Skip to content

Cybersecurity@Home

Home - Network Security Information for the GW Community

GW cybersecurity risk and assurance staff have created GW community resources focused on cybersecurity considerations for home networks.  The following resources provide both context and direct technical configuration detail.  The goal of this information is to support of GW community members as they understand and secure their personal home networks.  Please note, GW IT cannot provide specific support for personal networks, devices, or software not owned, managed or licensed centrally by GW.  

  • Securing Home Networks - Threats
  • Securing Home Networks – Gateways and Routers
  • Securing Home Networks – Parental Controls
  • Securing Home Networks – IoT Devices

Securing Home Networks – Threats

GW IT Risk and Assurance provides various information and resources through workshops and webinars as well as posts to our blog site.  The team has compiled the following resources that provide both context as well as direct technical configuration details in support of GW community members securing their personal home networks.  Please note, GW IT cannot provide specific support for personal networks, devices, or software not owned, managed or licensed centrally by GW. Home networks and they devices they connect increasing are a major component to our daily lives.  Technology has enabled traditional services like cable television or traditional phones lines (POTS) to be transitioned to data networks.  The technologies that connect our homes to the internet also provide critical internal data access, management, and distribution capabilities. This post highlights both threats specific to home networks as well as connected devices.  Home network expansion to more aspects of our lives increase the importance of understanding threats and mechanisms to reduce vulnerabilities.  It is important to remember that while threats exist, protection, detection, and remediation capabilities are becoming more sophisticated and in many cases easier to use.

Internet Connectivity Creates Global Access 
Potential to Home Networks

Threat – Gateways or routers connect your home network to the Internet Service Provider network and global internet.  These devices are targeted directly as well as potentially providing attackers access to devices on your home network.  They are essentially the front door to your home network.

Core to successful service delivery on the internet is having an assigned internet address or IP address.  Internet Service Providers (ISPs) provide internet addresses for our use.  There are different means that this occurs, but generally, each home will have a visible internet address that is assigned to the gateway or router in the home.  These addresses maybe variable or fixed, but either way they provide attackers a means to specifically target your network from anywhere on the global internet.

Key takeaway: Securing your Gateway or Router as the connection point between your home network and the ISP is critically important.

Wireless Services Expose Home Network Outside the Home

Threat – Most home networks have WiFi services or Wireless network services enabled.  Attackers and even pranksters can attack your network wirelessly from outside your home.

Whole house WiFi or wireless capabilities remove dependency on wired connections, enhance expanded home based automations, and significantly enhance internet utility.  Wireless services are often embedded in ISP gateways or routers.  Whether your internet connection and wireless home network services are provided from one device or multiple devices, securing access to your wireless network is no less important than securing your network from internet threats.  Extensive coverage of your residence often results in your wireless network being visible to both hackers and pranksters outside your home.  Wireless networks provide access points which have a name or SSID.  This name is what others may be able to see when attempting malicious access.  Almost all residence will be able to ‘see’ neighbor’s wireless access point names/SSID, often containing the neighbor’s name or address.  While your neighbors may not present direct threats, remember that their wireless network is also connected to the internet and any compromises of their home network or devices, could provide a hacker access to view local access points.   Also, malicious actors can practice wardriving and simply drive by homes with WiFi scanners searching for potential targets wireless networks.

Key takeaway: Wireless networks provide exceptional network flexibility, but also area an avenue of malicious activity from outside your home.

Securing Home Networks – Gateways and Routers

Gateways or routers provide the critical inter connection between your home network and the Internet Service Provider (ISP) providing you internet connectivity.  Your Gateway / Router may also provide security protections and wireless services. Many people use the equipment provided by the ISP, but iether with your own equipment or ISP provided equipment, your home networks security is dependent on understanding the settings and configurations of these devices.

Gateways provide connection and data transmission between
Internet and home-based devices.

Gateway / Router - Functions

  • Enables Internet access – ensures data (packets are delivered correctly)
  • Connects to Wide Area Network (WAN) provided by Internet Service Provider (ISP)
  • Provides management of Local Area Network (LAN)
  • Can provide firewall and service / security controls for home network
  • Support online activities 
    • Streaming video (Television Channels, Netflix, etc)
    • Voice Services
    • Web Browsing
    • Online Gaming
    • ....

Gateways support modern conveniences and necessities

Reducing Vulnerabilities with Configuration Changes

It may not be feasible to implement every recommendation presented.  However, individually and collectively these configuration recommendations will reduce home network vulnerabilities.  For many, these are settings that appear in the 'basic' configuration level of gateways. 

  • Change the administrative credentials from default username and password
  • Change the network name, SSID, as default names can provide attackers information about your security posture that can be used in their attacks
  • Don’t use identifying information like names, street or apartment numbers.
  • Set a good access password using good password hygiene (unique, complex etc.)
  • Enable WPA2  encryption,  ideally WPA3, if available, avoid using WEP.
  • Investigate / Set Parental Controls
  • Configure Guest Network
    • Separates guest access from primary home network; Use for smart-home or IoT devices
    • Use 5-GHz band for Wi-Fi instead of 2.4-GHz band (devices may not support 5 GHz)
      • 5-GHz band signal travels less distance than the 2.4GHz band
  • Disable Wi-Fi Protected Setup, if possible – note this capability can expedite initial setup, but disable when not connecting devices.

Securing Home Networks – Parental Controls

There have been parental controls for television content for many years.  Similar in context to television parental controls, both devices and your home network have settings for parental controls.  This post addresses resources available from service providers and vendors.

DMV Internet Service Providers (ISPs) – Parental Control Resources

Internet Service Providers (ISPs) are core to internet connectivity and network security at home.  The following information focuses on Parental Control solutions available from the primary internet service providers in the DC, Maryland, and Virginia area.  The following resources are specific to implementing Parental Controls on ISP provided gateways (also known as routers).   

Note – some ISPs provide additional software to subscribers. For example, Cox provides a Cox Security Suite that offers additional controls.  ISPs may also provide device security software such as antivirus or antimalware.

Securing Home Networks – IoT Devices

Reducing Device Vulnerabilities through Knowledge and Configuration Changes

The Broadband Internet Technical Advisory Group (BITAG) published a report, Internet of Things (IoT) Security and Privacy Recommendations outlining vulnerabilities as well as recommendations on securing IoT devices.  These recommendations are not specific to devices or manufacturers, but provided details on the threat landscape and best practices at planning and operational levels.

Forbes published 20 Expert-Approved Tips for In-Home IoT Security in 2024.   These tips include the following items, the article provides additional details and explanation of each.  For our community, the key items are highlighted and grouped for use.  The reference numbers are based on the original article and remain to facilitate cross referencing the original item and details.  Each item below is followed by GW focused comments.

Securing IoT Solutions - Change Default Names and Passwords

1.  Change Default Passwords and Enable Multifactor Authentication

For the GW community this is our top recommendation for all devices, accounts, services that you are accessing.  See our blog posts on Passwords, Multifactor Authentication, and Password Managers for more information.

2.  Establish Separate Passwords and Networks

This can be simply approached by using your guest network for some IoT devices, those that do not collect or process your personal information, including video).  Generally, this is a more advanced security approach.

Selecting IoT Solutions - Research, Review [Security] Features, Focus on Essential Functionality

5. Research Known Vulnerabilities

Google is your friend here as you can search for products, security capabilities, and vulnerabilities based on impartial reviews, customer experiences, as well as vendor provided information.  Solution research should include features and security considerations.

15. Learn The Device’s Capabilities During Setup, 19. Buy Encrypted, Secure Versions Of Devices, 9. Review Security Standards Prior To Purchase

Note numbering corresponds to source material from Forbes published 20 Expert-Approved Tips for In-Home IoT Security in 2024.

While this is reasonable advise, you can also review installation manuals prior to purchase to better understand security capabilities and the ease of configuring these.  If you cannot understand how to use some of the settings, particularly those recommended here, then you may want to reconsider whether the device.

10. Consider Whether Devices Really Need To Connect To Your Network

Not every IoT device needs a network connection.  Some will connect to other products wirelessly but may not need to use WiFi.  In some cases, limiting network access may impact features, but in the example of television sets with network capabilities.  If you have external devices to stream content, perhaps your television itself does not need to be connected to the network.

11. Disable Features You Don’t Use and 20. Question Overly Complex or Intrusive Devices

Applicable to setting up devices, this recommendation also aligns with you choosing and reviewing devices.  Don’t feel that the device with the most extensive feature list is the one that you need.  Remember, advanced or complex features can complicate use and configuration as well as potentially manage more of your personally identifiable information. Also as with smartphone apps and other technologies always question what data is collected, how it is used, and look for ways to restrict data collection wherever possible.

Maintaining Secure IoT Solutions - Monitor and Update Network and Connected Devices 

Note numbering corresponds to source material from Forbes published 20 Expert-Approved Tips for In-Home IoT Security in 2024.

18. Monitor Network Traffic

This is an important aspect of maintain your home network.  Gateway and router vendors are making monitoring easier.  However, in many cases this can be complex and require more advanced knowledge.  For most people, establishing preventative measures using tips in the securing your Gateway / Router in this post will result in good security prevention. 

16. Ensure You’re Aware Of All Connected Devices In Your Home

Reviewing connections is relatively straightforward for may Gateway / Routers.  In additional to reviewing connected devices, most solutions provide easy ways to block items.  You can also name (some devices will have complicated or undecipherable names). 

Pro tip: investigate how you can also name devices such that when connected to your network show a recognizable name, this is most straightforward for computers, but other devices may also provide this feature. 

Note: GW device names may be strange looking, but they are often a combination of name (based on deployment school and department) and serial number.

6. Update Firmware Regularly

See our post on advanced Gateway / Router secure configurations for more information on this topic.

 

unofficial GW hippo mascot holding a lockThis post is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

 

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.