IPFYI
🏠 Home Networking 9 分钟阅读

Home Network Security Checklist

A practical security checklist to protect your home network from common threats including default credentials, open ports, and unpatched firmware.

Why Home Network Security Matters

Your home network is the gateway to every device you own — computers, phones, cameras, smart speakers, and more. A compromised router gives attackers access to all of them.

Common attack vectors against home networks:

  • Default credentials — Many routers ship with admin/admin or admin/password.
  • Outdated firmware — Unpatched vulnerabilities are actively exploited.
  • Open management ports — Remote management interfaces exposed to the internet.
  • Weak Wi-Fi encryption — WEP and WPA are cracked trivially.

The Security Checklist

1. Router Configuration

  • [ ] Change the admin password — Use a strong, unique password for the router management interface. Never leave it as the factory default.
  • [ ] Update firmware — Check for updates monthly or enable auto-update if available. Firmware patches close known vulnerabilities.
  • [ ] Disable remote management — Unless you specifically need to access your router from outside your network, turn off WAN-side management (HTTP, HTTPS, SSH, Telnet).
  • [ ] Change the default SSID — Avoid names that reveal the router brand (e.g., "NETGEAR-5G"). A custom name does not hide your network but removes easy fingerprinting.

2. Wi-Fi Security

  • [ ] Use WPA3 — If all your devices support it. Otherwise, use WPA2-AES (never WPA or WEP).
  • [ ] Disable WPS — Wi-Fi Protected Setup has known vulnerabilities. Turn it off.
  • [ ] Use a strong Wi-Fi password — At least 12 characters, random. The Wi-Fi password protects your entire network.
  • [ ] Create a guest network — Visitors get internet access without reaching your internal devices.

3. Network Segmentation

  • [ ] Separate IoT devices — Put smart home devices on a separate VLAN or guest network. A compromised smart bulb should not be able to reach your laptop.
  • [ ] Isolate untrusted devices — Gaming consoles, smart TVs, and other closed-source devices get their own segment.

4. DNS and Filtering

  • [ ] Use encrypted DNS — Configure DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) on your router. Cloudflare (1.1.1.1) and Google (8.8.8.8) both support encrypted DNS.
  • [ ] Enable DNS filtering — Services like NextDNS or Pi-hole block malware domains, ad trackers, and phishing sites at the network level.

5. Monitoring

  • [ ] Review connected devices — Periodically check your router's client list. Investigate any unknown devices.
  • [ ] Enable logging — Router logs can reveal unauthorized access attempts, repeated failures, and suspicious outbound connections.
  • [ ] Disable UPnP — Universal Plug and Play lets devices open ports automatically. Disable it and manually forward only the ports you need.

Quick Wins That Take 5 Minutes

If you do nothing else, do these three things today:

  1. Change your router's admin password.
  2. Update the firmware.
  3. Disable remote management and WPS.

These three steps eliminate the majority of home network attacks.

另请参阅

Bluetooth 词汇表 MAC Address 词汇表 SSID 词汇表 Wi-Fi 词汇表 WPA 词汇表 ASN 词汇表 BGP Hijack 词汇表 Data Center 词汇表 Fiber vs Cable Internet 比较 5G vs Fiber Internet 比较 Traceroute vs Ping 比较 DSL vs Fiber Internet 比较