I wanted to put together a post that I think will help educate people on how to secure their home network in the IoT world. Some of you may ask why I think this post may be necessary. Here’s the deal, most of the big IoT companies take security very seriously, and SmartThings recently came out on top as far as security goes with smart home devices (Congrats STs!!)
Your network security is only secure as the weakest point of entry. So although SmartThings, and others, take the security of their product seriously, if you do not take the security of your own network as seriously your network can be vulnerable.
Keeping your network secure from 99% of the world is relatively easy with a few simple steps. I will go over some of the things you can do to secure your home network and provide some insight into why and what each step does to secure your network.
- Never use the “stock” username and password for ANYTHING. You don’t want to do this for a few reasons.
- For all routers in the world there is generally a stock admin username/password that a quick google search will reveal. Most of them are something like Username = admin password = password.
- If you have an IP camera and use the stock Username/Password you run into the same problem. Most of them are exactly the same. Change those bad boys!
- Stock Wi-Fi WAN passwords are "OK" but in theory they are relatively weak.
- The access point name tends to be very similar for many router brands. People will zero in on these because they assume they are left relatively unsecure.
- The passwords are generally devoid of all the good characters. Your passwords should always contain At least one of the following categories and be at least 10+ characters long
- Uppercase letters
- Lowercase letters
- Special Characters
- Your password should not have any personal tie to you or your family.
Turn on your firewall
- Your firewall is probably already turned on but it’s worth checking.
- Your firewall will keep anyone from scanning your network from across the world looking for open ports.
- An open port can be a gateway for someone to be able to look into your network.
- Turn on Mac Filtering
- This is one that a lot of people don’t turn on. Mostly because it then requires active management of your network.
- Every device that can connect to a Wi-Fi network has a unique ID called the “physical address” or “MAC” (Media Access Control) address. Wireless routers can screen the MAC addresses of all devices that connect to them, and users can set their wireless network to accept connections only from devices with MAC addresses that the router is set to recognize. In order to create another obstacle to unauthorized access, change your router’s settings to activate its MAC address filter to include only your devices.
- Turn wireless broadcasting off
- While this may be a little bit of an inconvenience when adding a new device it can add some major security benefits.
- Wireless routers may broadcast the name of the network (the “SSID”) to the general public. This feature is often useful for businesses, libraries, hotels and restaurants that want to offer wireless Internet access to customers, but it is usually unnecessary for a private wireless network. It is recommended that owners of home Wi-Fi networks turn this feature off.
Disable ping (ICMP) reply on router’s/firewall’s outside interface
- Typically port scans aren’t run against nodes that appear to be down
These few things, although seemingly simple, are not done by most people. Keeping these things in mind can make a world of difference in your network security and allow you to have more peace of mind as you build your IoT network at home.
Here are some articles that can give you some insight into the importance of the points above.
I hope this helps! Most people here may already know this stuff but, for those that don’t please feel free to ask me questions here or through a PM.
Disclaimer: I am not responsible for any damage done to your equipment through external or internal means.