Having a hardware firewall that's more advanced than the one built into a consumer router is a good start, with properly configured rules to drop potentially malicious traffic before it gets onto ...

Running a custom hardware firewall means you get to choose what's prioritized, plus you get access to advanced features that many locked-down routers won't ever be able to support. For example ...