technology, amateur radio, scouting and me

Tag Archives: Information security

How to keep guests off your home Wi-Fi

It may be useful to let guests access the Internet from your house, but control what they do

Super Hub

This post was prompted by a conversation originated by Robert Craven on Google+ relating to how guests expect to have Wi-Fi access when they visit. Leaving aside the social rules, here’s how you can enable this without endangering your own security.

Caveat

The detail only applies if you are a Virgin Media customer with a Super Hub, but the principle probably applies to other models of routers.

The issue

Like lots of people, not necessarily only the techies amongst us, I have a number of devices that connect to the Internet via a Wi-Fi network in my home. Examples include: several PCs and Macs, a Raspberry Pi based media player, a NAS file server, several smartphones, the TV, my audio system, etc. The default security for these devices is “shields down”: i.e. they assume they are operating in a secure and benign environment.

Whilst I can be reasonable sure that any device I connect to the network will play by the rules, has good anti-virus and effective anti-malware protection; I cannot assume the same for devices brought in by guests.

Luckily, there is a solution

The Guest Wi-Fi network

I am a Virgin Media customer and have a Super Hub as my router and Wi-Fi access point. By default, this has a single wireless network enabled that is secured using a reasonably strong WPA-2 password. This is the network to which all our devices connect.

However, the Super Hub, which is actually a customised Netgear router, can also be configured to support a separate Guest Wi-Fi network that only has Internet access: i.e. it cannot see or access the devices connected to the main Wi-Fi network. This network can be configured as follows:

Enabling the Guest Network

Step 1 – access the Super Hub

On most networks, where the Super Hub is also the DNS server, you can access the Super Hub simply by typing

http://192.168.0.1

into the browser address bar. If you’ve changed the network settings, then I assume you know the address of the Super Hub.

You should see Screenshot 1

Screenshot 1
Screenshot 1

Login as admin If you haven’t logged in before and changed the password, it should be changeme.

I strongly suggest you change this to something unique and stronger immediately

You should now see Screenshot 2

Screenshot 2
Screenshot 2

Access the advanced settings

Click on Advanced Settings and you should see Screenshot 3

Screenshot 3
Screenshot 3

Setup the Guest Wireless Network

As you can see, there is the potential for three wireless networks on the Super Hub. The Primary network is the one configured by Virgin, and should not be changed unless you really know what you are doing

We are going to configure SSID3 (as I don’t want you to see what I’ve configured on SSID2, my own guest Wi-Fi)

Click on Guest Network (SSID3) and you should see Screenshot 4

Screenshot 4
Screenshot 4

If you click on Enable you will be able to enter your own SSID (see Screenshot 5)

Screenshot 5
Screenshot 5

I recommend selecting “WPA Auto” for Security Mode. You can then enter a passphrase.

Scroll down to the bottom and click Apply and you’re done.

If you scan for Wireless Networks, you should now see your new Guest Wi-Fi.

I recommend that you don’t connect to it from your own devices. Depending on the SSID you choose for the new network and how your own devices choose between multiple networks, you may get odd results when you try to access other devices on your own network.