Did you know that there is a router firewall and then there is the software on your various computers also called firewalls? Why would you need double layers of defense? Your router firewall is actually part of traffic management.
For instance, your router sends traffic meant for a specific device directly to that device. Typically, a quality router has firmware that drops or halts traffic that is unrecognizable, unexpected, or even suspicious. The router firewall blocks malicious traffic and prevents the many ports from being scanned. Ports tend to have designated paths, for instance, Port 80 is usually the HTTP port that your router knows is for surfing.
What a router firewall may not do, though, is keep everything secure if the overall network has any vulnerabilities. For example, that router firewall is only as good as the security settings you assigned. As one expert said, “If your home network is poorly configured, the devices you’re trying to shield from the rest of the Internet don’t have much protection.”
For instance, a router firewall may not be “on” by default, and you may need to go in and enable it when you first set it up. You may need to enable DoS protection and disable access from WAN or turn off responses to ping requests from WAN. You should be sure your password is very strong and unique, that the username is changed from the default, and that your using WPA2 with WPS disabled encryption. More advanced tactics include ensuring that your router’s admin page is inaccessible via the Internet and that the firmware for it is up to date.
These tactics, along with an active router firewall, should keep things safe, but you need to keep the firmware up to date, change your password periodically, and take the expert advice to upgrade your gear. While the standard routers received from ISPs (Internet Service Providers) may work well, they are not designed to provide good security. They are all about the hardware and not the software or firmware, and because of that, they are some of the easiest forhackers to crack.
A good way to get an optimal router firewall in place is to purchase a commercial grade router. Not only might you discover that this type of router can allow you to create a VPN (if you wish), but they are meant to offer superior security and performance.
What Can You Do in Addition to a Router Firewall?
Your commercial or business grade router will come pre-loaded with a firewall and have stronger baked in security. However, it may not be enough to prevent savvy hackers from monitoring network traffic and watching for IoT devices. The Internet of Thing devices include such a diversity of items it can seem overwhelming to most. Dolls and lightbulbs, watches and ovens, lighting arrays and security cameras, the list goes on and on and just keeps growing. While many of them are elegantly designed and extremely useful, they are often the product of teams not focused on security. This is too great an exchange, but you don’t have to forgo technological advances to maintain security.
Instead, you can begin by always ensuring that nothing in your collection of IoT devices is in front of the router firewall.
Consider that many manufacturers suggest that it is easier to setup items like IP security cameras without running them through the router. In other words, they suggest you just expose the cameras to the Internet. The risks of this are huge, and a very creepy website has been streaming more than 70k private security cameras to show how easy it is to hack such devices.
Additionally, it has been discovered that some unscrupulous makers of IoT devices have left buyers vulnerable to bugs like the Heartbleed and Shellshock bugs that leave the devices wide open to hackers.
Having the devices behind the router firewall is a huge part of keeping the devices and network safe. And keeping the firmware within the devices up to date is also a key. As one author suggests:
Knowing how to update all of the devices you use (and you may even want to draw a map that tags every single item that connects to the Internet or home network) is a huge part of securing your home system. If you are feeling a bit more daring, you can also “tap” your network. After you map it out (using IP and MAC addresses if you have them) log into your router and compare the lists. Do the devices you know of show up? Is there something unexpected? You need to then use a network scanning tool (there are many free downloads on the Internet, like nmap, Zenmap, Angry IP Scanner, and others). You can then see everything and should compare the router’s report to the scanning tool’s list.
If there are unwelcome passengers on the router, shut it down and then change the password, turn off the WPS (if you had it on) and set security to WPA2. Be sure that the new password is not guessable and difficult to break via brute force. Be sure your router’s firmware is up to date and you should be as secure as you can make the system.
However, the IoT devices can still pose threats, and so it is best if you always keep them behind the firewall, and consider using a gateway device that plugs directly into the router. This is a second level of protection that grabs anything that attempts to slide through the router through nefarious and tricky methods. A CUJO device, for example, is a gateway that uses machine learning to protect your entire system.
