Building a Secure Home Network - Part 1

Building a Secure Home Network - Part 1

( last updated : May 25, 2020 )
infrastructure unifi


Building a home network is not easy, let alone a secure one. In this installment we are going to talk about planning out your future networks. This is will be with an emphasis on making them a secure place for you to both seprate your home and work networks. As well as anything else you would like to protect. This will not be an end all be all guide, but it should help you with ideas you need to get started and build your own secure home network.


Disclaimer


I am going to be using unifi equipment for my examples. You can use any networking equipment, such as cisco, netgear, etc. Any brand that allows you to have at least a managed switch should be acceptable. Unifi is just my personal prefrence. This is not meant to be an end al guide the network security, it will give you the blueprint to go forth and make your own secure home network.


Short on cash?

Ebay-Managed-Switches-Search
Ebay is a great place to find used gear, most of the time for a significant discount.


Planning is Key


Depending on how many assets your adding, and their functions. You will need to plan out in advance things such as how many vlans, subnets, wireless networks you will need. If you want those networks to talk to one another or to just stritcly be guest networks, etc.


Subnetting


I recommend planning out your subnetting ahead of time. The reason being, that some subnets will only require a certain amount of hosts needed. In alot of my home network vlans, i use a /29 or 255.255.255.248. This way i am freeing up ip addresses, and limiting the amount of addresses that can be assigned via DHCP. This works well with Vlaning out your home environment, in that you segment your home networks well with the few adddresses needed per vlan.


This is a subnetting graph that will show you the maximum usable address per subnet mask

Subnetting Graph

The one caveat to this is guest networks, in these networks using a /24 or 255.255.255.0 is fine. Typically this will be used in wifi networks, with isolation of hosts allowing this many addresses is fine.


Useful Tip

Using diffrent ip address scheme for each type of network your using is an excellent way to stay organized. Say using a 10.x.x.x for wireless networks, and a 192.168.x.x for servers. Will help you quickly identify and isolate a problem to a certian device type or network, since you wont have to dig through your notes to figure out which network subnet is which.


Vlans


Vlans, are the logical seperators of your network. They are the building blocks to both allow and deny traffic to certian devices on your network by grouping assets based upon what ever common denominator you like. In most corporate enivoronments, they will break up devices by geological location, or by departments. In your home network i recommend doing it by device type. So a vlan for servers, and a vlan for guest wireless SSID's. Then a vlan, wholely setup for your work from home devices. So on an so forth, until you have planned out your network accordingly.


In this example i have three Guest networks, with no access to anything else in the environment in Red. These are actually Vlans setup for Guest Wireless Networks. The orange networks are segemented into my research vlans. Purple is a management vlan, etc.

Vlan Examples

I highly recommend having a management vlan for your home network, this vlan should include potentially a desktop which will be used to administer the rest of your devices from inside your home network. This will start to make sense when we talk about firewall rules.


Wireless


Planning out the segementation in wireless networks is also important. Which network should be used for what purpose, and what should we allow to happen on that network. This i why you will need seperate vlans for your wireless networks. They will also need diffrent subnetting as well.


I recommend having mostly guest networks for home, i currently have one network setup for 'Internet of Things' devices such as roku and raspbery pi's. Then another for wireless network that would be for general user consumption. Firewall rules should typically be automatically created for networks declared as guest, if not then we will cover how to manually create your own.


Part 2 to come soon


Originally published
Latest update May 25, 2020

Related posts :