Day 4
Protect Your Network & Create A Guest Network
DAY 4: Protect Your Network & Create A Guest Network
Today, we’re talking about something most people totally overlook… your home network.
Because your Wi-Fi isn’t the internet - it’s how you access the internet. And if it’s not secure, everything else you do online is basically sitting wide open.
Your WiFi network is the digital front door to everything in your home.
Every device that connects to your router - from your phone to your fridge - is like a potential entry point for attackers.
If your router still uses default credentials, or if it hasn’t been updated in years, that’s basically leaving your front door wide open with a neon “Hack Me” sign.
And while routers used to be set-and-forget boxes, today they’re powerful little computers that need maintenance - just like your laptop or phone.
So let’s get your router and Wi-Fi locked down and set up a secure guest network for visitors and your smart home devices.
What’s up S’mores! I’m Shannon Morse and welcome to Day 4 of my 30-Day Security Challenge, where we’re protecting your digital life one bite-sized step at a time. Every day, we’re breaking down one concept of online security and privacy to make the process less stressful, and to keep you from burning out.
If you’re following along, make sure to subscribe so you don’t miss the next video. You can grab the full 30-Day Challenge checklist and notes over at ShannonRMorse.com.
Step 1: NOW YOUR GEAR
Alright, time to do a little detective work.
Grab that notepad from earlier in the challenge and find your router and modem.
If you only see one box, you’ve probably got a combo device from your internet service provider (ISP). If you see two devices, you probably have a Modem and a Router. The Modem is a box that brings the internet into your house and allows you to get wired network connections. If you use an Ethernet cable and plug your device directly into a Modem, you’ll get internet through a Wired connection. A router is for wireless connections and lets all your wireless enabled devices connect to your internet. When you open your Wifi settings on a laptop and see your Wifi network name, you type in a password to connect. When you do that, your laptop is connecting to your router. Write down the brand and model number of these boxes, and then Google it with the words “release date” for these devices.
If it’s several years old, it might be time for an upgrade - older routers often stop getting firmware updates, which means they’re basically frozen in time with security flaws that never get patched.
And hey, newer routers usually mean faster speeds too, so it’s a win-win. Wi-Fi 6E and Wi-Fi 7 routers, while more expensive, also sometimes include built-in security layers like WPA3-Personal and automatic firmware updates.
If you’re not sure what to buy, usually your ISP has recommendations on their own websites, or you can check online for newer options that are compatible with your ISP - and FYI, your ISP is the internet service provider - it’s the company who pushes internet into your house through a line, and bills you every month for the service.
If your ISP provided the router, call them and ask if they have a newer model available, or see if you can buy your own. Owning your own gear gives you full control - not your ISP. And you may be able to save some money on a rental cost.
If you’re finding this video helpful, a subscribe would me a lot to me. Subscribing is a simple and free way to support creators on youtube!
So if you’re following along with the challenge, hit that subscribe button and turn on notifications so you don’t miss tomorrow’s video. You can grab the full checklist and daily recap at ShannonRMorse.com.
BIG Patreon shoutout to to my smores! You can join them and support my channel by going to patreon.com/shannonmorse for perks like early video access and my private discord!
As usual, all the videos on my channel are free to watch, and I thank my youtube members and patrons for making that possible.
Step 2: LOCK DOWN YOUR ROUTER
Now that you know what you’re working with, it’s time to log into your router’s admin interface.
Open your browser and type your router’s IP address - usually something like 192.168.1.1 or 10.0.0.1. Newer devices sometimes also use a router’s companion app so if it has one - that’s another way to log in. I set up a fancy small business network a couple of years ago, so you’ll see my login screen here. Yours will likely look different because it’ll have logos and branding for whatever company made your router. Whichever case, log in. If you’re not sure about what the username and password is, it’s usually printed on the bottom of the router if these came from your ISP.
Once you’re in, look for login / security settings and change the default login credentials.
If your username and password are something like “admin” and “admin”… yeah, it’s time to fix that. Create a new username and a strong password. If your password and / or username are written on the back of your router, see if you can change them.
Once changed, write the new credentials down in your notepad for now (we’ll deal with destroying that later in the challenge).
You’ll also want to disable any security settings that could make your network vulnerable to remote hacks. This includes Remote Management, WPS, and Open Ports. These features may be defaulted to ON simply for convenience and to allow you to log into your network when you aren’t on your home network - but that also means someone else could manage your router from outside your network.
To double-check your setup, visit grc.com/shieldsup - it’s a great free tool to test if your router has open ports visible from the internet.
A note on apps: while convenient, these apps can also collect telemetry data - so check the privacy settings and turn off “cloud control” or “remote diagnostics” if available.
And if your router offers built-in network scanning, use it!
Run a device discovery scan and look for anything unexpected - it’s a great way to spot rogue devices or neighbors “accidentally” using your WiFi.
Step 3: UPDATE AND SECURE WI-FI SETTINGS
Next, go into your wireless settings and make sure you’re using WPA2 or WPA3 encryption. If both are listed, click the box for WPA3, which offers more security protections.
If your router still lists WEP, just delete it from your life. That protocol is so outdated it’s basically decorative at this point.
Change your Wi-Fi name (SSID) and password too. Remember when earlier you signed into your router with some kind of admin username and password? These are different then your WiFi SSID and password. The LOGIN credentials from earlier are just how you LOG INTO the router to manage the network. The Wifi Name and password are how people and devices can CONNECT to the wifi router to get internet.
You can get creative with the name - call it “The Promised LAN” or “FBI Surveillance Van” But make sure your Wi-Fi password is strong and unique. You don’t want your neighbor connecting to your wifi network by guessing the password and then using it for something nefarious.
If your router supports both 2.4GHz and 5GHz networks, go ahead and name them separately - that just makes it easier to tell which one you’re connecting to later. A LOT of devices (especially smarthome devices) only support 2.4GHz wireless frequencies, so you probably want to leave this enabled so you can still use those devices with your router.
And while you’re in there, turn on the firewall if your router supports it, and enable HTTPS access for your admin interface. That’ll encrypt your login session and make it harder for snoops to spy on your router setup.
Step 4: CREATING GUEST NETWORKS
Now let’s talk about network segmentation - in human terms, it’s like having two WiFi networks under one roof.
You’ll use one for your personal devices (your laptop, phone, and main computer), and one for guests and smart home gadgets.
Now, what if you have a guest visiting? If you don’t want them to see everything else that’s on your wifi network, you may want to set up a guest network specifically delegated to visitors.
This is a completely separate Wi-Fi network for guests. You could also use a guest network for all your smarthome stuff too, or you could set up a third Wifi Network just for smarthome devices!
Why are we doing this? It may sound annoying to set up yet another wifi network, but this guest network keeps any less-secure devices - like smart bulbs, thermostats, speakers - away from your main personal devices. Smarthome devices are prone to hacks - they get less frequent updates, may not allow you to change default passwords, or just come with vulnerable hardware - so if someone hacks into your smart fridge or a light bulb, they won’t be able to use that device as an entry point into the rest of your network, basically stopping them from pivoting to hacking other devices.
Your guest network should:
Have its own SSID and password
Be isolated from your internal network (so guests can’t see your personal devices)
Have client isolation turned on (so guests can’t see each other either)
You can name your guest network something fun too - “NotTheMainWiFi” or “IoT Prison.” Just make sure it has its own password and WPA2/WPA3 encryption.
If you need help figuring out which devices should connect to which SSID - we’ll go over that tomorrow. Just get the guest network set up and labeled.
Bonus: If you just use your guest network whenever you have visitors, you can even turn the guest network off completely when it’s not in use.
Step 5: UPDATE FIRMWARE
Some routers update automatically, but most don’t. Look for a firmware or software update button in your admin settings - or go to the manufacturer’s website to make sure you’re running the latest version. I just set up a reminder on my calendar to check for updates once a month.
Most routers now have a “Check for Update” button right in the admin dashboard or companion app.
If your router doesn’t, head to the manufacturer’s website, download the latest firmware, and upload it manually through the admin page.
If there’s an update, apply it. Firmware updates patch security flaws and improve performance, so it’s super important to keep your router current.
BONUS TIPS!
If you want to go above and beyond, you can:
Restrict admin access to specific IP addresses.
Change your router’s default IP entirely.
Hide the SSID from being viewable.
Create a login page for your guest network (this may not work if you intend to use it for smarthome products that don’t have displays).
Or even install custom firmware like OpenWRT or DD-WRT for advanced control.
Smart-home devices are slowly standardizing to Threads or Matter protocols, which are more reliable and a great way to keep smarthome devices connected without the need for some kind of smarthome hub, BUT these protocols don’t magically make IoT devices safe - you’re still dependant on firmware updates and some trust in manufacturers.
Just be careful - those steps are for experienced users who don’t mind diving deep into tech settings.
And that’s it! You just gave your home network a serious security upgrade.
Remember - your Wi-Fi is your front door to the internet, so lock it up tight.
Tomorrow, we’ll build on this by figuring out which devices are on your network and which ones belong on your guest Wi-Fi.
If you’re following along, make sure you’re subscribed, hit that thumbs-up, and grab your full 30-Day Security Challenge checklist at ShannonRMorse.com - link’s in the description below.
I’m Shannon Morse - stay smart, stay secure, and I’ll see ya tomorrow for Day 5!
Useful Resources:
192.168.1.1