Home Cybersecurity updated
I have wanted to update my network cybersecurity and tell you all of the things that I have learned. This will be a series of updated in-depth articles that will help you to setup your own cybersecurity in your own home. I know that this is going to be an ambitious project, but it seems that it is needed for many people and would be appreciated by some. Take a moment to comment and to sign up for my newsletter (Just monthly – no spam).
Here are some of the things that we will cover in detail to make your home cybersecurity much more bullet proof.
You might think this is self-evident, but with IOT and phones and networked printers it really is a needed step. I found several devices that I didn’t know were plugged in to my WiFi network and two that were in rooms that I had forgotten. Listing all the devices will help you to sort through things and categorize them. This will help your home network security. The first thing to find out what you have so you can protect your devices.
Here is a spreadsheet to download (First Draft) to get you started. I will provide details how to use it and fill it out in an upcoming article.
2. Network Topography
Network Topography is simply how devices are connected to each other and to the internet. This is done two ways, wired and wireless. The wired part is Ethernet and the wireless is WIFI. Planning out where the wires go, the type of wire, and how many to each room is important.
Figuring out the coverage of your WIFI and where it is weak will tell you where to put repeaters or a mesh setup. I will go over the decisions I made with my home and give some guidance on making your own for your house.
I will go into where to plug things in and how I ran the wires to them.
3. A Physical Firewall – Updating home Cybersecurity at the start of the network
There are many who have software firewalls on their computers and routers. These are just programs that while they are OK, the really are not enough to fully protect our networks from nefarious individuals who are already on the network itself. One of the main advantages is stopping the bad guys before they get to your computer.
Turning off many software firewalls is very simple. We want to have a dedicated “box” to filter out the good from the bad before it is allowed on the network. I went with a dedicated Open-Source solution that is not difficult to set up and will actually speed up your network. It filters out a lot of the trackers, ads and such before I would see them.
4. A “Smart” Switch
A “Smart Switch” is sometimes called a managed switch. This means that you can do much more with it and the traffic that passes through it than one that is UN-managed. What I will show you how to do is make something called a VLAN. A virtual local area network is a logical sub-network that groups a collection of devices from different physical LANs. VLANs also bring security benefits to larger networks by allowing greater control over which devices have local access to each other.
Think of one VLAN being a “Guest network” for all of those “Untrusted” IOT devices that are currently able to see everything on your network. With a VLAN they can only talk to other IOT devices and the internet and can’t see your “Private” internal network.
VLANs can also do many more things which I will talk about and help you weigh the pros and cons of also. Seeing that I do work a lot on computers, I needed a bigger switch than many with more modest needs might choose. I chose a D-Link Ethernet Switch – 48 Port POE, but you could use a smaller D-Link Ethernet Switch – 24 Port POE also.
I needed to up the speed of my WIFI. The poor combo router that I was paying for with the internet service provider was no longer cutting it. My wife likes to stream movies and sometimes they lag a bit which is annoying for her and I understand her frustrations (I hear about them a lot). My solution is to get a new one that is faster and that means WIFI 6. This will also help the cell phones and the IOT devices.
6. DNS – Using one that you can control
I like using a DNS that protects my privacy and doesn’t sell my information. Unfortunately this means that I have to do some research (which I have done) and figure out how to configure it to weed out the things I do not want (which I have also done). The winner is (drum roll please) – NextDNS. You can get a free account there and for most this will be good, but for under $20 per year you can show them your thanks.
I will walk you through how to configure the settings and make adjustments you need.
7. Truly Private Email
We all want private email. Unfortunately email is not really private. It is the difference between sending a letter in a sealed envelope and a postcard. Much more on that and how to get it as I help you through becoming more private.
8. Reputable VPN
There are many VPN’s out there. Like everything else, most are not worth the money and do little or nothing to really protect your privacy and security when you are using them. I have found one that I personally endorse and use: Proton VPN. It “checks all the boxes” for me. They are in Switzerland, known for their privacy laws. No Logging, fast servers, and their software is open source and audited.
Tying it all together and setting up your home cybersecurity the right way
First, thank you for reading this all the way through. It is a long journey that I want to take you on. By the end of the process your home cybersecurity will be much better and you will know a lot of things to protect your information and privacy. Your input is needed to make this happen. Comment below to help me out.
Some of the links on this website are affiliate links, which means that the owner(s) of this website may earn a small commission if you click on the link or make a purchase using the link. When you make a purchase, the price you pay will be the same whether you use the affiliate link or go directly to the vendor’s website using a non-affiliate link. When browsing this website, you should apply the assumption that all links to external websites are affiliate links, unless stated otherwise.