Beef up network security
MAKE SURE YOUR NETWORK IS PROTECTED FROM OUTSIDE THREATS
NOW IS THE time to turn to the thorny issue of network security. You don’t want to be giving neighbours free Wi-Fi or letting any Tom, Dick or Harry gain easy access to your network for whatever nefarious purposes. (Remember, anything done on your network becomes your responsibility.)
GET THE BASICS SORTED
Step one is to lock down your network from actual intruders – those within physical range of your Wi-Fi network. The guide opposite reveals six steps you can follow to tighten security at this level. When it comes to password-protecting Wi-Fi, make sure you choose WPA2-PSK encryption. WPA2 is ageing and its reputation took a battering with the recent KRACKS vulnerability – speaking of which, check your router’s firmware is up to date – but it’s still adequate for most people’s needs, at least until WPA3 is widely used.
There are other steps you can take to dissuade people from getting onto your network, from hiding your SSID (network name) to disabling your router’s DHCP server, which means manually configuring every device on your network to access it. These procedures stop casual piggybacking where a neighbour has got hold of your Wi-Fi password, but they don’t stop hackers and it’s better to know if the password has been compromised and act swiftly to change it.
KEEP HACKERS AT BAY
Your network isn’t simply at risk from people in close physical proximity. It can be infiltrated by hackers from the other side of the world too.
Many routers offer remote management support, which can give remote hackers an easy ‘in’ to your network. Log in to your router’s configuration utility. If you’re still using the factory-default password for your router to log in, change it immediately (look for the appropriate setting under System Tools or Administration). Make sure you disable remote administration to prevent anyone from outside your network being able to log in to your router – this can often be found in the same place as the administrator password setting.
Next, explore your router’s UPnP and port forwarding settings – this makes network communication between devices simpler by opening ports between them. It’s also used to allow apps to communicate over the internet using non-standard ports, but it can open up holes for hackers.
Look for the UPnP section under NAT Forwarding to see what ports have already been opened. Make a note of the external port, protocol, internal port and IP address the ports are being routed to – the last refers to the device using the ports. If any look suspicious, disable UPnP and investigate.
Even if they’re all legitimate, consider putting security ahead of convenience, leaving UPnP disabled and applying these settings manually via the Port Forwarding or Port Triggering section on your router instead. Going forward you’d have to manually open ports when certain apps or services request them, but instructions should be provided online (Apple provides a list of ports used by its software at
for example).