Home Network Security Best Practices

Security Risk Assessment

Common Home Network Threats

Threat Type	Risk Level	Potential Impact
Unauthorized Access	High	Bandwidth theft, illegal activities traced to you
Malware/Ransomware	High	Data loss, device damage, financial loss
IoT Device Hacking	Medium	Privacy invasion, botnet participation
Man-in-the-Middle	Medium	Data interception, credential theft
DNS Hijacking	Medium	Redirected to malicious sites
DDoS Attacks	Low	Network unavailability

Router Security Hardening

Essential Security Checklist

✅ Change default admin credentials
✅ Enable WPA3 encryption (WPA2 minimum)
✅ Disable WPS completely
✅ Update firmware regularly
✅ Disable remote management
✅ Enable firewall
✅ Disable unnecessary services
✅ Use strong WiFi password (15+ characters)

Password Best Practices

Strong Password Example:

MyR0uter$ecur3@StarHub2024!

Mix of uppercase and lowercase
Numbers and special characters
No dictionary words
Unique for each device/service

Network Segmentation

Creating Security Zones

Trusted Zone - Work computers, phones
- Full network access
- Strong authentication required
- Regular security updates
Guest Zone - Visitor devices
- Internet only access
- Isolated from main network
- Time-limited access
IoT Zone - Smart home devices
- No access to trusted zone
- Limited internet access
- Strict firewall rules

VLAN Implementation

VLAN	Subnet	Purpose	Access Rules
VLAN 1	192.168.1.0/24	Management	Admin only
VLAN 10	192.168.10.0/24	Trusted devices	Full access
VLAN 20	192.168.20.0/24	Guest network	Internet only
VLAN 30	192.168.30.0/24	IoT devices	Restricted

Device Security

Securing Connected Devices

Computers & Laptops

Enable automatic OS updates
Install reputable antivirus
Use built-in firewall
Enable disk encryption
Regular malware scans

Smartphones & Tablets

Keep OS updated
Download apps from official stores only
Review app permissions
Use device lock screen
Enable remote wipe capability

IoT Devices

⚠️ IoT Security Alert: Many IoT devices have poor security. Always change default passwords, disable unnecessary features, and check for updates regularly.

Device Inventory Management

Document all connected devices
Record MAC addresses
Note default passwords changed
Track firmware versions
Schedule regular audits

Advanced Security Features

DNS Security

Secure DNS Providers

Provider	Primary DNS	Secondary DNS	Features
Cloudflare	1.1.1.1	1.0.0.1	Privacy-focused, fast
Quad9	9.9.9.9	149.112.112.112	Malware blocking
OpenDNS	208.67.222.222	208.67.220.220	Content filtering

IDS/IPS Configuration

Enable router's built-in IDS if available
Configure alerts for:
- Port scans
- Multiple login failures
- Unusual traffic patterns
- Known attack signatures
Review logs weekly

VPN for Privacy

Configure VPN on router for all devices
Use for sensitive activities
Choose reputable VPN providers
Enable kill switch feature

Parental Controls & Content Filtering

Time-Based Access Control

Create profiles for each family member
Set internet access schedules
Configure bedtime restrictions
Allow override for emergencies

Content Filtering Levels

Age Group	Filter Level	Blocked Categories
Under 10	High	All except whitelist
10-13	Medium-High	Adult, social media, gaming
14-17	Medium	Adult content, gambling
Adult	Low	Malware, phishing only

Monitoring & Alerts

What to Monitor

Bandwidth Usage: Unusual spikes may indicate compromise
Connected Devices: Unknown devices appearing
DNS Queries: Suspicious domain requests
Login Attempts: Failed authentication
Port Activity: Unexpected open ports

Setting Up Alerts

Configure email notifications
Set thresholds for:
- New device connections
- High bandwidth usage (>80%)
- Multiple login failures
- Firmware updates available
Use StarHub app for mobile alerts

Incident Response Plan

If You Suspect a Breach

Immediate Actions:
- Disconnect affected devices
- Change all passwords
- Check bank/financial accounts
- Document everything
Investigation:
- Review router logs
- Check for unknown devices
- Scan all devices for malware
- Look for configuration changes
Recovery:
- Factory reset if necessary
- Restore from clean backup
- Implement additional security
- Monitor closely for 30 days

Regular Maintenance Schedule

Security Task Calendar

Frequency	Task	Time Required
Daily	Check connected devices	2 minutes
Weekly	Review security logs	10 minutes
Monthly	Update passwords, check firmware	30 minutes
Quarterly	Full security audit	1 hour
Annually	Complete network review	2 hours

🔒 Security First: Remember, security is an ongoing process, not a one-time setup. Stay informed about new threats and update your defenses accordingly.