BEEF UP NETWORK SECURITY
Make sure your network is protected from outside threats
Just how secure is your network? At the very least you should be protecting the Wi-Fi side of things with WPA2-PSK encryption. This is the latest Wi-Fi security measure, scrambling your data and protecting it using a pre‑shared key (PSK), which is network speak for a password. But that only scratches the surface. Read on for other tips you should employ to close the door on hackers and other unwanted intruders.
Update your router
The recent discovery of the KRACK vulnerability has shaken Wi-Fi networking to its core. Familiarize yourself with what it is at krackattacks.com. Your first step should be to visit your router’s homepage and see if a firmware update has been released that specifically addresses this problem — if you have an AirPort Express, Extreme or Time Capsule, use Spotlight to open AirPort Utility (or download the iOS version), which should prompt you with a firmware update — at least version 7.7.9 for 802.11ac models, or 7.6.9 for 802.11n.
You also need to update all your Wi-Fi devices. Apple has already patched OS X El Capitan, macOS Sierra and macOS High Sierra, and iOS 11.1. To find out more about Apple’s security updates go to bit.ly/applesecupd.
Did you know your router might be open to access from the internet? First, sign in to its configuration utility in your web browser and, if you haven’t already done so, change the default password to something more secure. Now go to whatismyip.com — see your public IPv4 address? Type this into your browser and see if this takes you to your router configuration login page. If it does, look for a ‘remote access’ option and disable it.
Who’s on your network?
Install Who Is On My WiFi (free, Mac App Store) or Fing for iPad and iPhone (free, bit.ly/fingios) to see a list of devices — wired or wireless — currently connected to your network. Label those you recognise by IP address and mark them as known, and investigate the unknown devices to verify they’re legitimate. Keep checking back for new devices. If nothing else, it’ll remind you how many connected devices you own!
Another way to protect yourself is to turn on your router’s guest network, if it offers one. This gives guests internet access only. Be sure to protect it with WPA2-PSK and give the password to friends to use without exposing the rest of your network to them.
Check whether your router supports a feature called VLANs (or ‘interface grouping’). This segregates your network by Ethernet port or Wi-Fi network, allowing you to set up isolated networks for specific devices. It can be complicated to action, and isn’t on Apple routers or many others, so a guest network’s often more suitable.
Another option is to close the virtual ‘ports’ that route data from apps and services between networked devices and to the internet. If your router has UPnP (Universal Plug and Play) turned on, apps can open the ports they want, which can be risky. Managing port forwarding by hand is complicated, but periodically check your router’s admin tool to see which ports have been opened, removing any you don’t recognise or no longer use. It’s wise to cross-reference Apple’s list of ports used by its software at bit.ly/aplpt.
One way to tighten security is to give visitors limited access to your network by setting up a guest network. This provides people with access to the internet, but things like printers and storage are cordoned off.
Find out how many devices are connected to your network, whether over Wi-Fi or Ethernet, with an app like Who’s On My WiFi.