Lately it seems wireless is the way to go. Nobody wants their home network wired up anymore. 5G, 4GLTE, Wife a/c, Wifi 6, the standards are always changing and always trying to go for faster networks. Face it, we live in a world now where we are always connected, always on. Unfortunately, the average consumer is inundated with advertisements for different routers all promising the moon for features and speed, but unless you go with an access point system or mesh system, you still funnel all of your wireless traffic through one access point. Then somebody starts complaining about choppy video, slow downloads, or no access at all. So how do you improve that and keep the better half (and any connected teenager) happy? Wired up networking is the way to go. Let’s talk about how to upgrade your network, improve stability, and improve security.

network speed bottleneck
Slow network? Maybe its the router.

How many devices are in your household? 10 years ago that count would probably be in the single digits. According to various surveys US households have an average of 11 connected devices (I’ve got 48, for the record). Because of the convenience and rapidly changing technology, these devices are usually wireless. The catch: most people forget about their router. You know, that little box that the internet guy left and may have been forgotten about? It’s in a corner, where you likely couldn’t make a wired connection if you wanted to. While we often add a handful of new devices a year (new phone, new tablets, new smart TV, etc.), most people don’t even think about their router. I can’t count the number of times I’ve ran across a router that was left at the default settings and had been for 10 years. Given that wireless standards are changing at least every 3 to 5 years…that 10 year old router is way past end of life (and a security nightmare in a connected world).

Build a solid foundation

I went nuts and built a home network that is far above what an average home would ever possibly need. But that’s also just how I roll. I’ll detail exactly what is involved in a later post, but suffice it to say that I’ve spent more time than I ever want to spend in my attic crawlspace. The point of all of that work is that my home is relatively future-proofed for the next 5 to 10 years (at least), and I’ve got the infrastructure in place to easily swap out or upgrade if needed. I went for a “prosumer” router that is actively updated with software upgrades, so it will be secure and will have a longer life expectancy (with relation to technology advancements) than most consumer routers. I don’t have latency issues, and for the most part nobody is yelling about slow downloads. Maybe I went big, but you don’t have to go big to get some improvement, and in the same step improve the security of your home network. I’d rather go big up front and save time and effort later.

network rack

So, how can you improve your home network, both from a security standpoint and a usability standpoint? You don’t necessarily have to break the bank to do so, but considering my ISP would charge me $15/month to rent a modem/router…I think your ROI on a decent setup over 5 years would be about the same and you can get a much better product. Consider the math. $15/month for 12 months comes out to $160/year. For $160 you just about get a ASUS ROG WiFi gaming router. You’ll also be able to get a router with much better performance and security.

First up: Upgrade your router

The first thing to check is your router. It’s not a family heirloom so if you’ve had it for a while it may be time to consider an upgrade. Old does not mean valuable in this case. Old just means old. If you are renting your router from your internet provider I would definitely upgrade; these things are typically harder to manage as they have settings your ISP may have locked in and are purpose-built for the mass market. Likewise, cable services typically bundle the modem and router together. Because the standards don’t change as frequently, cable modems don’t have to be upgraded as often.

I won’t point you towards any specific router, but in most cases the saying “you get what you pay for” still applies. Personally I’ve always liked the reviews at PC Magazine, and this article goes through some of their top choices for 2020. You’ll notice that Linksys, Netgear, and ASUS are big names in this area with Netgear and ASUS geared more towards streaming and gaming. It’s worth noting that some of the Netgear routers have built-in support to expand your wireless network into a mesh system which may be a consideration if you have areas in your house that connectivity is an issue, but if going mesh I’d go with a dedicated mesh system. I used Linksys Velop for about 5 years, and while expensive I would recommend it again. If somebody tells you get a cheap range extender…unfriend them. Range extenders have their place, but I’m not a fan.

Consider splitting your modem and router up

If you are renting a modem/router combo and have decided to upgrade your router, upgrade your modem. The latest standard is DOCSIS 3.1. Modems don’t change nearly as much as router technology, so it makes sense to split your modem and router up. Why replace both when you likely won’t need to replace the modem for at least 10 years? My personal recommendation is the ARRIS SURFboard (see it at Amazon) for a high-end modem that will be able to handle any speed upgrades for years. That being said, any ARRIS or Motorola cable modem supporting at least DOCSIS 3.0/3/1 will do the job.

Next up: Enable Strong Passwords Across your Network

  1. Change the default password on your router. Not your wifi network…the actual login page of your router. Am I still speaking Greek? Here’s a hint: most routers will have a few bits of information printed on the sticker with the serial number, including the login user name and password, and if rented from the ISP the default wifi password. For many consumer routers its simply “admin” and “password” (if there’s a password at all). To make it even better…the default admin info is easy to find with a quick web search. Seriously, do a web search for Netgear router login information.
  2. Change the default wifi password and disable the guest network when you don’t need it. This will require you to log in to the router admin page. Unless you want your neighbor sucking down your bandwidth, enable a strong wifi password. Don’t make it the same as the name of the wifi network. Likewise, unless you are in COVID protest and hosting parties every night, turn off the guest network. Why open up another potential access point? Don’t worry about disabling the SSID broadcast, a truly interested party trying to access the network can find hidden wifi networks.
  3. Make sure you have changed the default passwords on any connected smart devices. Especially cameras. I’ve got security cameras covering all access points of my home, and they’ve all got complex passwords. I don’t want Creepy Joe down the street checking out my business. Likewise, someone that has managed to connect to another connected device (i.e. a wash machine that is on your network) can potentially access the rest of your network, compromising any files you may have on computers, tablets, phones, etc. You can easily fix this by changing the default password. Importantly, all connected devices should have a complex password.

Absolute Must: Keep your hardware updated

Keep your devices up to date. Especially the router. It is your gateway to the internet and your first line of defense. Networks are built on layered security, and the router is often the first part of that layer. Firmware updates protect you from the latest threats and security vulnerabilities. Forgetting about the router for 10 years just invites issues. The same goes for connected devices: do the updates. Any more almost any device made by a reputable manufacturer will allow for auto-updating. If its an option, enable auto updates and you don’t have to worry about forgetting about the updates.

Improve stability: Get it wired up

Wired is always better. Wiring your devices up is probably the single most effective way of improving network performance. This reduces wifi congestion, and improves streaming performance. Gamer? You definitely want that console wired. Look at it this way: if you have 11 wifi devices going though 1 access point, they all go through the same bottleneck. Take 3 of those devices off and wire them in. You now only have 8 devices competing for time on the access point. Three devices have a dedicated connection with no competing connection. They are only limited by the capabilities of the router and the speed from your ISP. I’ve got a completely average download speed for the area (125Mb/s), and can stream 5 TVs, browse on 2 phones, and download a game update on Xbox at the same time with zero buffering or latency issues.

Wireless mesh networks in particular can benefit in two ways from a wired home network. First, the wireless node becomes a wired access point if wired directly to the router. All traffic from that AP is pulled directly through the router and not bounced from node to node. Second, wireless mesh networks use a dedicated band for backhaul. The more devices you have linked in to that node, the more bandwidth the node uses to pull information from the router. Shifting devices to wired reduces the load on your mesh network, allowing for more efficient data transfer.

Wiring up your device can be done easily. Either purchase cables from a retailer (easy), or learn to terminate and make cables yourself. You don’t have to pay someone to do it (nor would I want to). Just be prepared to spend some time in the crawlspace or attic.

“Advanced” Minor Tweaks

Change the IP Range

Consider changing the standard network IP address range. This will not produce much of a security improvement, but it can help to change the IP address range from default. By far the most common IP address range is 192.168.1.xx; it’s default for almost all routers. It’s not a huge impedance to someone that is actively trying to compromise a network, but it is a small step in making it harder to guess the default router admin page.

Enable MAC Address Filtering

If you really want to take an extra step to secure the network…enable MAC address filtering. This limits devices with only specified MAC addresses (MAC addresses identify a device, i.e. 74:ac:b9:ec:c0:xx) to the network. You will be in the know, whether the user is wired in or wireless. If a device not on the list tries to connect the router will not issue it an IP address.

Segregate your devices

This can take some doing and requires planning, but a good step towards improving the security of your network is to create VLANs (or Virtual Local Area Networks). Essentially a VLAN places all devices on the VLAN on a separate (virtual) network. These devices can see and talk to each other and use the router internet access, but they cannot talk to devices that are not part of the that VLAN. A common example of a VLAN is the guest WiFi network. When enabled guests can access the internet and show up on your network but they cannot interact with any devices on your network.

Another typical VLAN setup is for IoT devices. Many smart home devices are targets of hackers since users don’t typically keep them updated (if they can be updated at all). Likewise, not all manufacturers put time in to keeping them updated (Smart TVs in particular). Its usually a good idea to keep these devices on their own network so that a compromised devices doesn’t automatically gain access to the rest of your network.

If you build out a smart home, I recommend avoiding WiFi devices for sensors and switches. First, you’ll be adding a bunch of chatty devices to the wireless network. Second, these devices will be a weakness in your network security. Lastly, WiFi requires a more powerful transmitter than either Zigbee or Zwave and will drain battery-operated sensors at a much quicker rate.

Wrapping it up

I’ve probably gone overboard. But that’s just me. Its also fun; once you go down the rabbit hole of networking and automation…its hard to come back. Its always new and there are always new things to try. However, the first step is a solid, secure network. Next time we’ll go into digging around in the router settings and what those mean, from the perspective of somebody not employed in the field.

For additional information:

***Disclaimer: I am not an expert by any means in network security or IT. My recommendations come from self-research and experience. What you do with any advice from this site is your responsibility, and yours alone. This site is simply a way for me to help pass along the fun I have had with learning, and information may change based on new information.

ubiquiti network logo

Updated 2/7/20.

Zack
Author: Zack

Pharmacist, tech guy, pianist, lover of beer, gamer, beach bum. Probably missed something. Just assume I'm into a little bit of everything.

5 Responses

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.