2. Make the most of your devices' security features
"One of the major problems is that devices are deployed with some pretty insecure defaults," says Miessler. "If you search for the device name online, you can find the user name and password that it ships with. And there's a project called Shodan that lets you enter a product name, and it will reveal everyone in the world who's running that product and if it's listening live on the Internet."
If you simply set up your devices with their default configurations, an attacker could use those two tools to find them and learn their passwords. You need to change the default passwords — and, if the device allows it, use a strong password with upper and lower case letters, numbers, and symbols. "We've seen that vendors can ship their products in an insecure configuration, but they will have built better security into the tool — you just have to go in and configure it," Miessler said.
3. Keep your networks separate
Creighton points out that "a lot of modern wireless routers allow you to set up multiple access points off the same device. It definitely couldn't hurt to have one that's dedicated for your home automation system, your TV connection — everything but your computers and or phones." Give that network a separate password, so that if someone manages to steal your network password from your laptop, they won't also get access to your connected-home devices.
Miessler agreed that network segmentation is an important step. "When you deploy any sort of technology in the home," he says, "think about what network it is on and how it relates to the other devices in the home." Consumer devices like routers, at least middle- to high-end ones, can segment multiple networks. "You can have a guest network and an internal network, and even determine which ones are wireless and which ones aren't," Miessler continues. If your router doesn't have that capability, you could also use a second router to create a separate network.
4. Hide your network
Shiyan Hu, associate professor in the Department of Electrical and Computer Engineering at Michigan Technological University, suggests something even simpler "Configure your wireless router to make it invisible," he recommends, "so that the associated Wi-Fi network cannot be found using automatic searching. Any user will need to know its name to make the connection."
This isn't a strong deterrent for skilled hackers, however. "This simple step can be easily done by everybody. Although it is not really effective to protect your network, it could at least help discourage some rookie hackers," Hu says. Creighton agrees. "There's no real way to make your network invisible," he says, "all you can do is turn off the broadcast of its name." There are tools available for viewing Wi-Fi traffic, and an attacker could find your network by using such tools.
Sign up for Computerworld eNewsletters.