How do various people do this?
I'm not talking about sophisticated networks with lots of equipment, hardware firewalls, etc., but your typical home modem-router (or modem plus router) or similar that might be used in a very small private office.
I really don't do all that much these days as most defaults seem to be more than adequate to the task.
I do make sure that:
1. Remote access to the router admin function is off.
2. That the admin user id be changed from the default of "admin" when that's possible. If the password is "password" (which, BTW, I have not seen in ages) I make sure to change it to something else that is memorable for the user but virtually impossible for a random passerby to guess. The trend over the last few years is the admin ID is "admin" (and often unchangeable) and the password is the serial number of the device.
3. Set up all WiFi with WPA/WPA2 and a password that's easy for the user to remember but virtually impossible for a random passerby to guess. Encryption set to AES. If the router supports guest WiFi I always set up that network so that the user need not expose their actual home/office network to guest users.
4. Go to the ShieldsUp! page at GRC.com to see what, if any, ports are visible to the world at large. (I'm not quite so nervous about Ping as Mr. Gibson is so long as everything else passes).
Just these simple steps have prevented any (successful, anyway) attacks for as long as I've been employing them. But since I've been employing them for a very long time now I figure there's got to be something new that I should be doing that I'm not.
What do others do?