BEEF UP NETWORK SE­CU­RITY

Make sure your network is protected from out­side threats

Mac|Life - - FEATURE -

Just how se­cure is your network? At the very least you should be pro­tect­ing the Wi-Fi side of things with WPA2-PSK en­cryp­tion. This is the lat­est Wi-Fi se­cu­rity mea­sure, scram­bling your data and pro­tect­ing it us­ing a pre‑shared key (PSK), which is network speak for a pass­word. But that only scratches the sur­face. Read on for other tips you should em­ploy to close the door on hack­ers and other un­wanted in­trud­ers.

Up­date your router

The re­cent dis­cov­ery of the KRACK vul­ner­a­bil­ity has shaken Wi-Fi net­work­ing to its core. Fa­mil­iar­ize your­self with what it is at krack­at­tacks.com. Your first step should be to visit your router’s home­page and see if a firmware up­date has been re­leased that specif­i­cally ad­dresses this prob­lem — if you have an Air­Port Ex­press, Ex­treme or Time Cap­sule, use Spot­light to open Air­Port Util­ity (or down­load the iOS ver­sion), which should prompt you with a firmware up­date — at least ver­sion 7.7.9 for 802.11ac mod­els, or 7.6.9 for 802.11n.

You also need to up­date all your Wi-Fi de­vices. Ap­ple has al­ready patched OS X El Cap­i­tan, macOS Sierra and macOS High Sierra, and iOS 11.1. To find out more about Ap­ple’s se­cu­rity up­dates go to bit.ly/ap­plese­cupd.

Did you know your router might be open to ac­cess from the in­ter­net? First, sign in to its con­fig­u­ra­tion util­ity in your web browser and, if you haven’t al­ready done so, change the de­fault pass­word to some­thing more se­cure. Now go to whatismyip.com — see your pub­lic IPv4 ad­dress? Type this into your browser and see if this takes you to your router con­fig­u­ra­tion lo­gin page. If it does, look for a ‘re­mote ac­cess’ op­tion and dis­able it.

Who’s on your network?

In­stall Who Is On My WiFi (free, Mac App Store) or Fing for iPad and iPhone (free, bit.ly/fin­gios) to see a list of de­vices — wired or wire­less — cur­rently con­nected to your network. La­bel those you recog­nise by IP ad­dress and mark them as known, and in­ves­ti­gate the un­known de­vices to ver­ify they’re le­git­i­mate. Keep check­ing back for new de­vices. If nothing else, it’ll re­mind you how many con­nected de­vices you own!

Another way to pro­tect your­self is to turn on your router’s guest network, if it of­fers one. This gives guests in­ter­net ac­cess only. Be sure to pro­tect it with WPA2-PSK and give the pass­word to friends to use with­out ex­pos­ing the rest of your network to them.

Check whether your router sup­ports a fea­ture called VLANs (or ‘in­ter­face group­ing’). This seg­re­gates your network by Eth­er­net port or Wi-Fi network, al­low­ing you to set up iso­lated net­works for spe­cific de­vices. It can be com­pli­cated to ac­tion, and isn’t on Ap­ple routers or many oth­ers, so a guest network’s of­ten more suit­able.

Another op­tion is to close the vir­tual ‘ports’ that route data from apps and ser­vices be­tween net­worked de­vices and to the in­ter­net. If your router has UPnP (Univer­sal Plug and Play) turned on, apps can open the ports they want, which can be risky. Man­ag­ing port for­ward­ing by hand is com­pli­cated, but pe­ri­od­i­cally check your router’s ad­min tool to see which ports have been opened, re­mov­ing any you don’t recog­nise or no longer use. It’s wise to cross-ref­er­ence Ap­ple’s list of ports used by its soft­ware at bit.ly/aplpt.

One way to tighten se­cu­rity is to give vis­i­tors lim­ited ac­cess to your network by set­ting up a guest network. This pro­vides peo­ple with ac­cess to the in­ter­net, but things like print­ers and stor­age are cor­doned off.

Find out how many de­vices are con­nected to your network, whether over Wi-Fi or Eth­er­net, with an app like Who’s On My WiFi.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.