Security Guides
A security audit sounds like something that happens in a corporate IT department, with specialists and expensive software and a report that nobody reads. For home networks it doesn't have to be any of that. A home network audit is really just a structured way of answering one question: is my network set up in a way that protects me?
This guide walks through every area you should cover in a home network security audit, what to look for in each one, and what to do if you find something that needs fixing.
A thorough home network audit has five main areas. Working through all five gives you a complete picture of your security posture.
You cannot secure what you don't know about. The first step in any network audit is building a complete inventory of every device connected to your network.
Log into your router's admin interface and navigate to the connected devices section. Write down every device listed with its IP address, MAC address, and hostname. Then cross-reference that list against every device in your home that connects to WiFi.
Any device you cannot identify deserves closer investigation. Look up the MAC address manufacturer online. If you still can't match it to a known device after investigating, change your WiFi password. For a detailed walkthrough of this process, see our guide on how to check what devices are on your home network.
Your router is the gateway between your home network and the internet. Its configuration has a bigger impact on your network security than almost anything else.
Check that your router's admin username and password have been changed from the factory defaults. Default credentials for most router brands are publicly listed online. If you're still using admin/admin or admin/password, change them now.
Your WiFi should be using WPA3 if your router supports it, or WPA2-AES at minimum. WPA (TKIP), WEP, and open networks are all insecure and should not be used. Find this setting under your router's wireless settings.
Universal Plug and Play allows devices to automatically open ports in your firewall without asking you. This includes malware. Disable UPnP in your router settings unless you have a specific application that requires it.
Remote management allows access to your router admin interface from outside your network. It should be disabled for the vast majority of home users.
Check whether a newer firmware version is available for your router and update if there is one. Router firmware updates frequently include security patches for known vulnerabilities.
Check your router's DNS server settings and make sure they are set to a known legitimate service like Cloudflare (1.1.1.1) or Google (8.8.8.8). Unusual DNS server addresses can indicate your router has been compromised. Read more about this in our guide on DNS hijacking and how to detect it.
The Windows computers on your network have their own security configuration that is separate from the network itself. A compromised endpoint is often the starting point for a broader network attack.
Verify that Windows Defender is enabled and up to date, or that you have another reputable antivirus solution actively running. Check that no exclusions have been added that shouldn't be there.
BitLocker should be enabled on any Windows machine that contains personal or financial information. Without disk encryption, anyone who gains physical access to your machine can read all your files regardless of your login password.
Check that Windows Update is set to install updates automatically and that there are no pending updates waiting to be applied. Unpatched vulnerabilities are one of the most common entry points for malware.
Secure Boot is a UEFI feature that prevents unauthorized operating systems and bootloaders from running on your computer. It should be enabled on modern Windows machines.
Review the user accounts on your Windows machine and remove any that shouldn't be there. Standard user accounts (rather than administrator accounts) should be used for day-to-day computing.
Your machine should be configured to lock automatically after a period of inactivity. Open Settings and search for screen timeout to verify this is set to a reasonable interval, 5 to 15 minutes is appropriate for most people.
Once you have checked the configuration, look for signs that something may already be wrong.
Open Command Prompt and run arp -a. Look for any MAC address that appears more than once for different IP addresses. Duplicate MAC addresses can indicate ARP spoofing, where an attacker is intercepting your network traffic.
Run netstat -b in Command Prompt as Administrator to see every active network connection and which program made it. Connections from programs you don't recognize deserve investigation.
Run ipconfig /all and check how many DHCP servers are listed. There should only be one. Multiple DHCP servers can indicate a rogue DHCP attack on your network.
A security audit isn't complete without considering what happens if something goes wrong despite your precautions.
The 3-2-1 backup rule is the standard recommendation: three copies of important data, on two different types of media, with one copy stored offsite or in the cloud. If you don't have at least one automated backup of your important files running regularly, set one up before you finish this audit.
Ransomware note: Local backups alone are not sufficient protection against ransomware. Ransomware frequently targets connected backup drives. An offsite or cloud backup that is not continuously connected to your machine is the most reliable protection.
Working through all five areas manually takes most people between one and three hours, depending how many devices they have and how familiar they are with their router's admin interface. It's not a quick process, but for most home users once a year is sufficient for a full manual audit.
SentinelHome101 automates all of the technical checks in this audit and runs them in about 30 seconds for a Quick scan. It covers device discovery, router configuration checks, endpoint security, active threat indicators, and more, and presents every finding with a plain-English explanation and remediation steps. You can use the manual process above to understand what it's checking, and let the tool handle the execution.
SentinelHome101 runs all 101 checks from this guide and more. Plain English findings, step-by-step fixes. Free for Windows.
Download Free