TickYouOff
Sign in
Back
🔒

Home Network Hardening

Medium 14 items · 45 min
testuser's avatar
testuser Published 2 weeks ago
Technical

This checklist helps homeowners and small-home-office users lock down their Wi‑Fi and router settings to reduce attack surface and protect connected devices. It focuses on practical, non-technical steps you can complete in about 45 minutes.

Progress
0 / 14
  1. Update router firmware — Use the router UI or manufacturer's site; back up settings before applying updates.
  2. Change default admin username and password — Create a unique username and long password; store it in a password manager.
  3. Disable remote administration / WAN management — Turn off web/SSH access from the internet to the router interface.
  4. Enable router firewall and intrusion protection features — Activate built-in firewall, SPI, and any IDS/IPS options available.
  5. Enable WPA3 or strongest available Wi‑Fi encryption — Choose WPA3; if devices don't support it, use WPA2‑AES (not TKIP).
  6. Set a strong, unique Wi‑Fi SSID and passphrase — Avoid personal info in the SSID; use a long passphrase for the network.
  7. Create an isolated guest network for IoT and visitors — Enable guest SSID and disable access to your main LAN devices (AP/guest isolation).
  8. Disable WPS (Wi‑Fi Protected Setup) — Turn off WPS to prevent PIN-based brute-force attacks.
  9. Disable UPnP on the router — Turn off UPnP unless absolutely needed; it can expose devices to the internet.
  10. Review DHCP leases and connected devices — Open the router's client list and identify each connected device.
  11. Limit DHCP range to needed addresses — Shrink the DHCP pool to match only the number of devices you use.
  12. Remove unknown devices and reserve MACs for trusted devices — Disconnect unrecognized devices and set static reservations for trusted hardware.
  13. Enable encrypted DNS (DNS‑over‑HTTPS or DNS‑over‑TLS) — Set DoH/DoT on the router or devices; use providers like 1.1.1.1 or 9.9.9.9.
  14. Consider router‑level VPN or use VPN on key devices — Install a VPN client on the router or run VPN apps on PCs/phones for extra privacy.
Sign in to save
📝 My Notes