It’s easy to secure your home network (guide)


For cybercriminals and hackers, most home networks are like an unlocked door beckoning you in, looking around, and stealing everything inside. Well, luckily, securing your home network is easy.

Not that cybercriminals have time to stare at the billions of internet-connected devices. Instead, a global network of bots scours the Internet for unsecured routers, IP cameras, Internet of Things, and more.

For example, when the Russian botnet Mirai (and its knockoffs like Mozi) finds an insecure device, it takes control for possible use. This includes its use to launch a DDoS attack (denial of service attack), phishing campaigns, click fraud, and theft of files, passwords, and banking details. If you’re wondering, my home router had over 8,000 bot break-in attempts in March alone. My network is secure, is it yours?

Let’s start with a simple test

Go to Gibson Research and run Shields Up to test your network. You’ll know if you need to read the rest of this guide in seconds.

What is an unsecured device?

Anything that connects to the internet is at risk. It has two main characteristics. First, and most important, it always has the default admin password – usually admin/password. Changing the admin password alone should slow down any bot attack.

Unfortunately, the second feature is old or outdated firmware, which can be harder to fix. Billions of IoT devices have never had a firmware update to close security holes, and Mirai can take advantage of that. Most of the vulnerabilities are backdoors from the manufacturers to allow them access for testing purposes. Some flaws use the IoT device’s embedded web server to launch a brute-force password attack. Updating firmware (if you can) should reduce the chance of a bot attack

This applies to routers, cameras, lights, thermostats, robovacs – any smart device. If your devices are a few years old and cannot be updated, you need to replace them or take stricter measures.

What are these stronger measures?

At a minimum, move all IoT devices to the 2.4 Ghz of your home router Guest Network. It is a physically separate network that cannot interact with devices on the main network.

Double NAT is very good.

It simply means that you put another router before your home network router. Many already have an NBN “gateway” modem/router – see Crappy NBN FTTN Modem – here are some better ones (guide). This, for example, has an IP address of (you should change that anyway as bots start looking at this address). Tethering your home network router and giving an IP address of means the bots only see the gateway.

Install a network protection device

I use Trend Micro Ultimate device security. This is a black box that allows authorized devices on the home network to access the Internet but denies external access. It’s like a firewall but focuses on IoT and network security. Trend constantly updates it to ensure the latest bots and threats are detected. This $312 device (discounted for $238 includes a one-time purchase of the box) has software for three devices for one year and protects all network devices.

But there are several new cloud security antivirus/malware like Kaspersky’s Total security who do similar work.

Enable Wi-Fi encryption between router and device

Most routers have Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA 2), and Wi-Fi Protected Access 3 (WPA 3). Security experts advise that WPA 3 is best, but older devices (especially before 2016) don’t support it, so you may need to use WPA 2.

Many experts suggest using a VPN for all external traffic. Yes, you can, but it’s not easy to set up, so all router users use it, and it’s not free. Not all routers support VPNs either.

CyberShack’s point of view – Securing your home network is easy – often at no cost

  1. Change administrator passwords
  2. Regularly update the firmware
  3. Put the IoT on the guest network

The more complex your home network becomes, the more you’ll look to Trend’s solution, if only because it does everything for you.


Comments are closed.