One of the better approaches to defend against hacking is to employ a strategy called Defence In Depth, enabling firewalls at each layer of connectivity. This means not only enabling a firewall on the WiFi router, but also on all of the devices connected to it, as well as placing a stand-alone firewall between the WiFi router and the internet.
Without a firewall, hackers are able to gain access to a variety of services on the WiFi router as well as devices connected to it. This is how ransomware like WannaCry and Petya have spread without any human assistance or intervention.
Firewalls are one of the most important tools in any security professional’s kit. A well-implemented firewall should protect everything behind it from external attacks by figuratively closing and locking all of the network doors and windows.
Firewalls cannot stop users from inviting hackers behind the firewall by opening malware emails and documents, or browsing malware delivery sites, but it may be able to prevent further damage being done by the malware by preventing it from communicating with external hackers controlling it.
Firewalls and anti-virus/anti-malware software go hand-in-hand. Every device that can support a firewall should have one, thereby controlling and limiting the access to network services on the device, as well as limiting the device’s own access to external services.
The problem is that configuring a sophisticated firewall can be a daunting prospect even for security professionals.
Most WiFi routers have a basic set of firewall and protection services on them, but even these can be complicated for most people to understand and configure.
For most WiFi routers, there really is no good reason to allow any incoming traffic. This means conversations between any devices connected to the WiFi router and the internet should always originate from the devices. This effectively blocks the hacker attacks and their malware.
Ransomware like WannaCry and Petya, for example, leveraged the SMB services on Windows machines. If the firewall blocks incoming requests for the SMB services, then WannaCry and Petya cannot spread.
A lot of gamers complain about games not running properly behind a firewall. While a good firewall can be configured to allow gaming connections explicitly, it can be technically daunting to configure a WiFi router to support those games. Turning off the WiFi router’s firewall should not be the answer, and is a very dangerous thing to do. A better approach is to Investigate and exhaust all other alternatives first.