door & Padlock v. 1.5
- iBluLock Padlock v. 1.9
- Plantraco Phantomlock v 1.6
- Ceomate Bluetooth Smart Deadlock v. 2.0.1
- Elecycle EL797 & EL797G Smart Padlock v. 1.8
- Vians Bluetooth Smart Doorlock v. 1.1.1
- Lagute Sciener Smart Doorlock v. 3.0.0
Some of these locks were actually hacked to lock out the homeowner. Could you imagine coming home from a long day at work to be locked out of your own house!?! No Thanks!
Needless to say, until the issues with these locks are fixed, be very cautious about using them to secure your home.
Now, these aren’t the only locks that can’t be easily hacked, they’re just the ones that were used for demonstration at the conference.
The things to look out for in purchasing a smart lock to protect your home and belongings are:
1. Proper Encryption - Some smart locks have weak encryption that is easily cracked. Once hacked someone can quickly obtain the password to your lock.
2. Two Factor Authentication - This is where a software token is stored on a device like your cell phone. If you ever want to access the lock you need an e-mail address and or phone number (Factor 1) and your physical phone where the token is stored (factor 2).
3. No Hard Coded Password - A hard coded password is one way that can be used by manufacturers in case you lose your code and they have to give you a temp so that you can access the lock.
The problem is that they are vulnerable to brute force attacks (where a software program guesses your password over and over again until it gets it right) because of their limited number of possible combinations.
If your new smart lock does have a hardcoded password make sure that it is LOOOOOONG so it will take a brute force attack several years to crack the code.
The Good List
- NoKe Smart Padlock
- Masterlock Padlock
- August Doorlock
Let’s talk a bit more about these three locks.
The August Smart Lock
[easyazon_link identifier="B0168IXNZQ" locale="US" tag="shgguide-20" cart="n"]August Smart Lock HomeKit Enabled [/easyazon_link]
Along with being the most secure lock out of the bunch, this thing is also really cool.
With the august door lock, you no longer need to fumble with your keys. Now you can unlock the front door automatically by simply carrying around the smartphone you already have with you.
If you purchase the optional connect hub or if you own an Apple TV (3rd generation or later) you can control access to your home from anywhere.
There are a number of scenarios where this can come in handy, for example.
1. A friend or family member needs to borrow something
2. You hire someone to clean or do work on your house
3. You hire a moving company to deliver a heavy item
4. You rent out your house Airbnb style.
In the past, you may have needed to leave a key under the mat (which is terribly un-secure) or rearrange your entire schedule to make sure that you were home.
Now you can just send a temporary virtual key to the handyman, friend or house guest and get on with your life.
(If you’re worried about what shenanigans might go on with a stranger in your house without you being there check out my review for this security system).
You can also review the log on your phone to see who enters and exits your house. This will give you peace of mind if you’re worried about when your kids or spouse get home.
This thing is really easy to install. It only takes about 15 minutes max to attach.
The ingenious thing about the august smart lock is that it works with your existing deadbolt. That means that you can still use your keys to get into your house should you damage or lose your smartphone.
It also comes in 4 really cool colors and it’s super silent when in operation.
Here are some other really cool things you can do with the august smart lock…
Auto Lock and Unlock with Geofencing
Now, when you leave your home you don’t even need to remember to lock the door. With geofencing your door will automatically lock when you get a certain distance from the door.
When you get home it will automatically unlock so you don’t need to mess with your keys (this also really comes in handy if you’re carrying in groceries).
You can also set it up to turn on your lights when it senses that you’re home with IFTTT integration.
August recently opened the doors to IFTTT and all it’s wonderful cross-platform capabilities.
Here are just a few of the nifty things you can do with the august lock and IFTTT recipes:
1. Turn on your smart lights when your august lock registers that you’re home
2. Activate your security camera when you leave
3. Turn off your oven when you leave the house (smart oven required)
4. Get a notification that someone is home on your car dashboard (BMW required)
5. Turn on or off Wemo smart plug (you can have any number of things attached to the smart plug including lights, a coffee maker, fans etc.)
For more info on what you can do with the August smart lock along with some other cool smart home setups check out the DIY smart home guide
More and more IFTTT recipes will come online in the future, expanding august locks capabilities to do even more cool things.
Masterlock and Noki
While being secure and harder to hack digitally, these two locks aren’t quite ready for prime time.
The biggest complaints are that it isn’t weather resistant enough (Noki) or the Bluetooth stops working after a while (Masterlock).
They will improve for sure but for now, I’d take a pass.
Now, the bottom line is that if someone really wants to steal a bike or break in your house they’ll figure out a way (like smashing a window) but let’s not make it easy for them.
The August Door lock takes security seriously and right now it’s the only one I trust and recommend.
Check it out at Amazon...
[easyazon_link identifier="B0168IXNZQ" locale="US" tag="shgguide-20" cart="n"]August Smart Lock HomeKit Enabled [/easyazon_link]
#12. HOW TO FIX THE TWO BIGGEST SMART HOME SECURITY HOLES PART 1
Universal plug n play (UPnP) makes it easy for you to set up all the new devices on your network without a lot of know-how.
It’s such a big security risk that even the FBI has been issuing warnings about the protocol since all the way back in 2001 as hackers have long been exploiting this gaping hole.
Depending on your configuration, there are a few tricks that hackers can use to do nasty things to your network.
A) Buffer Overflow - The buffer is a special section of your system's memory set aside to interact with external devices such as a modem, keyboard, mouse etc.
A buffer overrun is when a program starts running over into adjacent memory locations.
This can cause erratic program behavior, memory access errors, incorrect results, a complete system crash, or a breach in your system security.
B) DoS (Denial of Service) Attack - This is when your network is flooded with random requests in an attempt to overload your system.
This can cause slow network performance, unavailability of certain websites, complete inability to access any website at all and dropped internet connections.
C) DDoS (Distributed Denial of Service) Attack - This is where your network is recruited to send random requests to a target that a hacker chooses like a financial institution or popular website.
This can significantly slow down your network performance.
D) Soap Requests - SOAP (Simple Object Access Protocol) is a protocol used to exchange information over the internet to different systems. It’s used by web developers because it is independent of which operating system you use (Linux, Windows, OSX, etc).
If your router accepts SOAP requests, hackers can use standard tools like UMap to punch a hole in your firewall. This would allow them access to the devices on your network.
Disabling UPnP will require you to manually assign ports on your router to each individual device. Whether or not you want to go through that hassle every time you get a new smart device is up to you.
If you choose to disable it here’s how:
1. First, go into "Connectivity" from the router configuration page
2. Uncheck the box next to UPnP to disable.
You will now need to manually assign ports for each device on your network.
In this example, I am going to use the harmony remote hub.
1. You first need to find out what port your devices uses to communicate with the network. You can sometimes find this in your setup manual for the device or you can do a google search for "device name" port. In our example I searched for "harmony remote port number" and was taken to this site:
2. Now that you have the port number which is 5222 go into "Security"
3. Select the "Apps and Gaming" Tab and click on "Single Port Forwarding" and click the button for "Add a new Single Port Forwarding"
4. Enter the application name and type in the port number we got from step #1. Leave the device IP# at the default. Click Save and Click Apply.
#13. HOW TO FIX THE TWO BIGGEST SMART HOME SECURITY HOLES PART 2
Some new smart devices place themselves outside of the network firewall for easy setup and internet access for the user.
It's been found that a few IP security cameras, for example, rely on the user creating a strong password and use self-contained web pages for security management. But it’s not enough and in the case of security cameras, once in, a hacker can shut them off completely or worse, they can spy on you without you even knowing it.
This is easily fixed by securing all your devices behind the network firewall and enabling port forwarding so that only you or someone you authorize can access smart devices over the internet.
We went over port forwarding in the last step.
Another way to protect yourself is to set up a Virtual Private Network (VPN).
This will secure your connection from outside attacks by hiding your IP address and creating a secure connection between your phone, laptop, tablet or whatever device you use to connect to your home network from the internet when you are out of the house.
There is a small charge for connecting to a Virtual Private Server (VPS). It's about $10 bucks or so.
To find a good VPS to hookup to check out -
You will also need to set it up on your network. Here is a great tutorial for that...
#14. DEDICATED SMART HOME PROTECTION DEVICES
With the “IoT” (Internet of Things) finally gaining traction in the marketplace, many companies are creating stand-alone security devices to keep your home network safe.
Purchasing one of these hardware solutions may make it easier for the average user to secure their network.
As of this writing, there is only one product in the smart home network security device category that is available for purchase.
It’s called CUJO.
(**Note: I am in no way affiliated with Cujo or any of it's it's products.**)
CUJO is a small personal firewall with advanced enterprise level security built in.
It aims to help the average user protect their network without having to manually change a lot of complicated router settings.
It’s compatible with any router and it will protect all the devices on your network (tablet, wifi lights, automatic door locks etc) not just your computer.
It’s a fact that malicious software (malware) is getting more and more sophisticated by the day. With all the new technology loaded into home devices, a rogue programmer can attack a smart fridge and end up controlling your entire network including your TV, your smart thermostat, your banking information.
One insidious type of malware called ransomware will actually lock you completely out of your computers until you pay the attacker real money to have it released!
Your first line of defense against ransomeware is a good backup system.
As a secondary, Cujo will protect you against these types of threats and with its advanced learning capabilities it is set up to protect you from the malware of the future.
Cujo includes machine learning, behavior analysis and threat intelligence which allows it to learn and understand new threats to your network on the fly.
This means that you don’t have to keep updating the firmware on your router and the antivirus software on your computer. You will constantly be safe and up to date without lifting a finger.
This type of protection was only available to enterprise-level businesses in the past for a hefty price. Now you can get it with CUJO for $8.99 a month and the first 4 months are free.
Easy To Use Mobile App
The mobile app allows you to instantly see what devices are on your network. If there is something or someone who is unauthorized on the list you can block access immediately.
It also has a sophisticated but easy to understand and use threat management system that shows you what threats it has blocked and any warnings that you may need to address.
CUJO has fast ethernet (1GB) built in so it won’t bog down your network causing unnecessary slowdowns.
I find this to be important because I don’t pay for fast internet just so I can wait for Netflix to buffer or for my video games to lag when I’m playing online.
If you aren’t tech savvy not to worry. For most home networks all you have to do is plug an ethernet cable from CUJO into the cable modem you got from your ISP, set the CUJO app to automatic mode and you’re done.
If you have a cable modem and an external router, CUJO can be setup in bridge mode to work seamlessly between the 2 devices and give you continuing protection for all the devices on your network. This takes a little more work but like automatic mode, bridge mode is pretty easy to setup.
The one thing I don’t like about CUJO is that it doesn’t protect against default password hacks. This is where a hacker uses the default password that comes with a device (like Username: Admin Password: Password) to easily gain access to your network.
A lot of people just leave it at the default (for a quick example, check out this site where thousands of people didn’t bother to change the password to their video security system InstaCam).
It would be nice if CUJO could test your devices for default password’s and warn you to change them.
Maybe in the future.
All in all, I’d say this is a solid device. Other than a few people with some setup issues (and who doesn’t have setup problems with a device now and then) most users on Amazon agree that CUJO is simple, easy to use and powerful.
Go check it out here...
[easyazon_link identifier="B017B53DLY" locale="US" tag="shgguide-20" cart="n"]CUJO Smart Internet Security Firewall[/easyazon_link]
Cujo is continuing to evolve. In the recent past, in certain setups, Cujo would intercept traffic from your devices via an ARP spoof. An ARP spoof is used to associate the MAC address with an IP address of another host.
This technique has long been used by hackers to open the door to other attacks such as Denial of Service and man in the middle attacks.
Cujo has removed ARP spoofing which, on one hand great, but on the other hand makes it harder to setup. Instead of simple plug and play, the setup becomes more cumbersome.
There are other companies working on simple home network security like Dojo and F-secure. We will see who comes out on top but for now, if you follow all the steps in this guide you will be a lot safer than the general public.
#15. YOUR FRIEND TODAY COULD BE YOUR ENEMY TOMORROW -OR-
RESETTING PASSWORDS WHEN YOU NEED TO
If you got in a fight with your roommate and told them to hit the road it’s probably a good idea to remove their access to your front door lock and thermostat.
Here’s what you need to do to re-secure your home devices.
First, you need to know what devices are on your network. To do this just go into your router settings and look at the device list.
If you are the administrator on the network this will be easy. Simply go into the router control panel and supply the username and password.
If your old roommate or ex-husband/wife is the administrator this becomes a bit more challenging.
You will have to reset the router, but before you do that you have to get a list of devices on your network because once the router is reset, so is the device list and you won’t be able to easily tell what is on your network.
To get a list of devices without having access to the router go to whosonmywifi.com and download the software.
It will show you a list of devices. Just look in the bottom right corner under "Manufacturer".
In this example, it's showing my Philips Hue Smart Lighting Kit.
Some of them will be recognizable like the screenshot above but some of them won't like the screenshot below.
Write down the easy ones and count the total number of devices on the network.
Then search your house and try to figure out the "Unknown" devices. This can be a real challenge because sometimes, someone is leeching off your wifi and their device will show up on your list even though it’s not in your house.
Just do your best. If you miss something, look for suspicious behavior in your house and deal with it if it comes up.
Now this is the real pain in the butt part. You will have to go on the Internet and for each device, in the house, you need to search and figure out how to set it back to factory defaults.
After you set all your devices to factory defaults it’s time to reset your router.
Go to the back of the router and with a pen, hold down the tiny reset button for 30 seconds.
This will restore your router to the default settings. After that, go online and search for the default username, password and IP address for the make and model of your router.
Open a browser window and type in the default IP address and you will be taken to the control panel.
Now go up back up to step #2 in this article and configure your settings for security.
Then go and setup all your devices.
This will ensure that no one can mess with you and your smart home.
#16. THE DARKNET IS COMING - THE FUTURE OF WIFI SECURITY
One of the problems with having smart devices on your network is that anyone with the right software can effectively see everything from your smart door lock to your security camera.
If they can see it, they will have an easier time hacking it.
To combat this, the Guardian Project (a group of software developers, designers, and activists) is working on a way to hide all the devices in your network.
How are they going to do it?
They are going to route all of your traffic through the dark web. Yes, the same network used by spies, undercover government agencies, and criminals. People and organizations whose livelihood and physical safety depend on keeping things secret.
TOR (the onion network) from the Guardian Project uses end to end encryption to effectively hide your network traffic.
They do this by routing the traffic through a random group of computers that are set up by volunteers to bounce around your encrypted data until it reaches its destination. Each node strips off a layer of encryption as it passes through so that when it gets to it’s destination it can be read by the end computer.
On top of the standard TOR installation, they are also adding state of the art authentication that doesn’t allow anyone to connect to your network without a custom cookie that is unique to you.
This is still in the early stages of development. They don’t even have a working model setup that works with iOS yet.
If you’re very computer savvy you can go and set up an onion server and configure it for home device security right now but you will have to do some coding.
In the future, though your devices will be much safer when these stand alone onion network security boxes are available for mass consumption.
#17. SECURE YOUR AMAZON ECHO
Alexa is amazing. She (usually) does whatever I ask her to do... but the problem is that I’m not that special, and she will (usually) do whatever anyone else asks her to do too.
The Echo literally has no idea who I am. It only knows what I, or anyone else, commands it to do.
That opens your smart home up to risk.
Imagine that you have a smart door lock installed on your front door and have it connected to the amazon echo.
If someone outside yells “Alexa trigger front door”, loud enough, Alexa will pick it up, politely say “Ok” and let them right in.
The only way to stop this from happening is to turn off your echo when you’re not at home.
Now you might be thinking “how am I going to remember to do that every time I leave the house?!?”.
Well, you don’t have to.
We are going to set up a geofence to do the dirty work for us and thankfully, it’s super easy.
First, go purchase a smart plug. I recommend the Belkin Wemo for our purposes because it easily hooks up to IFTTT (the internet magic that makes this all work).
Then plug your Amazon Echo into the smart plug.
Next, we need to setup IFTTT if you haven’t already.
First, go to ifttt.com and signup. It’s a simple 3 step setup process and shouldn’t take you long at all.
After you setup, you need to activate the Wemo channel to make this work.
First download and install the Wemo app from your android or iPhone app store if you haven’t already done so. Then...
1. Go into settings and select more from the bottom right corner
2. Next select connect
3. Supply your username and password
4. Select your device
Now we need to create a new recipe.
1. Go back to IFTTT @ https://ifttt.com/wemo_switch and select create new recipe
2. Click on this
3. Type in “location”
4. Select “You enter or exit an area”
5. Select the location of your house and click on create trigger
6. Click on that
7. Type in Wemo and select your smart plug
8. Select “Toggle on/off”
9. Click on the drop-down menu and select the Wemo switch that is connected to your amazon echo and then click on “Create Action”
10. Click on “Create Recipe” and you’re done!
Now Alexa will only listen when you’re around.
And there you have it.
17 strategies that when implemented will keep you safe and secure in this new world of smart devices in your home.