6 August 2020

Keeping your home network secure

  1. Use a VPN that isn't part of 5 eyes or 14 eyes
    1. Reduce telemetry with O&O ShutUp
  2. Updates
    1. OS
    2. Apps, firmware, drivers
  3. Credentials
    1. Passphrases instead of passwords, or random passwords and a password manager
    2. Enable 2FA on all accounts
    3. Change default passwords on all IoT devices including the router
  4. Router
    1. Move to WPA3 and hide your SSID
    2. Disable WPS, UPnP, remote management, port sharing, update the router or move to one with granular control like creating a second network for IoT devices
    3. Disable DHCP and use static addresses and known MACs
  5. Services
    1. Disable remote access
    2. Disable Samba v1
    3. Pi-hole
    4. Secure DNS
    5. Disable bluetooth and any listening devices
  6. Internet
    1. Use an internet security product rather than just antivirus (e.g. sandboxed browsers for banking, phishing filter, granular control of incoming and outgoing apps)
    2. Use more than one AV product or set of tools
    3. On any downloads, check SHAs where possible and use VirusTotal, enable SmartScreen, run apps in sandboxes where preferable
    4. Setup a honeypot
    5. Network/IP/LAN monitors and scans including scanning from the internet for open ports
  7. Isolation
    1. Use VMs
    2. Wipe and reinstall your machine regularly (attendees of Black Hat conferences go as far as to dump their laptops afterwards)
    3. Encrypt your HDD/SSD
    4. Route all traffic through a local gateway/proxy
  8. Physical security
    1. Turn things off when not at home
    2. Don't leave any devices on display - lock them away when not using them
    3. Scheduled offsite backups
  9. Use Linux