Secure your home network—and every device attached to it—in 3 simple steps

For years, security professionals have tried to erect impenetrable digital walls, but that strategy has largely failed. Instead, the latest philosophy focuses on throwing up multiple hurdles in front of attackers and improving awareness—spotting attacks before they can do damage.

For consumers, these techniques boil down to three simple strategies.

1. Don’t leave a device vulnerable

With the average person carrying three devices—a smartphone, a tablet, and a desktop or laptop—keeping track of whether all those devices have downloaded the latest updates is a chore. Multiply the workload by the number of family members and keeping up with updates can be an enormous and ongoing project.

A few security services can help the family administrator manage the problems. For Windows users, Secunia’s Personal Software Inspector, a free service, checks all third-party software for updates and gives instructions on how to update. For hybrid households, OPSWAT Gears, a free service for less than 25 devices, makes sure that each PC and Mac passes a number of security checks, such as whether it has antivirus, a firewall, and an encrypted hard drive.

“We get you a score for compliance and then we give you the tools to improve your score, either based on systems configuration or third-party applications,” says OPSWAT CEO Benny Czarny.

In addition, most major security software makers have made managing multiple devices much easier, albeit for a fee.

2. Monitor your network's traffic

Once your systems are locked down, the next step is to monitor the network for potentially bad traffic. To compromise your computers, attackers must communicate with your network, and that leaves traces.

One option: Look at the logs captured by the network router. More advanced routers--including many high-end consumer models and most models designed for small-business use, have options for logging or even for archiving of logs in the cloud. Another option is use a cloud service, such as OpenDNS, which collects all the domain requests generated by your users, blocking communications to suspect servers and websites and allowing family administrators to filter inappropriate traffic.

MIKE HOMNICK

The Linksys WRT1900AC is one example of a consumer router with advanced logging features. 

“You want to have more visibility into what is going on in your network,” says OpenDNS’s Nunnikhoven. “That means that you can look at each one of those devices in turn or you can try to go up a level and look at the overall network visibility.”

3. Check outbound traffic

Finally, having a firewall turned on and protecting your computer from outside threats is a no-brainer. But for consumers who want more protection, an outbound firewall—such asLittle Snitch for Mac OS X and GlassWire on Windows—can alert them to potentially malicious applications trying to connect out to the Internet.

Outbound firewalls, on the other hand, have a somewhat noisome learning curve. Every time an application attempts to communicate with the Internet, the user must allow or deny the request. The firewall will remember the answers for the future, but it generally takes a few days to get to a point where the firewall is not inundating the user with alerts.

Still, the effort can pay off, says Nunnikhoven.

“There is no magic bullet for security,” he says. “But with a few relatively low-cost tools, you can create a good layered defense.”