Think back to The time of 2019 BC (Before Covid). If you were working in an office, did your office allow cats? Likely not, and with good reason. Cats are jerks and are determined to bring about the end of the world if left unsupervised around a laptop.
This may be an exaggeration, but the risk is still real. If your cat is anything like mine, he will walk across your laptop keyboard more than once a day often deciding to roll or nap on it for the warmth it gives off.
In April of 2020 when the pandemic forced almost everyone to work from home, NASA was no different. Dr. Amber Straughn of NASA tweeted:
Now imagine you are a programmer, and a few extra characters get inserted into code that is doing something critical like life support or controls equipment at military installations.
Now let’s shift gears and swap out the cat for a toddler. Would you let you toddler play on a work laptop? Would you have done that in the office?
Now let’s swap out the cat for a shady neighbor that is using your Wi-Fi. The reality is that home network in most cases is a lot less secure and safe than your office network.
So Cats, kids, shady neighbors. Please note there is no mention of a dogs because everyone knows he is a good boy and he would never do anything wrong. Personally, I worry about a lot of things and the devices on my Wi-Fi is one that concerns me. I know that at my work I have radius and certificate-based Wi-Fi providing Multi-factor authentication (MFA) just to connect. At my house I have a router that is using a password from 2008. And the only reason I know it is from 2008 is because 2008 is in the Wi-Fi key and it has not changed since then. Every time I got a new router, I just set the name and key to be what I had before.
So when I realized that I would be working from home for a extended amount of time, I decided to step up my game. If you work from home as well and you have cats, kids, or other people sharing the same Wi-Fi, here are some suggestions to make your home network more secure.
1. Segmentation: The fastest and easiest way to accomplish this deploy a new Wi-Fi router that is setup for work use only and is connected directly into the internet providers equipment. This will at least provide a single layer of NAT (Network Address Translation) and add a layer of security.
-
- I am a network engineer, and my home setup is configured with vlans and my work vlan is completely isolated from my kids or my wife’s network. The kids network is also separate and is filtered. I also have an IOT, Security, and Chicken VLAN.
- Each network has its own WPA2 PSK password.
2. Device Management: Log into the Wi-Fi router and find the page that displays the devices. Do you know what every device is? Sometimes the device names will display as MAC addresses and this becomes difficult to identify. The recommendation here is to change the PSK password and add each device back to Wi-Fi and noting the devices and what they are.
-
- Once you have confirmed all the devices make a note to check this for changes or when you add a new device to the Wi-Fi.
- In some newer routers you even get the option to setup notifications for when new devices join your network.
- My Security VLAN only has 9 IP address on it. 8 Cameras and 1 DVR Server. That never changes and if it did that would be very concerning. Same with my kids vlan, I know there are 3 tablets and 3 chrome books. There are never more than 6 devices on this Wi-Fi.
3. Firewall: The last line of defense. Most routers only do NAT and nothing more. While this is necessary there is a lot more that modern firewalls can do like content filtering, Advanced Malware Protections, Intrusion detection and prevention, and access control list.
-
- Content filtering: Blocking internet website like travel or worse things like cat pictures.
- I utilize this feature heavily for my kids VLAN and associated wireless network.
- AMP: Advanced Malware Protection is critical in preventing any known threat signatures from getting into your network.
- IDS: Intrusion Detection system allows you to block malicious packets of information.
- ACL/Firewall rules: Most modern firewalls will allow you to block any Network ID’s or even whole countries or origin from communicating to your network.
In the end, home security is up to you to enforce. If you read this entire article and are wondering why my chickens have their own vlan and Wi-Fi, let me say I don’t trust anyone on my network even my chickens. More on that later though in another blog post.
As always, if your work network is using the same Wi-Fi key for the last 10 years, feel free to reach out to NuWave and we can setup you up with some better modern security!