NSA Released Checklist To Secure Home Wi-Fi Network

Cybercriminals can breach the security of your home WiFi and potentially cause you significant harm. Your home network may be used by malicious cyber actors to access sensitive, private, and personal data.

The National Security Agency published best practices for securing your home network to assist you in protecting yourself, your family, and your work by engaging in cybersecurity-aware behaviors.

Adopt the Following Mitigations to Your Home Network

• Upgrade and update all equipment and software regularly, including routing devices.
• Exercise secure habits by backing up your data and disconnecting devices when connections are not needed.
• Limit administration to the internal network only.

Checklist To Secure Home Wi-Fi Network

To minimize the danger of compromise, all electronic computing equipment, including computers, laptops, printers, smartphones, tablets, security cameras, household appliances, automobiles, and other “Internet of Things” (IoT) devices, must be secured.

Further, by adopting the most recent version of an OS that is supported for desktops, laptops, and mobile devices, you can make it more difficult for an adversary to obtain privileged access. IoT devices connected to a home network are frequently overlooked but also need updates.

NSA recommends turning on the automatic update feature. Download and install patches and updates from a trusted vendor once a month if automated updates are not possible.

“To maximize administrative control over the routing and wireless features of your home network, consider using a personally owned routing device that connects to the ISP-provided modem/router”, recommends NSA.

Also, for network separation from your more reliable and private gadgets, use modern router features to set up a separate wireless network for visitors.

“To minimize vulnerabilities and improve security, the routing devices on your home network should be updated to the latest patches, preferably through automatic updates. These devices should also be replaced when they reach end-of-life (EOL) for support”, NSA.

Make sure your personal or ISP-provided WAP is capable of Wi-Fi Protected Access 3 to keep your wireless communications private (WPA3). You can use WPA2/3 if any of the devices on your network do not support WPA3.

NSA mentions that to keep wireless communication secure on your home network, use network segmentation. Your wireless network should be segmented at a minimum into your primary Wi-Fi, guest Wi-Fi, and IoT network.

Make sure your personal router can perform the most basic firewall functions. In order to prevent internal systems from being scanned over the network boundary, make sure it has network address translation (NAT). Make sure your router has IPv6 firewall support if your ISP accepts it.

Use security software with anti-virus, anti-phishing, anti-malware, safe surfing, and firewall features for a layered defense.

“Passwords should be strong, unique for each account, and difficult to guess. Passwords and answers to challenge questions should not be stored in plain text form on the system or anywhere a malicious actor might have access. Using a password manager is highly recommended”, NSA.

It is important to disable the ability to perform remote administration on the routing device. Only make network configuration changes from within your internal network. 

NSA suggests scheduling weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security. 

Using a virtual private network (VPN) to remotely connect to your internal corporate network via a secure tunnel is one solution for securely accessing work information. This provides an added layer of security while allowing you to take advantage of services normally offered to on-site users.

Hackers may use email as a method of attack. Use a unique password for each account, avoid clicking attachments or links in unwanted emails, and more. Unless absolutely required, avoid using the out-of-office message option. Use secure email protocols at all times, especially when connected to a wireless network.

“If you must access the Internet while away from home, avoid direct use of public wireless. When possible, use a corporate or personal Wi-Fi hotspot with strong authentication and encryption”, says NSA.

The NSA offered advice on its ‘Information Sheet’ about how to protect wireless devices, phone or video communications, IPsec Virtual Private Networks, as well as how to minimize the dangers associated with location tracking.

Network Security Checklist – Download Free E-Book