Your Home Network Is Probably Not as Secure as You Think. Here's How to Check.

My work laptop, my NAS drive, my home server, three other people's laptops, and about eleven "smart" devices I can barely remember buying all share my home network. That's a lot of attack surface for what is essentially a single shared Wi-Fi password and a router running firmware from 2021.

After spending time on network security professionally, I finally got around to auditing my own setup. Here's what I found and what I changed.

Start Here: Your Router

The router is the foundation, and most people have never touched its settings after the initial setup. Log into your router admin panel (usually 192.168.1.1 or 192.168.0.1, the password is on the label on the back) and check:

• Firmware version: If it hasn't been updated in over a year, update it now. Router vulnerabilities are discovered regularly and exploited by botnets that scan for vulnerable devices.
• Default admin password: Change it. Botnets try default credentials against every router they can reach.
• Remote management: Turn it off unless you specifically need it. This is the "access router admin from the internet" setting.
• UPnP: Disable it. UPnP allows devices on your network to automatically open ports in your firewall. This is convenient and a security nightmare.

Your Wi-Fi Network

Check your Wi-Fi security protocol. WEP is broken and crackable in minutes. WPA is crackable with modern hardware. WPA2 is acceptable but WPA3 is significantly better and most devices newer than 2019 support it. If your router supports WPA3, enable it.

Guest networks aren't just for guests. Put your smart devices (TV, thermostats, light bulbs, appliances) on a guest network that can't access your main network. These devices often run outdated firmware and are regular targets. Isolating them means a compromised smart bulb can't reach your laptop.

Your Devices

Run a network scan to see everything connected to your network. On Mac and Linux, nmap -sn 192.168.1.0/24 gives you a list. You may find devices you'd forgotten about or devices you don't recognise (these can be old devices you forgot, or someone using your network without permission).

For each device you care about: ensure automatic updates are enabled. Many people disable them on computers to avoid inconvenient restarts. The security cost is real.

DNS

Changing your router's DNS servers to a security-focused provider like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) adds a layer of protection against known malicious domains without requiring any device-level changes. Quad9 specifically blocks DNS requests to known malware and phishing domains at the DNS layer, which stops a lot of automated attack traffic before it reaches your devices.

The One Thing Worth Paying For

If you regularly work with sensitive data from home, a commercial VPN for your work traffic is worth the cost. Not because your ISP is actively targeting you, but because it encrypts your traffic on networks you don't control and is a reasonable precaution when your home network has devices you don't fully trust (looking at you, everyone's smart TV).

Home network security isn't about being paranoid — it's about not being the easiest target on the subnet. Most automated attacks look for the path of least resistance. Close the obvious doors and you eliminate the vast majority of the risk.