The following points do not assume that your guest have any evil intent, but acknowledges the fact that peoples devices may be infected with malware that scans the network looking for vulnerable devices to move on to. They may be completely unaware of this, so the best approach is to assume all guest devices on your network are a possible threat.
Change the administrator password on your broadband router! This is especially the case if it is something obvious, like admin or password. Putting the password ‘somewhere safe’ is usually the first step towards losing it, so put a sticky label with a hint to its location with the router.
The first rule for WiFi is always have password protected networks using WPA2/3 encryption. Choose a key that is difficult to guess, using a combination of upper and lower case letters, numbers and special characters, avoiding dictionary words. This is not just to prevent anyone accessing your WiFi, but also to protect against unauthorised viewing your data while it’s being transmitted.
The strongest passwords are the least memorable as they have absolutely no structure to remember them by.
For home WiFi, you can imagine that a moderately strong password is going to be OK and GCHQ level security is not required.
One strategy for a moderately secure password is to pick a three unrelated words, then substitute numbers or symbols for similar letters. i=1,e=3, B=8, s=$ etc. For example, Maple & Engine & Dogs could end up as Mapl3Eng1n3D0g$. This gives you real words as aide-memoire, but is less guessable.
The best solution is to have passwords that use a random sequence of letters, numbers and symbols with no real words at all. Create a QR code to avoid have to enter it manually on guest’s phones. Like this
They can then simply show their phone camera the QR code and connect to the network
If your router supports a Guest Network, use this for house guests. This avoids them knowing your main password, but may not stop your devices being visible to scanning malware on guest devices. Ideally this guest network should block any access to devices on the main WiFi network.
If you have gites, segment their network(s) for the reason above. Don’t implement security in devices in the gite itself - it leaves security vulnerable to being disabled, either deliberately or inadvertently. Implement the security at your end of the network, where guest have no physical access. This what broadband providers do, and is why you can’t see your neighbours network even though you both subscribe to the same service.
When we segment a gite network, we are aiming to prevent the gite devices seeing and connecting to any device except those on their own local network and the public internet. Even though your main house forms part of the route to the internet, firewall rules prevent any interaction being initiated from devices on the gite network
Siret: 89169289900018 email: network16fr@gmail.com