Customer network security tips
Staying secure in an online world
As we become more reliant on the internet for everyday aspects of life, it is important to ensure that you do so safely; with more and more devices becoming internet aware and connected, security is essential. In this article we will discuss some top tips for staying safe and secure online, with some very basic tips recommended by top internet security companies such as Norton.
Internet service providers go to great lengths to keep you safe online, but ultimately security breaches will almost always come from customer networks connected behind broadband internet routers. Most customers (both business and consumer) will have either a wireless or wired home network (in some cases a combination of the two), but regardless the same fundamentals for security will apply.
1) Router placement – For most home broadband internet users you will use a wireless (WiFi) router and it has become habit to place this device near to your main telephone which is often near to the front door. Having the WiFi router near to a front door will potentially provide strong WiFi signal to passers-by or neighbours and will also likely cause signal issues in other parts of your property (see our article for optimal router placement). Instead, try to place your WiFi router as centrally in your property as possible, this will minimise how far the WiFi signal broadcasts outside of your property. This may sound extreme, but not only could somebody gain access to your internet connection for free and without your knowledge but potentially they could gain access to devices in your home that are also using your wireless network.
Most business broadband internet users (and some home internet users) will likely use wired networking solutions to robustly distribute internet connectivity throughout their premises and this will require some security considerations. It is recommended that wired routers are in a locked cupboard or room to prevent unauthorized individuals from connecting devices without consent. It is common to use Dynamic Host Control Protocol (DHCP) to automatically assign Internet Protocol (IP) and Domain Name Server (DNS) addresses which allows a user to easily connect a device to a network without knowledge of the configuration.
2) Change Default Password – After router placement, the most important aspect of security is to change the default password required to log into the web interface of your router; in most instances, you will be prompted to change this password during the initial setup. The use of default passwords is now such a concern that the UK government is taking steps to ban the use of default passwords with the aim of mitigating any large scale cyber-attacks through the ever growing Internet of Things (IoT) boom which is seeing more and more devices connect to the internet.
3) Change default IP – For both wired and wireless routers it is strongly recommended that you change the default IP configuration; this will make it harder for somebody to gain access to your router. All wired and wireless router manufacturers provide great documentation that will guide you through the process of changing the default IP and you will also likely find some tutorial videos on YouTube. Be sure to make a note of the new IP before saving, as you will need the new IP to log back into your router once you save the settings.
4) Turn off DHCP – Whilst DHCP does make life easy when it comes to quickly connecting your devices to the internet, it also provides a huge security risk; with DHCP enabled, anyone can connect a device to your network and gain access to both the internet and other devices on your network. You may wish to weigh up the benefits verses the additional configuration required for each device on your network and you may feel that implementing other security enhancements may lessen the need for disabling DHCP. If you do opt to disable DHCP refer to the router manufacturers guide for steps required and considerations. You will need to make a note of the following information: IP Range (unique IPs available to configure on a unique device on your network), Subnet Mask, Default Gateway, and DNS (Primary & Secondary addresses).
5) Change your WiFi networks name – Manufacturers will use a generic name/Service Set Identifiers (SSID) which will give would be hackers knowledge of what brand and model of WiFi router you have installed, allowing them to target known exploits or try various combinations of default IPs and passwords to gain access. You should ensure that when changing the name of the network that you do not set anything that would give clues to the location of wireless router such as “Conservatory Wireless” or who it belongs to such as “Smith Family Wireless”.
6) Turn off network name broadcasting – After changing the name of your wireless network you can go a step further and turn off broadcasting which would stop people from seeing your wireless network in the list of “available” networks when performing a scan. When you want to join a device to your wireless network with broadcasting disabled you simply type in the name of your network and if typed correctly you will be prompted for the password to complete and join.
7) Use a strong WiFi password – Whilst it is tempting to use something simple for ease of remembering and typing into new devices, it is another big security risk. It is highly recommended that you set a complex password with a combination of letters, numbers, and characters. Some people like to use phrases.
8) Enable encryption – Many routers will have encryption disabled by default, so refer to the manufacturers user guide to locate and enable encryption. WiFi Protected Access 3 (WPA3) is the most current form of WiFi encryption though you may only have access to WPA, WPA2 or Wired Equivalent Privacy (WEP).
9) Router Updates – Just like computers, mobile phones, tablets, and televisions, wired and wireless broadband internet routers require periodic updates to ensure that they are protected against exploits and bugs. Refer to the manufacturers guide to find out how to either enable automatic updates (recommended) or manually update.
10) Frequently change passwords – It is good practice to periodically change the password to log into your router and to join the wireless network; over time it is likely that you will share your password with people and so changing the password will give you a fresh start.
11) Hardware upgrade – As with all technology, at some point you will simply need to upgrade to ensure that you are secured against the latest online threats; once a manufacturer deems that a device is obsolete, they will cease providing security updates. If your wireless router only has access to WEP encryption it is recommended that you upgrade to a new router that supports WPA2 or WPA3.