[SOLVED] Father-In-Law Is A Network Engineer - How Can I Prevent Him From Potentially "Tapping Into" My Internet And Seeing What We Do?

[Thegameandwatch]

Title question - Yes, I am being a bit paranoid. Do I actually think he would "spy" on our internet activity? Probably not, but I would really like to have some peace of mind and ensure that he doesn't "tap into" our router/internet and watch us.

The wife and I just bought our first house and we will soon be purchasing a router and modem. Frankly, I know very little about networks, and a lot of this is over my head. I am hoping once I get my router and such that I can set up "administrator access" or whatever it may be called so nobody else can have access to see our activity and what not.

So, is there something I can do to prevent a person with strong network knowledge from "spying" on my house's internet activity?

Really any sort of guidance on my situation here will be very appreciated, I'm not sure if many others are as concerned about this sort of stuff as I am.

 

[tennis2]

Use a VPN

Develop a better / more trusting relationship with your father-in-law....

Evaluate whether you should continue your current internet activity that causes you paranoia of being caught.

 

[bill001g]

You are in his house or you are in your own house.

Why would you think he is of more risk than a bunch of criminals from some other country. If you were to watch traffic on pretty much any router you will see it being attacked from time to time.

By default almost all routers prevent any access from outside your house. Someone from outside the house also has no ability to get between your router and any sites you are using. Your ISP likely is the worst offender when it comes to snooping. They can see very little since everything is encrypted with HTTPS but they can still see the IP addresses you go to. Still IP addresses do not mean a lot since most sites are hosted in common data centers so it makes it lots harder to get useful information with IP.

The only large security issue you find with many routers is that they come with WPS enabled. This is for all the lazy people who just want to push a button to set up wifi devices rather than key in the network id and password.....then again some idiot devices say like network light bulbs only work that way.

WPS has been cracked for years. Even if you change your wifi password to really good ones WPS will just give them to whoever has the code. The WPS code can not be changed on a router so once someone has it you have no security.

You want to disable this feature. Then again this is a wifi hacking thing so someone needs to be fairly close ot the router. The neighbors kid might do it but someone sitting in a car in from of your house would try attention.

In general even the best hacker will not be able to get into most routers. Hacking now days mostly is hacking the weak link which is the person using the network. For example somehow conning you into giving up the password.

 

[kanewolf]

Title question - Yes, I am being a bit paranoid. Do I actually think he would "spy" on our internet activity? Probably not, but I would really like to have some peace of mind and ensure that he doesn't "tap into" our router/internet and watch us.

The wife and I just bought our first house and we will soon be purchasing a router and modem. Frankly, I know very little about networks, and a lot of this is over my head. I am hoping once I get my router and such that I can set up "administrator access" or whatever it may be called so nobody else can have access to see our activity and what not.

So, is there something I can do to prevent a person with strong network knowledge from "spying" on my house's internet activity?

Really any sort of guidance on my situation here will be very appreciated, I'm not sure if many others are as concerned about this sort of stuff as I am.

Practice basic network security. Use unique strong passwords on the router login and the WIFI. Disable remote access to your router. Disable UPNP on the router. Change your passwords periodically. Setup a guest network that he can use when at your house.

 

[Ralston18]

Any thoughts on what make and model modem and routers you may purchase?

If so, go to the applicable manufacturer's websites and look for the applicable User Guide/Manuals.

If no decision yet - just go read anyway. Concepts, functions, and features are, for the most part, identical.

E.g., changing passwords and creating a guest network as mentioned in the preceding post by @kanewolf .

And many guides and manuals have helpful diagrams.

Do some reading beforehand and gain some sense of how it all will connect and the configuration settings available to you.

Or take a broader approach and simply google "how to set up a home network".

Limit the time frame to the last year or so - just to keep the topic fairly current.

Read and do additional searches as necessary to improve your understanding of home networking.

Start planning it all out and revise as you learn.

By being a bit more knowledgeable and prepared beforehand setting up the home network will likely go easier.

 

[Thegameandwatch]

Any thoughts on what make and model modem and routers you may purchase?

If so, go to the applicable manufacturer's websites and look for the applicable User Guide/Manuals.

If no decision yet - just go read anyway. Concepts, functions, and features are, for the most part, identical.

E.g., changing passwords and creating a guest network as mentioned in the preceding post by @kanewolf .

And many guides and manuals have helpful diagrams.

Do some reading beforehand and gain some sense of how it all will connect and the configuration settings available to you.

Or take a broader approach and simply google "how to set up a home network".

Limit the time frame to the last year or so - just to keep the topic fairly current.

Read and do additional searches as necessary to improve your understanding of home networking.

Start planning it all out and revise as you learn.

By being a bit more knowledgeable and prepared beforehand setting up the home network will likely go easier.

All good options, thank you.

I was considering these two products -

1. https://www.amazon.com/dp/B079JD7F7...colid=Y7X8HB6INDIY&psc=1&ref_=lv_ov_lig_dp_it
2. https://www.amazon.com/dp/B01A1E6BA...colid=Y7X8HB6INDIY&psc=1&ref_=lv_ov_lig_dp_it

I appreciate the input.

 

[Thegameandwatch]

You are in his house or you are in your own house.

Why would you think he is of more risk than a bunch of criminals from some other country. If you were to watch traffic on pretty much any router you will see it being attacked from time to time.

By default almost all routers prevent any access from outside your house. Someone from outside the house also has no ability to get between your router and any sites you are using. Your ISP likely is the worst offender when it comes to snooping. They can see very little since everything is encrypted with HTTPS but they can still see the IP addresses you go to. Still IP addresses do not mean a lot since most sites are hosted in common data centers so it makes it lots harder to get useful information with IP.

The only large security issue you find with many routers is that they come with WPS enabled. This is for all the lazy people who just want to push a button to set up wifi devices rather than key in the network id and password.....then again some idiot devices say like network light bulbs only work that way.

WPS has been cracked for years. Even if you change your wifi password to really good ones WPS will just give them to whoever has the code. The WPS code can not be changed on a router so once someone has it you have no security.

You want to disable this feature. Then again this is a wifi hacking thing so someone needs to be fairly close ot the router. The neighbors kid might do it but someone sitting in a car in from of your house would try attention.

In general even the best hacker will not be able to get into most routers. Hacking now days mostly is hacking the weak link which is the person using the network. For example somehow conning you into giving up the password.

This is reassuring so thanks.

When I eventually set this up it will be my house with my wife(his daughter).

I will take all this advice and feel good about it 👍

 

[kanewolf]

All good options, thank you.

I was considering these two products -

1. https://www.amazon.com/dp/B079JD7F7...colid=Y7X8HB6INDIY&psc=1&ref_=lv_ov_lig_dp_it
2. https://www.amazon.com/dp/B01A1E6BA...colid=Y7X8HB6INDIY&psc=1&ref_=lv_ov_lig_dp_it

I appreciate the input.

Verify with the ISP that the model of cable modem you list is acceptable for the planned internet package you want. For example, if you want phone service, that would not be an appropriate modem. The ISP will usually have a webpage with approved devices for the different packages they offer. Find that website.

 

[Ralston18]

Seconding @kanewolf with respect to verifying that your ISP supports both the modem and router that you have in mind.

If not, then do not buy them, but do read the documentation. Likewise read the documentation for the devices that are supported. Make a list (a revisable list) of your requirements, questions, and concerns. Check things off the list as you find answers. Or add to the list if more questions arise.

Who is the ISP? Do you have choices?

 

[Thegameandwatch]

Seconding @kanewolf with respect to verifying that your ISP supports both the modem and router that you have in mind.

If not, then do not buy them, but do read the documentation. Likewise read the documentation for the devices that are supported. Make a list (a revisable list) of your requirements, questions, and concerns. Check things off the list as you find answers. Or add to the list if more questions arise.

Who is the ISP? Do you have choices?

Good stuff, will do.

Only option I have is xfinity. Going to check if they support those.

 

[SamirD]

Okay, so if you really want to make sure he's not on your network, here's the sure way to do it:

• Get a second Internet connection for him. Yes, you can actually have more than one modem to an address (I used to have 3 back in the day when speeds were slower).
• Do not have any wireless signal on your network.
• Keep both networks physically separate and physical access to switches and other equipment secured for your network.

 

[gggplaya]

Just because he's a network engineer, does not make him a hacker. It would be much easier for him to just install something on your network while he comes to visit, rather than try to hack into it from the outside. At which point, it doesn't matter what efforts you do to stop him.

 

[Thegameandwatch]

Just because he's a network engineer, does not make him a hacker. It would be much easier for him to just install something on your network while he comes to visit, rather than try to hack into it from the outside. At which point, it doesn't matter what efforts you do to stop him.

I am quite the noob when it comes to a lot of network technology, so it's very possibly I just didn't explain my worries well.

What is a "something" he could install on my network? I'm not necessarily worried about him "hacking" into it, just about him possibly having any sort of access to the network when he shouldn't.

 

[gggplaya]

He could install something like a Raspberry pi loaded with Linux and a VPN server. Then connect it to your wifi and keep it hidden in your house. Then all he would have to do is connect to the VPN server and voila, he's in your house.

 

[Thegameandwatch]

He could install something like a Raspberry pi loaded with Linux and a VPN server. Then connect it to your wifi and keep it hidden in your house. Then all he would have to do is connect to the VPN server and voila, he's in your house.

Gotcha. While I still don't think he would actually do something this involved, I would really like true peace of mind.

How can I prevent him from potentially doing something like this? And how could I even see that he had something like this setup?

 

[tennis2]

Please state whether or not your FIL is in the same residence as you are. You're getting double the suggestions (and half of them are irrelevant depending on this information) because people don't know.

 

[Thegameandwatch]

Please state whether or not your FIL is in the same residence as you are. You're getting double the suggestions (and half of them are irrelevant depending on this information) because people don't know.

Oh sure.

FIL and I will not be living in the same residence. It will be just me and his daughter.

 

[digitalgriffin]

Title question - Yes, I am being a bit paranoid. Do I actually think he would "spy" on our internet activity? Probably not, but I would really like to have some peace of mind and ensure that he doesn't "tap into" our router/internet and watch us.

The wife and I just bought our first house and we will soon be purchasing a router and modem. Frankly, I know very little about networks, and a lot of this is over my head. I am hoping once I get my router and such that I can set up "administrator access" or whatever it may be called so nobody else can have access to see our activity and what not.

So, is there something I can do to prevent a person with strong network knowledge from "spying" on my house's internet activity?

Really any sort of guidance on my situation here will be very appreciated, I'm not sure if many others are as concerned about this sort of stuff as I am.

Step 1: Remove the tin foil hat

There's an assumption your father n law is somehow going to mess with your life. Why would he want to? If it's that big an issue you have bigger problems.

That said, unless he's good at installing spyware, you are safe in your own house with your own equipment. If he does install spyware, then like I said, you have much bigger issues.

Hacking isn't a one and done solution. There are always multiple layers of defense when it comes to hackers.

 

[USAFRet]

Speaking as a FIL, father, grandfather, and the alphageek of my extended family...people don't do this unless there are other, HUGE problems.
Social problems, not tech solvable problems.

 

[gggplaya]

I guess none of you ever saw Meet the Fockers?

 

[Thegameandwatch]

Step 1: Remove the tin foil hat

There's an assumption your father n law is somehow going to mess with your life. Why would he want to? If it's that big an issue you have bigger problems.

That said, unless he's good at installing spyware, you are safe in your own house with your own equipment. If he does install spyware, then like I said, you have much bigger issues.

Hacking isn't a one and done solution. There are always multiple layers of defense when it comes to hackers.

Step 1: Remove the tin foil hat

There's an assumption your father n law is somehow going to mess with your life. Why would he want to? If it's that big an issue you have bigger problems.

That said, unless he's good at installing spyware, you are safe in your own house with your own equipment. If he does install spyware, then like I said, you have much bigger issues.

Hacking isn't a one and done solution. There are always multiple layers of defense when it comes to hackers.

Good to know I am likely safe in my own house. I guess I didn't and still don't fully grasp how intensive it might be to spy on network stuff.

I think as long as I follow some of the steps posted in this thread I should be A-O-Kay 👌

 

[digitalgriffin]

Good to know I am likely safe in my own house. I guess I didn't and still don't fully grasp how intensive it might be to spy on network stuff.

I think as long as I follow some of the steps posted in this thread I should be A-O-Kay 👌

To an experienced hacker, it's a piece of cake. All he has to do is spear phish ya through an email and get you to click on a link that leads to a virus that installs on your system reporting everything you do. Or he could use UPnP vulnerabilities which are often left open for video game consoles.

But to an ordinary network engineer, doubtful.

 

[Wacabletech06]

Title question - Yes, I am being a bit paranoid. Do I actually think he would "spy" on our internet activity? Probably not, but I would really like to have some peace of mind and ensure that he doesn't "tap into" our router/internet and watch us.

The wife and I just bought our first house and we will soon be purchasing a router and modem. Frankly, I know very little about networks, and a lot of this is over my head. I am hoping once I get my router and such that I can set up "administrator access" or whatever it may be called so nobody else can have access to see our activity and what not.

So, is there something I can do to prevent a person with strong network knowledge from "spying" on my house's internet activity?

Really any sort of guidance on my situation here will be very appreciated, I'm not sure if many others are as concerned about this sort of stuff as I am.

Firewall configured to only allow certain devices.
VPN
Better passwords
Turn off the internet.
Blame other people.

 

[SamirD]

FIL and I will not be living in the same residence. It will be just me and his daughter.

Ooooo. Scratch my previous reply as I thought he was in the same house. You'll be fine. Just follow normal computing best practices and you'll be in good shape. Oh, and take care of his daughter and you'll definitely be fine.

 

[gggplaya]

As long as he doesn't catch you on your own security cameras abusing his daughter or grandchildren. You'll be fine.