1. The National Security Agency (NSA) offers a comprehensive guide to help teleworkers protect their home networks from cyber threats. It covers securing various devices, from computers and mobile phones to IoT devices.
2. NSA Guide

1. This guide by ProPrivacy covers crucial aspects of WiFi security for both home and public networks, including how to access your router’s admin panel and change encryption settings.
2. ProPrivacy Guide

1. ProPrivacy also offers actionable tips to check the security of your home network and ensure it’s secure against potential intrusions.
2. ProPrivacy Tips

1. Kaspersky’s guide starts with changing your network’s name (SSID) and covers more steps to secure your home network effectively.
2. Kaspersky Guide

CISA Home Network Security

Configuration Recommendations

Wireless Router Configuration

Factory Reset Router

If you have not had total control of the router since it was activated, you should factory reset it using the physical reset button (long press the small button) or through the admin portal. This is important as the router could already be exploited by backdoors, services, or users. #### Logging In Access Admin Portal: You must access the admin page, typically by going to 192.168.1.1 in a browser. However, your router’s IP can differ, so check your network settings.

Logging In to the Admin Portal: The admin password is typically found on the router physically or maybe something that you can search online for, such as:

Router_Brand "default admin" ("password" OR "credentials")

Common Router Configuration

Secure your router effectively by following these key steps, each designed to enhance the security and performance of your network:

Change the Default Admin Password: The default password is often simple and known to attackers, making it imperative to change it to prevent unauthorized access. Use a password manager # Access your router’s admin panel through a web browser. # Locate the settings for the administrative password or router password. # Change the default password to a strong, unique passphrase. # Save the changes. Enable WPA3 Encryption: The latest encryption standard, WPA3, significantly improves network security by making it harder for attackers to crack passwords. # In the router’s admin interface, find the wireless or security settings. # Look for the Wi-Fi encryption options and select WPA3. If WPA3 is not available, select WPA2-PSK as an alternative. # Generate and Save password with a password manager # Apply and save the settings. Disable WPS (Wi-Fi Protected Setup): While WPS offers convenience by allowing users to connect to the network easily, it also poses a security risk and should be disabled. # Navigate to the wireless or WPS settings within the router’s admin interface. # Find the option to disable WPS and select it. # Save your changes. Update Firmware Regularly: Firmware updates often contain security enhancements and bug fixes, making it crucial to keep your router’s firmware up to date. # Go to the system or firmware update section of your router’s settings. # Check for any available firmware updates. # Download and install the update following the on-screen instructions. Restart the router if required. Separate your IoT devices from your main devices: Internet of Things (IoT) devices (i.e. TV streaming sticks, smart lights, smart speakers, etc.) increase attack surface and if compromised, can be used to access other devices on your network. IoT devices often won’t have as robust security architecture/programs as your main devices. # Authenticate IoT devices to only a single network # Recommend 2.4 GHz Guest network (many IoT devices won’t be 5 GHz compatible) # Authenticate main devices (i.e. computers, cellphones) to a different network on your router Disable Remote Management: Remote management can be a vulnerability if not used securely, allowing potential external access to your router’s settings. # Locate the remote management or WAN management settings in the router’s admin interface. # Ensure remote management is turned off or set to the most restrictive setting possible. # Save the changes. Use a Guest Network: A guest network isolates visitors’ internet use from your main network, safeguarding your personal data. The guest network isolates your devices and the admin portal from devices on that guest network. DO NOT let guests on to your main (non-guest WIFI) # Find the guest network settings in your router’s configuration. # Enable the guest network feature and set a unique SSID (totally unassociated from your main WIFI) and password. ## Generate and Save password with a password manager # Configure the network to isolate guest users from your main network. # Save and apply the settings. Create a Backup: Saving a backup of your router’s settings ensures you can quickly restore your network’s configuration in case of a reset or error. Save backup to password manager # Look for the backup or save settings option in the router’s admin panel. # Follow the prompts to create a backup of your current settings. # Store the backup file in a secure, encrypted drive. DNS Configuration: Changing your DNS settings can not only speed up your internet connection but also add an additional layer of security by blocking malicious sites. # Log into your router’s admin interface. # Navigate to the DNS settings section. # Replace the default DNS server addresses with a more secure and faster DNS service. Recommended options include: # Cloudflare: 1.1.1.1 and 1.0.0.1 # Quad9: 9.9.9.9 # Save your changes and reboot the router if necessary.

Travel Router Configuration

To ensure security and efficiency while using a travel router, follow these configuration steps:

Connection Methods: Choose how to connect based on your needs. # For Ethernet: Plug the Ethernet cable from the modem or another network connection into the travel router. # For Wireless: Access the travel router’s network settings and configure it to connect to an available Wi-Fi network as a client. WIFI Name (SSID): Customize your network name to avoid identification. # In the router’s settings, find the Wi-Fi or Wireless section. # Change the SSID from the default to something unique that doesn’t disclose personal information. # Save the changes. Wireless Power (Range): Adjust to manage the coverage area. # Locate the wireless settings in your router’s admin interface. # Look for a transmission power setting and adjust it accordingly. Lower it to reduce the range if needed. # Apply the changes. Whitelisting: Allow only known devices to connect. # Find the MAC Address Filtering or Access Control section in the router settings. # Enter the MAC addresses of the devices you wish to allow. # Enable the filtering and save your settings. Regular Factory Reset (Restore from Backup): Maintain a clean state. # Perform a factory reset via the router’s admin interface or a physical button, typically held for a few seconds. # After resetting, access the router and restore settings from a previously saved encrypted backup file to quickly return to your preferred configuration.

Security Audits: Ensure your travel router remains secure.

1. Regularly log into the router's admin interface to check for firmware updates.
2. Review the security settings to make sure they are still optimal.
3. Check the device list to ensure that only authorized devices are connected.

Advanced Features in Routers

Maximize network security with these advanced configurations:

VPN

VPN Client: All devices can use a single VPN connection, providing security and privacy across the network. # Access the VPN section in your router’s settings. # Select the option to enable a VPN client. # Enter the VPN service details, including server address, username, and password. # Save the settings and connect. VPN Server: Enables devices away from home to connect through a VPN to the home network, securing remote access. # Within the router’s VPN settings, find the option to set up a VPN server. # Configure the server settings, such as the VPN protocol and port. # Enable the VPN server and note the connection details for remote access.

Flash Open Source Router Firmware

See the recommended router firmware on privacy guides ##### Firewall Configuration

A robust firewall configuration is critical in safeguarding your network by scrutinizing and controlling incoming and outgoing traffic based on predetermined security rules.

Custom Rules: Creating custom firewall rules allows you to fine-tune which traffic is permitted or blocked, giving you control over the security of your network. Explanation: Custom rules can be based on IP addresses, domain names, protocols, and ports. For example, you might want to block all traffic from a known malicious IP or allow traffic only on certain ports. # Log into your router’s admin interface and navigate to the firewall settings. # Look for an option to create new rules or edit existing ones. # To create a new rule, specify the criteria (such as source IP, destination port, protocol) and action (allow or block).

• # Save your new rule and ensure it’s activated. Review the order of rules if your firewall processes them sequentially, to prevent conflicts.

Intrusion Detection and Prevention (IDP): These systems monitor network traffic for suspicious activity and potential threats, automatically taking action to block or alert based on predefined policies. Explanation: Intrusion Detection Systems (IDS) alert you to potential threats, while Intrusion Prevention Systems (IPS) actively block them based on detected anomalies, patterns, or known attack signatures. # Within the router’s admin interface, find the security or firewall section and look for IDP options. # Enable IDS or IPS features. Some routers might offer customization options, like sensitivity levels or specific signatures to monitor. # Configure the system according to your needs, such as setting up alerts for IDS detections or specifying automatic blocking actions for IPS.

• # Save your settings and monitor the logs to adjust configurations based on the threats detected.

Device-Level Protection: Applying firewall rules per-device basis allows for more granular security policies, ensuring that devices with different security levels have appropriate protections. Explanation: This feature is particularly useful in environments with a mix of device types and security requirements. It allows you to tailor security settings for each device, such as IoT devices, which might be more vulnerable. # In the router’s admin interface, navigate to the device management or firewall section, where device-level settings can be adjusted. # Select a device from the list of connected devices. You may need to identify them by IP address, MAC address, or device name. # Configure custom firewall rules for the selected device. This might include limiting connectivity to certain services or blocking all inbound connections.

• # Save the configurations for each device. Repeat the process as necessary for other devices requiring specific rules.

Recommended Routers

Recommended Travel Routers

For secure internet access on the go, consider the following travel router:

GL-E750 / Mudi 4G mobile wi-fi router (“Mudi router”) Purchase Links: Shop GLiNet Shop Amazon Travel Router Guide: For an in-depth guide on configuring and using the Mudi router, visit the hackliberty guide here.

Recommended Home Routers

(Here, you might want to list recommended models or brands for home routers, focusing on those known for their security features and ongoing support.)