Question How Do I Build a Decent Secure Home Network?

[SupportTech2001]

I know I need a router and VPN. I want to configure the whole myself. Any suggestions for the router and open-source materials would be greatly appreciated. I am excited about this project and feel like it would be a good way for me to learn more about networking, which would be good since I want a CompTia Net+ certification. I hate googling stuff like this because I feel like the lists are funded by companies with their products.

 

[nigelivey]

Hire a professional or read some material, google is your friend, build a home lab and experiment. Look at options like Pfsense or Opensense.

 

[kanewolf]

I know I need a router and VPN. I want to configure the whole myself. Any suggestions for the router and open-source materials would be greatly appreciated. I am excited about this project and feel like it would be a good way for me to learn more about networking, which would be good since I want a CompTia Net+ certification. I hate googling stuff like this because I feel like the lists are funded by companies with their products.

Why do you believe you "need" a VPN for a secure home network?
A secure home network is pretty easy.

1. Factory reset all network hardware
2. Set a strong unique secure admin password. If the device allows, change the admin account to something other than "admin"
3. Set your SSID with a strong unique password. DON'T provide that password to anyone.
4. Create a guest WIFI network for casual users.
5. Disable everything not necessary on your router. UPnP, WPS, WIFI admin access
6. Don't do stupid stuff on the web to piss-off people. There is generally no reason for a home network to be a target beyond typical shotgun access of every IP address.
7. Change your passwords periodically. Yes, it is a PITA, but it provides security.

 

[WarWolverineWarrior]

CompTIAN Network+ is just basics and best practice. It seems you have time on your hands and want to mess around with routers. Asus routers are nice and have lots of settings that you can mess around with from factory. You can also load different firmware from Asus-Merlin to DD-WRT but you don't really need to do that because vendor firmware has 99% of features/settings anyone would need. RT-AC88U is probably cheap enough to mess around with but if you plan on using any custom firmware, make sure they support the router.

 

[Ralston18]

And do google about for information. Agree that many lists and company websites are biased.

However some companies do provide good information, diagrams, and explanations via User Guide/Manuals, FAQs, and Forums. Some offer tutorials that can be very educational with diagrams, glossaries, etc..

Limit searches to the last couple of years and pay attention to article dates. Fundamentals are likely, but not always, older documents. Products and related specifics likely to be newer documents.

Start a search with "Home Networking Tutorial".

Vary search criteria as you deem necessary.

Be wary of sites pushing you to download anything. Some home made tutorials/videos can be wrong in one way or another.

If any given website is not to your liking then look elsewhere.

 

[USAFRet]

I agree with the above comment of "Why VPN?"

Be really really really careful about VPN Review sites:

These VPN "Review" Websites are Actually Owned by VPNs

We discovered that many popular VPN review websites are actually owned by VPN services. This creates a conflict of interest.

restoreprivacy.com

Also...

How To - Home Cybersecurity Recommendations

While it is impossible to ensure your home network is 100% protected at all times, there are several easy steps you can undertake to minimize your exposure and risks. Operating System and Applications: - Keep Windows/OS X/Linux up to date: Updates are free and should be applied, when...

forums.tomshardware.com

 

[SupportTech2001]

Hire a professional or read some material, google is your friend, build a home lab and experiment. Look at options like Pfsense or Opensense.

Yeah, I'm looking for some guidance from people who have done it, what did and didn't work for them, anything that made it easier or cut the time down. I am a professional and trying to build a skill set.

 

[SupportTech2001]

Why do you believe you "need" a VPN for a secure home network?
A secure home network is pretty easy.

1. Factory reset all network hardware
2. Set a strong unique secure admin password. If the device allows, change the admin account to something other than "admin"
3. Set your SSID with a strong unique password. DON'T provide that password to anyone.
4. Create a guest WIFI network for casual users.
5. Disable everything not necessary on your router. UPnP, WPS, WIFI admin access
6. Don't do stupid stuff on the web to piss-off people. There is generally no reason for a home network to be a target beyond typical shotgun access of every IP address.
7. Change your passwords periodically. Yes, it is a PITA, but it provides security.

Well, privacy is another layer of security.

 

[SupportTech2001]

I agree with the above comment of "Why VPN?"

Be really really really careful about VPN Review sites:

These VPN "Review" Websites are Actually Owned by VPNs

We discovered that many popular VPN review websites are actually owned by VPN services. This creates a conflict of interest.

restoreprivacy.com

Also...

How To - Home Cybersecurity Recommendations

While it is impossible to ensure your home network is 100% protected at all times, there are several easy steps you can undertake to minimize your exposure and risks. Operating System and Applications: - Keep Windows/OS X/Linux up to date: Updates are free and should be applied, when...

forums.tomshardware.com

Well, privacy is another layer of security.
Also, I plan on using open-source VPN on a mini computer.

 

[USAFRet]

Well, privacy is another layer of security.
Also, I plan on using open-source VPN on a mini computer.

If your chosen VPN service gives up, or even sells, its logged data....that is demonstrably LESS secure.

A VPN can maybe mask your public IP address. That's about it.

 

[kanewolf]

Well, privacy is another layer of security.
Also, I plan on using open-source VPN on a mini computer.

Most traffic is already encrypted with SSL. More "privacy" would be had by using secure DNS services.