Router Security: Add a Guest Network
You may be aware that your router has a “guest network” feature, and you may think you know what it does. But a guest network is useful even when you do not have visiting relatives or friends. Let’s look at guest networks in detail and see how one can protect your home from cyber-intruders constantly...
Sharing Your Wifi With Friends (and Strangers)
“Can I use your WiFi?” is a common request from visitors to homes (and businesses). “Of course” is the hospitable reply. But you don’t want all of your network’s assets to be available to guests, and you don’t know what malware they may have on their devices.
Just as many homes have guest bathrooms and bedrooms, many routers have guest networks that visitors can use without intruding into hosts’ private areas, and these guest facilities get cleaned thoroughly as soon as guests leave.
Some Internet service providers will pre-configure your router with a guest network. If not, the procedure for setting up a guest network varies slightly from one router brand to another, but in general it is quite straightforward:
Log in to your router’s administrator console. (See the sidebar below if you're not sure how to do that.) Find the “Guest” page. Consult the user manual if necessary. Linksys calls it “Guest Access” and D-Link usually refers to it as the “Guest Zone.” Select either the 2.5 GHz or 5.0 GHz radio frequency band.
Enter a name (SSID) for your guest network. Enable broadcasting of the guest network’s SSID, so guests can find it on their devices. Yes, you can hide the SSID but then you’ll hear, “What’s the network name again?” a lot, and guests will have to type it into their devices each time they want to log on.
Remember that any passerby with a smartphone can see the SSID as if it was a sign on your front lawn. Avoid an SSID that reveals too much about you and your home, such as “Rankin_Guests.” Also, don’t be cute with an SSID like “FBI Van” or you may actually hear from law enforcement.
Select the WPA2 security option, the strongest encryption scheme for WiFi connections to the router. Here you will also set the password (encryption key) that guests will need to log on to the guest network.
Make sure the guest network feature is enabled (typically, a checkbox on the page). Save these settings and exit the administrator console.
Limiting Access to Network Resources
Generally, the guest network’s default settings allow your guests to access the Internet to check email and browse the web, even chat with each other and exchange data with their own devices. But they cannot access your main home network including the computers, printers, shared folders, media servers, streaming devices, personal assistant gadgets (Alexa, Google Home), smart lightbulbs, door locks, artificially-intelligent doorbells, surveillance cameras, toasters and other connected devices.
Do you see now why it's important to protect your main wifi network from casual (or potentially malicious) users?
Your router will allow you to specify which network resources your guests can use, or even allow multiple guest networks with different privileges. Asus routers allow up to six guest networks, each with different resources.
Once you've configured your guest wifi network, and assigned a password, there's one more important step. Make sure everyone in your home (especially kids) understands that they should not supply the access credentials for the main (non-guest) wifi to friends and visitors. That would defeat the entire purpose of having a guest network.
Don't Try This at Home, Unless...
The following ideas are not for most readers. But if you are an intrepid geek who wishes to test his mettle against hackers, a guest network makes a good “honeypot” to which you can lure them.
A honeypot, in enterprise network security, is a tempting mockup of the corporate network that contains no real sensitive data and provides no access to critical network resources. Its purpose is to fool hackers into playing their tricks on a useless target, so that the network’s admins can see what the hackers are up to. Honeypots send alerts to security staff when they are accessed, and log everything that intruders do.
This article in Network World discusses honeypots in the enterprise. Its applications to home guest networks are easily imagined. https://www.networkworld.com/article/3234692/lan-wan/increase-your-network-security-deploy-a-honeypot.html
Does your router offer guest wifi access? Do you make use of that feature? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 12 Jul 2018
|For Fun: Buy Bob a Snickers.|
Geekly Update - 11 July 2018
The Top Twenty
Does Your Router Auto-Update? (it should...)
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Router Security: Add a Guest Network (Posted: 12 Jul 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved