I’m writing what’s ending up to be a very long article on Hardware Firewalls and how they can be used to help keep computer networks safe. There isn’t a lot of information about this for home owners yet there is an emerging market of devices specifically for that purpose. But it’s a complicated topic and even the types of devices made for this are really confusing and almost impossible to compare. Which is one of the reasons that the article is growing so long. It dawned on me today, that people should know how to secure what they already have too. So I began writing this as yet another section…but then I decided that this section could, and it should, stand on it’s own…especially because my firewall article is so long already!
Why You Should Secure Your Network
Every computer network has one device that acts as the gateway to the internet. This device may lead to others that together are the architecture creating your network. This network serves every internet device within your home or office. Every single device from computers and printers on down to smart light bulbs rely upon this network to function properly. If your network is hacked…then none of these devices will work. If your network is taken over by a Botnet for example, which is something I can speak from personal experience about, then it’s quite possible that your network may not always be available for your own use…sometimes it may work for you but other times it won’t. In fact this inconsistent pattern of up and downtime is one good indication of a possible Botnet.
For sure it was our Botnet experience that made me sort of obsessed with making sure our network is secure. This happened in the early days of networks. Ours had been secured, up until the point at which one of the teenagers in our household decided our aging router needed an upgrade. He installed some open source firmware on it, which was actually great but he inadvertently removed the encrypted password needed to access our wifi in the process. He also enabled remote access, opened a port for port forwarding and only mentioned the upgrade to us after the fact. Although, frankly we didn’t have a clue about routers…so when he did tell is about it we weren’t really concerned.
Within a few months of that occurring we began having network outages and other annoying problems cropping up. Slowly over time the problems increased to the point that our network was rarely usable…and most of the computers in our house seems really virus prone as well as exhibited aberrant behavior. This went way beyond the constant popups, spammy emails and occasional virus alerts we each experienced. At the worst point we’d see computer’s wake themselves or screens just change before our eyes…it seemed more and more like something or someone other than us was running our computers a lot of the time..
If your network begins to exhibit this kind of behavior, it could be due to one of the network device’s malfunctioning or it could be that a Botnet has taken it over too. Most Bot Master’s (the hacker’s who manage the Botnet) will allow you to keep using your devices and your network, because they want to keep you from growing suspicious and taking steps to oust it. But many more Botnets today are formed with IoT or smart home devices…in that case you may never really never notice any problems at all.
In any event, preventing these kinds of things from occurring is much, much easier than it is to fix the problem once it’s arisen. That’s why it’s so important to secure your network now.
Which Device Needs to Be Secured?
My firewall article will go into much greater detail about device protection…so this post is simply about securing what you already have in place for your network.
In 2017 almost everyone refers to their main network device as a router…but it may actually be a modem too. The difference is that a modem just receives and retransmits the signal whereas a router splits it up too…often into a LAN (wired Ethernet network) and a WAN (a WiFi network.) If it is indeed a router, than the modem (the hardware that receives the signal coming into your home or building and makes it usable for your devices) is built into it. There are other network hardware devices that can also serve these functions too…like the traditional firewall devices I discuss in my longer article, these can also act as a router…so it can get confusing.
Some of the newest network security devices are much more sophisticated routers with built-in security features. And then there’s another new class of routers which provide newer, more complex WiFi networking capabilities like cloud-based mesh ones which give you much faster, less problem-prone WiFi’s capable of handling gigabyte speeds. I don’t think there’s ever been a time in which there was such a vast range of network devices available to home owner’s. Gone are the days of the $75 router…the newer ones can get really pricey…like $600+ for high end versions.
Therefore, to alleviate any confusion I’ll try to to stick to calling the device which is the subject of this post, the network gateway device. It’s the first device in your network, and it’s the one that’s connected directly to your internet service provider’s incoming signal.
It’s what you do to this device that’s the important part…not what you call it…
All network gateway device’s have settings that can be changed. Yet most people know nothing about these settings. Consequently, they never visit that device’s settings to tweak things that could make themselves vulnerable too outside attacks. Rather than my going into long explanations for each tweak, I’m just telling you what needs to be changed. You can Google more information on why if you want to know more about each individual setting.
Since your router or modem is the gateway to your entire network…securing it isn’t just a good idea, it’s mandatory and nonnegotiable. It’s something you MUST do if you want to keep you, your personal data and your devices safe.
Because this is so important Homeland Security has created a webpage telling you what things should be secured and why.
Here’s a link to Homeland Security’s great information about securing the device that provides the internet gateway to you network.
Here’s another excellent and very detailed article about the many different ways a modem or router can be made most secure…but it’s also a bit techie.
If you don’t really understand technology and networks very well, I’ve written what I hope will be the most basic steps (for what is really a pretty complex topic) for you to follow to secure your network below.
When Should You Do This?
Um..now? ASAP would make sense, really. But if you’re wondering if you need to do this if you’re renting a modem or router from your isp, the answer is YES! It’s your network! Don’t think twice…they expect that you will do this!
Who Shouldn’t Do This?
No one! Everyone who has a network…literally everyone…needs to do this!
Unless you’re a kid! Then talk to your parents and help them to do it if they are unsure. But don’t do it all on your own…because one tiny mistake could cause huge problems you had no idea about. Even though your parents don’t know as much as you do about all this tech stuff, trust me when I say, they do possess certain knowledge and skills that you just don’t have yet. So, your combined wisdom should be used if they can’t manage this on their own!
Parents…read my article about how our network was invaded by a Botnet if you want to understand why you should do this with your kid rather than leaving it up to them to do alone!
Steps to take to Secure Your Network Gateway Device
Step 1 to Secure Your Network:
Change the device’s login name and password.
FYI, my router’s login name was: admin & the password was also admin
I changed both so that hacker’s couldn’t get into my gateway device’s settings and essentially take control of it, (which, by the way, is exactly how our network was taken over by a Botnet many years ago.)
Here are 2 links that explain how to login to your router:
This is the easiest and fastest method. But sometimes it doesn’t work because you can’t figure out what your brand of router is using for its IP address or it’s been changed. If that’s the case, then use the 2nd link’s steps to connect to it.
FYI, oftentimes this is written on a sticker that’s on the bottom or the back side of the device, but if there’s no sticker the 3 most common IP addresses are:
Link 2: If following the steps in Link 1 doesn’t work for you then follow the steps described in this Link 2.
Step 2 to Secure Your Network:
Make sure your wireless network requires a password to join it and that the password uses strong encryption. Currently the best encryption for this is WPA2 Personal.
Here’s a link to linksys showing how to do this on many of their routers, but the Homeland Security site above also gives good advice for this.
Step 3 to Secure Your Network:
Disable any features you’re not using which make your router vulnerable to outside attacks.
Disable all of these settings
• Remote access or remote management • UPnP (Universal Plug and Play) • WPS (WiFi Protected Setup) • Telenet • SSH • HNAP • Port forwarding
These should all be turned off.
If you’re unsure about turning any of these off and are worried that doing so might hurt something else that you’re using….then just think about it like this instead.
If you didn’t turn these services on..who did? Some, like UPnP may have been turned on by default by the maker of your device. But if you’re not using those services, you shouldn’t leave secret doors for hackers to use to gain access to your network. Just turn them all off and write down what you changed.
If turning them off causes any unforeseen problems, you can go back and just turn them on again. If you think that this may happen because other people also help in maintaining your network…maybe a spouse, a teen, or your internet provider service people…then write in a note to yourself about exactly what changes you made so it’s easier to change back again…although I highly doubt you’ll need to do that.
Step 4 to Secure Your Network:
Write down the new login name and password and tape it to the bottom of the device. Maybe even include the IP address that worked for you.
While you don’t want this information to get lost…don’t worry too much about it. If it does get lost you can just reset the device, bringing it back to its defaults. In fact, under Step 1 above, the 2nd link step’s tell you exactly how to do that.
If you’ve successfully made it all the way through this guide…congratulations, you’ve just taken some really huge steps to secure your network! Steps, which the majority of people don’t take because they don’t think they need to or because it’s too confusing and complicated. But really it’s not, if you just know what to do, right?
If you want to learn more about ways to keep your network safe and secure come back to vsatips in about 2-3 days and look for my new Firewall article. Or you can subscribe to receive an email about it too. The subscribe form should be somewhere below thison the bottom right side of the screen.
I really love getting feedback from my readers!
Therefore I try to make it as easy as possible for readers by not requiring you to add your email address, unlike most comment sections you’ll encounter on blogs. I’ve gone a step further though because you don’t even need to include your real name. You do need a name of some kind…but that can be whatever you want it to be.
I’ve done it this way because it’s your actual feedback that’s really important to me. I’m not really interested in collecting readers’ email addresses which is usually done for the purpose of creating a subscription mailing list.
contact-formcontact-field label=’Name, nickname or just first name is OK’ type=’name’ required=’1’/contact-field label=’Email required ONLY IF you want me to email you back’ type=’email’/contact-field label=’Website if you want to share your website with me and my readers’ type=’url’/contact-field label=’Comment’ type=’textarea’ required=’1’//contact-form