Router Security Basics
- Change default password immediately
- Update firmware regularly
- Disable remote management
- Disable WPS (insecure)
- Change default SSID
WiFi Security
Use WPA3
If your router supports it, use WPA3. Otherwise, WPA2 with AES is acceptable. Never use WEP or WPA (without 2/3).
- Use a strong, unique WiFi password (15+ characters)
- Create separate guest network for visitors
- Hide SSID if you want (minor security benefit)
IoT Device Security
IoT = Internet of Threats
Smart devices are often poorly secured. Isolate them on a separate network segment.
- Create VLAN for IoT devices
- Update device firmware regularly
- Change default credentials
- Disable features you don't use
Network Monitoring
- Pi-hole - Network-wide ad/tracker blocking
- Fing - See all devices on network
- Wireshark - Deep packet analysis