Let’s face it, these days, our digital security is under attack just about anywhere we are and access our data. However, we may not think about security when we are at home. After all, home is our private place, our place of security where we can let our guard down from just about all aspects of the world around us right? Well, you may think twice about how secure your home network is if you run some logging and monitoring at your router/gateway level and see who is trying to access your home connection from the Internet.
It really is eye opening to log traffic that is trying to access. The number of port scans and connection attempts on any usual residential Internet connection is amazing. We hear a lot of cases in the news of identity theft and financial data compromise in retail stores and other brick and mortar locations, however, many identity theft and financial compromise situations can start within the walls of our very own homes with our home Internet connection.
We have to get out of the mindset that we are safer using our home Internet connection than anywhere else. Granted most home users are smart enough these days to have secured WiFi access and most don’t have to worry about someone snooping their traffic on their home access point, however, there are other dangers coming from the mindset of home being more secure. Most home users run as administrators on their laptops, workstations, and other devices they have connected on home network connections.
Also, many as we mentioned above have the mindset they are completely invisible to the bad guys on their small residential home connection compared to a big business or other entity with a large online presence. This isn’t true these days. With the amount of malware that exists on various websites and many people running insecure browser versions or older Java releases, home users are very much in the sights of those looking to steal information or perhaps compromise your identity or device.
Many users when they are at home are doing more personal business than anywhere else. Do you access your bank account online when you are on your home Internet connection? Do you make loan payments or transfer money on home Internet connections? Do you surf the Internet recreationally when on the Internet at home? You see when we really think about what we do when online at home, it becomes more clear the dangers that exist with our home Internet connection and it can open our eyes to the fact that we may need to do a better job of making our connection and devices more secure. How can this be done?
Securing your home network
Making your network connection at home more secure is an end to end approach. Security is only going to be as good as the weakest link. It has also been described as “layers of an onion” approach. You need various layers of security to effectively circumvent attackers. In thinking about your approach. Let’s start from the outside and work our way in.
The first line of defense in your home network is your gateway device/router that is sitting behind your cable or DSL modem. Most people simply go out and buy something like a Linksys or Netgear router/wifi access point which they use to NAT and hand out IPs. While this is certainly better than being directly connected to “dirty” Internet, these types of devices provide minimal security and threat protection.
I highly recommend for home users to take the time and spin up a “whitebox” UTM (Unified Threat Management) box or NGF (Next Generation Firewall) appliance as these have many more features builtin besides plain NAT’ing and basic firewall functionality. Features such as Gateway antivirus, Intrusion protection, threat protection, web filter, secure VPN, and stateful firewall inspection are usually things you don’t get with a consumer router that you will get with free UTM appliances from Untangle, Sophos, Smoothwall, etc.
If you have an old computer lying around the house, simply download the ISO from your distribution of choice and load the software. It will require (2) network cards at the least to get up and running. One for WAN connectivity and one for LAN connectivity.
Recently, I have been using the Sophos UTM software appliance on a whitebox at home and it is really an amazing little UTM appliance. Sophos is giving away their UTM fully featured with all of the modules except with a 50 IP limit. For most the 50 IP limit will work just fine. However, if you don’t want to be limited on the amount of IPs that you can have on your network, something like Untangle in its free form should work well. Untangle however in the free form, has watered down functionality where you don’t get all the bells and whistles of the pay modules in the free version.
In the case of Sophos with the Portscan detection, it is amazing as was mentioned in the outset of this post, how many times even an residential Internet connection gets scanned in a day. Sophos even has alerting builtin where you can receive an email when your connection is port scanned.
The gateway antivirus functionality is a great asset to home network security. Before traffic ever makes it to a client in your network, the traffic is scanned for malicious code at the gateway level potentially stopping malicious software and users from even making it to your client.
The Sophos UTM appliance also has cool features such as GeoIP blocking if you want to block particular countries or regions. Also if you are running Web servers of any kind, there is a built in WAF (Web Application Firewall) to protect those forward facing servers.
A UTM/NGF appliance is really worth having in a home setting. While many of the features listed above are thought of as corporate only features, the shift in attacks and potential attack surfaces these days are quickly changing these opinions. Bascially anywhere we are, we want to be protected as much as possible and this includes our home networks.
Moving on to the client side, we are seeing more utilities that fall into the realm of exploit mitigation especially in the browser realm. Microsoft has been continually updating the EMET product (Enhanced Mitigation Experience Toolkit). There are also others out there. This type of client side utility complements other Malware protection such as antivirus by helping to protect against “zero day” attacks often seen through browser exploits and other means. It is a lightweight app that sits in the system tray and watches certain programs by default such as browsers for malicious code trying to inject in your browser session. It contains highly customizable settings and application parameters to lessen the attack surface on a Windows based OS.
Other companies such as Malwarebytes have their own mitigation utility for browsers that seems a bit more basic than the Microsoft EMET tool. However, any of these utilities will add a tremendous amount of power towards protecting end users and zero day type attacks and exploits.
Endpoint security as it is often referred to these days contains the software on the end point device that protects that device from malicious software. Most of us think about Antivirus software. The whole notion of antivirus software is evolving as there are many more threats to end users besides viruses these days. Malware has become much more sophisticated and can do much more than was the case a few years ago.
Antimalware or endpoint security these days needs to cover a whole plethora of attack vectors including viruses, malware, exploits, and other vulnerabilities. More is being seen now of the endpoint security mechanism working with the gateway antivirus or appliance and each of them keeping in step with each other to fight malicious code. Sophos UTM for home use that I mentioned earlier has free endpoint protection that you can install directly from the UTM on client computers. The UTM device will keep up with those nodes and actually keep them in check with updates and potential security threats that exists on those endpoints.
Again, not pushing Sophos here, but it is one of the most powerful “free” offerings that I have seen available to download that includes the full range of protection from the gateway all the way to the endpoint in one offering.
2 Factor Authentication
If you have any digital new years resolutions it should be that 2015 is the year to switch all of your accounts to 2 Factor Authentication if you haven’t done so already. How often do we see in the news where passwords were stolen from databases, etc. Two Factor Authentication helps to mitigate the risk in that the attacker even if they have your username and password, still doesn’t have all the information required to login to your account. The OTP (one time password) key that you possess when you enabled 2 factor authentication constantly changes and thus keeps an attacker from gaining access even with your password.
2 Factor Authentication is something that many haven’t enabled because of the cumbersome nature of the implementation. Having to pull a smartphone out to generate and enter your OTP deters many from implementing, but let’s face it – a little inconvenience is much more tolerable than having personal information stolen by an unscrupulous user. Also there are many great software solutions that make 2 factor authentication a much more convenient and viable solution such as Duo Security which allows push notifications to your mobile phone for various applications such as RDP, Outlook Web Access, and others.
Such slick applications such as Duo really make 2 factor authentication even more of a no brainer when it comes to security. Everyone at this point in time who has any type of online presence and uses the Internet for banking and other financial and sensitive data access should be using 2 factor authentication. Do yourself a favor and enable 2 factor authentication if you haven’t already.
Even while accessing the Internet at home, users should be very conscious about their online security. Many hackers are trying to exploit more home users as oftentimes these yield even greater treasures than targeting businesses directly. This is certainly low hanging fruit for hackers, but individuals are becoming more of a target than ever before.
Home Internet security should be a priority in 2015. Do yourself a favor, secure your gateway with a more robust solution such as a UTM/NGF appliance as opposed to the everyday routers that most use. Use mitigation utilities such as EMET 5.1 as well as endpoint security solutions to secure your desktop. Finally, enable 2 factor authentication on all of your online email, banking, financial, mortgage, social, evernote/note taking apps that you access as this significantly increases security even if your password is compromised.
Internet security is an ever growing concern for all of us. Don’t let the comforting walls of home lure you into thinking that feeling of security translates into security on the net. Be safe, be cautious and use good judgment. Do your due diligence and make sure you take the steps above as well as others that make sense to keep your identity and other private information – private.