Security isn’t just about preventing bad things from happening. While it’s always better to avoid breaches and malware, you have to also be prepared to diminish damage when they happen. One of the best, time-tested strategies for mitigating the effects of a break-in is compartmentalization. Submarine compartments all have water-tight doors that can be sealed during combat so that if one of them is flooded, the others won’t be. You home WiFi network has a similar feature that you’re probably not using: the guest network.
When I took my kids to the pediatrician’s office, there was always a separate area in the waiting area for sick kids. If you thought your child might be contagious, you were asked to sit apart from the other, healthy kids. If you’re not sure, you err on the side of caution.
We should think of our internet-connected devices in the same way. As I like to say, the “S” in “IoT” is for “security”. Everything is connected to the internet today… doorbells, TVs, baby monitors, light switches, thermostats, appliances and even toys. That means that these devices have computers, run software, and could be exposed to attackers around the world. Sadly, security on these devices is usually an afterthought, if it’s a thought at all.
But it’s not just the devices we own that we have to worry about. When we invite people into our homes, they’re packing multiple devices that might want to connect to our WiFi network: smartphones, tablets, laptops, eReaders and more. While it’s not likely that someone would try hack your home network deliberately, it is possible that your guest is carrying a device that’s vulnerable to hacking or has already been compromised without their knowing it.
Set Up Your Guest Network
Almost all modern WiFi routers today have a guest network feature. A guest network is a special, secondary WiFi network that is kept digitally separate and segregated from your regular WiFi network. While all the devices connected to your WiFi router will have access to the internet, devices on the guest network will have no way to connect to devices on your regular home network. This is network compartmentalization and it’s an excellent security technique.
To set up your WiFi router’s guest network, you’ll need to log in to the administrator portal. The simplest way to connect to the portal is to type your router’s IP address into your web browser while connected to your network. To find this address, look at your router – it’s often printed there on a sticker. If not, check one of these articles for help find it.
Now you need to log in. You’ll need the default password, which is either printed on the device or in your user manual. (Do a web search on your router’s make and model to get the manual.) The router’s manual will tell you how to set up the guest network. Every router maker does it a little differently. Once you get into the portal, you’ll need to find and enable the guest network. Give it a nice name and strong password.
While you’re there, change the default admin password for your router, if you haven’t already. Make it unique and strong, and store it somewhere safe. (Password managers are built specifically to generate strong passwords and store them securely.)
How to Use the Guest Network
Use your guest network in two key ways. First, when house guests ask to connect to your WiFi network, give them the credentials for your guest network. It’s not about trusting them – it’s about trusting their devices. If they just want access to the internet, the guest network is just as good as your regular network. You can even print up a handy QR code that they can scan so they don’t have to type in the info. Post it on the fridge or something.
Second, put as many of your home IoT devices on the guest network as you can. Most IoT devices only need to talk to the internet and perhaps other peer devices, so the guest network will work perfectly. However, some IoT devices require a direct, local network connection to your computer or smartphone on a regular basis. In those cases, you’ll have to connect the device to your main network. Sometimes the device only requires this sort of connection for initial setup, though. In that case, temporarily switch your smartphone or laptop to the guest network to complete the setup process, and then switch back to the main network.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!