So i’m wanting to make a secure home network for all of my smart devices and to have general peace of mind that my network/etc would be generally safe. (or at least that a newbie hacker/etc couldn’t easily get into my network; or if i’m livestreaming, that a viewer can’t find my location or DDOS me,etc
I’ll be implementing these after i move in a few months, as i’ll be getting a new router then (the Dream machine pro, with a Access Point U6 LR for wifi (i don’t think my new location would be big enough for multiple AP’s
Here is a list of my checklist of “internet security changes” that i’ll do when setting up the dream machine, which i’ve heard help with security from various YouTube video’s; I’m curious if theirs anything i’m missing or that is incorrect and i need to remove from my checklist.
[I’m putting my entire checklist here, so some might not exactly be “security” helping]
1 - Change the web portal’s username/password to something that’s not “admin” “admin”/etc (not sure if this applies to unifi products as i think you login with your unify account.
2 - update Dream machine’s / wifi ap’s firmware
3 - Make a VLAN for Main (comp) / IOT [with phone in this vlan, so it can discover my smart devices, and i’ve heard phone’s are built to be on sketchy networks so their pretty secure? and i normally use a vpn on my phone so i would assume that would help] / GUEST and use random generated 20 character wifi password’s for them. [so their not easily crackable]
4 - Set a rule where VLAN IOT can’t communicate with VLAN MAIN, and the other way around.
5 - Turn of UPnP.
6 - Disable remote access / remote management.
7 - allow nothing in port forwarding / turn off.
8 - turn off WPS / wifi protected setup
9 - Turn off “respond to pings from lan” and “respond to pings from wan”
10 - turn off “Enable connectivity monitor and wireless uplink” [not sure if security related, but have heard it’s better to turn these off].
11 - Disable fast roaming in the wifi section.
12 - Turn internet security to max, such as deep packet inspection on, device fingerprinting, threat management to max, intrusion prevention system on, etc
13 - if multiple wireless AP’s, put first AP’s 2.4ghz on channel 1, 2nd ap on channel 6, and 3rd on channel 11, and 5ghz on channels 36, 48, and 161).
Would these make my network fairly secure? if one of my smart devices was hacked/cracked because it had a vulnerability, would the network still be fairly secure? should i not have my phone on the IOT vlan, but instead on the main VLAN but setup mDNS so the phone can still connect with IOT devices? etc