Home security help

[Cevesha]

Hey, recently I've been getting more worried about my home security setup. I have my ISP router, it's actually a good router I configured a vlan on it for guests and my private network, I'm not sure which firewall it's using and I'm using WPA2 on the WiFi.

 

I was thinking of getting a router to just to router job and two access points. Should I also get a firewall ? 

Anything else I maybe should do to increase my web security?

 

Thanks 

[Lurick]

None of that will improve your security much at all, if what you have now does the job then leave it. Unless you're willing to drop thousands or more on a firewall capable of doing TLS 1.3 decryption and configuring it and setting it up what you have now is fine. I would worry more about endpoint security over spending money that isn't needed. If your wifi coverage is lacking then you can add access points sure but if it's fine then leave it alone too.

[wseaton]

Don't click on sketchy emails or open attachments.

 

There, I've reduced your security risk 75%.

 

Unless you are running infrastructure in a petroleum plant in Ukraine the odds are remote of anybody caring about your network. Hackers want big targets to ransomware. They also rely on you to initiate the attack by clicking on something or installing something you shouldn't. 

.

Firewalls have little proactive value in small home networks. Keeping smart devices from phoning home is the biggest benefit. 

[Falcon1986]

22 hours ago, Cevesha said:

Hey, recently I've been getting more worried about my home security setup.

Explain what you mean by this. It might help us give you better advice.

[Cevesha]

On 8/31/2022 at 4:58 PM, Lurick said:

None of that will improve your security much at all, if what you have now does the job then leave it. Unless you're willing to drop thousands or more on a firewall capable of doing TLS 1.3 decryption and configuring it and setting it up what you have now is fine. I would worry more about endpoint security over spending money that isn't needed. If your wifi coverage is lacking then you can add access points sure but if it's fine then leave it alone too.

I'm not sure if I'm over paranoid I'm just worried about my online privacy like getting my bank details stolen. 

Been recommended lots of articles about how easy it is to steal email details so idk if I should use a secure email service for my banks and other stuff and Gmail for throw away.

 

That's overall my worries someone taking smth like my bank details or someone gaining access to my phone camera or mic. 

 

I'm not sure if I should even take those articles seriously or mby take them with a grain of salt 

[LIGISTX]

3 hours ago, Cevesha said:

I'm not sure if I'm over paranoid I'm just worried about my online privacy like getting my bank details stolen. 

Been recommended lots of articles about how easy it is to steal email details so idk if I should use a secure email service for my banks and other stuff and Gmail for throw away.

 

That's overall my worries someone taking smth like my bank details or someone gaining access to my phone camera or mic. 

 

I'm not sure if I should even take those articles seriously or mby take them with a grain of salt 

Use a password manager so every account used a totally unique password. This way no one can use a password which was dumped onto the internet by a hack of, say, some random online store, to also get into your bank. A password manager allows you to use a different random password for everything. 
 

Also, 2 factor everything. Especially your gmail. Your email is the gateway to everything… it’s how you password reset accounts. If someone has your email, they might as well be you. Set up 2 factor authentication on your gmail, and on everything else you can. Whenever you have the opportunity to use 2fa (2 factor authentication), use it. This will DRASTICALLY reduce your threat surface.

[Cevesha]

On 9/1/2022 at 10:29 PM, LIGISTX said:

Use a password manager so every account used a totally unique password. This way no one can use a password which was dumped onto the internet by a hack of, say, some random online store, to also get into your bank. A password manager allows you to use a different random password for everything. 
 

Also, 2 factor everything. Especially your gmail. Your email is the gateway to everything… it’s how you password reset accounts. If someone has your email, they might as well be you. Set up 2 factor authentication on your gmail, and on everything else you can. Whenever you have the opportunity to use 2fa (2 factor authentication), use it. This will DRASTICALLY reduce your threat surface.

Ty will do. At my work we use keypass I also have 2FA.

I appreciate the responses tho

[DogKnight]

General best practices are your best bet.

- Make sure accounts have unique and strong passwords (password managers make this possible)

- Use different email accounts for different services. E.g. accounts for random forum signups, different accounts for gov services or finance

- Use 2FA wherever you can. Use a token generator and not SMS if possible. 

- Don't download anything from a less than reputable site

- Have some anti-malware solution running. This could be defender or another vendors solution.

- Separate guest network for visitors and / or IOT devices.

- Keep everything updated. Most updates contain security fixes.

 

There are lots of articles out there that cover best practices and I am sure there are many I have left off. 

Often criminals go after the weakest links. They often use 'spray and pray' approaches. In other words, they spread their efforts far and wide and hope for results. 

You just need to make sure you are doing more than the average person. 

I forget the wording, but there was a good quote that sums it up well. 

"If you and someone else are being chased by a lion, you don't need to run faster than the lion to survive, you just need to run faster than the other person."

 

If you do want to learn more and look at adding security to your environment; Sophos offer a free home version of their XG Firewall which you can install on an old PC. More than anything this could give you some insight into traffic on your network. You can download it here: https://www.sophos.com/en-us/free-tools/sophos-xg-firewall-home-edition

 

Hope some of this is useful.