|
Securing Your Home Network

| |
How are routers used in your home
network?
Home routers have become an
integral part of our global communications footprint as use of the Internet
has grown to include home-based businesses, telework, schoolwork, social
networking, entertainment, and personal financial management. Routers
facilitate this broadened connectivity. Most of these devices are
preconfigured at the factory and are Internet-ready for immediate use. After
installing routers, users often connect immediately to the Internet without
performing any additional configuration. Users may be unwilling to add
configuration safeguards because configuration seems too difficult or users
are reluctant to spend the time with advanced configuration settings.
Why secure your home router?
Home routers are directly
accessible from the Internet, are easily discoverable, are usually
continuously powered-on, and are frequently vulnerable because of
their default configuration. These characteristics offer an intruder
the perfect target to obtain a user�s personal or business data. The
wireless features incorporated into many of these devices add another
vulnerable target.
How
can you prevent unauthorized access to your home network?
The Budapest Cybercrime
Convention is the only available global treaty which addresses Internet and
computer crime, harmonises national laws, adopts improved investigative
techniques based on international standards and enhances criminal justice
cooperation among nation states to effectively combat the threat from
cybercrime. To understand its significance and impact, it is worth
considering two recent cases (one from Sri Lanka and the other from UK).

How can you prevent unauthorized access
to your home network?
The preventive steps listed
below are designed to increase the security of home routers and reduce the
vulnerability of the internal network against attacks from external sources.
Change the default username
and password: These default usernames and passwords are readily
available in different publications and are well known to attackers;
therefore, they should be immediately changed during the initial router
installation. It�s best to use a strong password, consisting of letters,
numbers, and special characters totaling at least 14 characters.
Manufacturers set default usernames and passwords for these devices at the
factory for their troubleshooting convenience. Furthermore, change passwords
every 30 to 90 days. See Choosing and Protecting Passwords for more
information on creating a strong router password.
Change the default SSID:
A service set identifier (SSID) is a unique name that identifies a
particular wireless local area network (WLAN). All wireless devices on a
WLAN must use the same SSID to communicate with each other. Manufacturers
set a default SSID at the factory, and this SSID typically identifies the
manufacturer or the actual device. An attacker can use the default SSID to
identify the device and exploit any of its known vulnerabilities. Users
sometimes set the SSID to a name that reveals their organization, their
location, or their own name. This information makes it easier for the
attacker to identify the specific business or home network based upon an
SSID that explicitly displays the organization�s name, organization�s
location, or an individual�s own name. For example, an SSID that broadcasts
a company name is a more attractive target then an SSID broadcasting
�ABC123.� Using default or well-known SSIDs also makes brute force attacks
against WPA2 keys easier. When choosing an SSID, make the SSID unique, and
not tied to your personal or business identity.
Don�t stay logged in to the
management website for your router: Routers usually provide a website
for users to configure and manage the router. Do not stay logged into this
website, as a defense against cross-site request forgery (CSRF) attacks. In
this context, a CSRF attack would transmit unauthorized commands from an
attacker to the router�s management website.
Configure Wi-Fi Protected
Access 2 (WPA2)-Advanced Encryption Standard (AES) for data confidentiality:
Some home routers still use Wired Equivalent Privacy (WEP), which is not
recommended. In fact, if your router or device supports only WEP, but not
other encryption standards, you should upgrade your network device.[1] One
newer standard, WPA2-AES, encrypts the communication between the wireless
router and the wireless computing device, providing stronger authentication
and authorization between the devices. WPA2 incorporates the Advanced
Encryption Standard (AES) 128-bit encryption that is encouraged by the
National Institute of Standards and Technology (NIST). WPA2 with AES is the
most secure router configuration for home use.
Limit WLAN signal emissions:
WLAN signals frequently broadcast beyond the perimeters of your home or
organization. This extended emission allows eavesdropping by intruders
outside your network perimeter. Therefore, it�s important to consider
antenna placement, antenna type, and transmission power levels. Local area
networks (LANs) are inherently more secure than WLANs because they are
protected by the physical structure in which they reside. Limit the
broadcast coverage area when securing your WLAN. A centrally located,
omnidirectional antenna is the most common type used. If possible, use a
directional antenna to restrict WLAN coverage to only the areas needed.
Experimenting with transmission levels and signal strength will also allow
you to better control WLAN coverage. Note that a sensitive antenna may pick
up signals from further away than expected, a motivated attacker may still
be able to reach an access point that has limited coverage.
Turn the network off when not
in use: While it may be impractical to turn the devices off and on
frequently, consider this approach during travel or extended offline
periods. The ultimate in wireless security measures�shutting down the
network�will definitely prevent outside attackers from being able to exploit
your WLAN.
Disable UPnP when not needed:
Universal Plug and Play (UPnP) is a handy feature allowing networked devices
to seamlessly discover and establish communication with each other on the
network. Though the UPnP feature eases initial network configuration, it is
also a security hazard. For example, malware within your network could use
UPnP to open a hole in your router firewall to let intruders in. Therefore,
disable UPnP unless you have a specific need for it.
Upgrade firmware: Just
like software on your computers, the router firmware (the software that
operates it) must have current updates and patches. Many of the updates
address security vulnerabilities that could affect the network. When
considering a router, check the manufacturer�s website to see if the website
provides updates to address security vulnerabilities.
Monitor for unknown device
connections: Use your router�s management website to determine if any
unauthorized devices have joined or attempted to join your network. If an
unknown device is identified, a firewall or media access control (MAC)
filtering rule can be applied on the router. For further information on how
to apply these rules, see the literature provided by the manufacturer or the
manufacturer�s website.
[1] If you must use WEP,
it should be configured with the 128-bit key option and the longest
pre-shared key the router administrator can manage. Note that WEP at its
"strongest" is still easily cracked.
By US-CERT Publications
Reference: https://www.us-cert.gov/ncas/tips/ST15-002 | | | | | |
References | |
1 Statistics on the Internet growth in Sri Lanka | |
http://www.trc.gov.lk/images/pdf/ | |
statis_sep_2012.doc | |
2.The Dragon Research Group (DRG) | | |
http://www.dragonresearchgroup.org/ |
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC | |
https://www.jpcert.or.jp/english/tsubame/ | |
4.Shadowserver Foundation | | | | | | | | | |
http://www.shadowserver.org/wiki/ | |
5. Team Cymru | |
http://www.team-cymru.com | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | |
| |  | | | |
 | |  |
HAS THE GOVERNMENT PAID OFF HACKERS TO REMOVE
MALWARE FROM AGENCY COMPUTERS? | | |

"...So-called ransomware viruses
-- innovations often devised by financial criminals -- have become a common
nuisance in the United States, costing each victim hundreds to thousands of
dollars..." | | | | | |  |
Microsoft to change Windows Server 2016
licensing rules, will use per-core metric | |
|

'...Microsoft last week announced it will switch the licensing for next
year's Windows Server 2016 to a per-processor-core basis, a move
analysts said is at least partly a grab for more revenue.....' | | | | |  |
Why people are lugging around their sensitive
information every single day | | | |
 | |
| |
'....Walking down the street, have you ever seen a woman pushing a
wheelbarrow filled to the brim with photos? Have you ever watched a man
push a cart overflowing with letters and envelopes? How about a backpack
stuffed with rolodexes?....' | |  |
Cisco Patches WebEx App for Android, Warns of
Unpatched Flaws | | |
 | | |
'....Cisco has been busy the last two days pushing out a patch and
security advisories for a number of its products, including a fix for a
remotely exploitable vulnerability in its WebEx Meetings mobile
application for Android.
Cisco said the vulnerability affects versions prior to 8.5.1 of the app,
and that it is not aware of public exploits...' | | | | |  |
"Backstabbing" malware steals mobile backups
via infected computers | | |
 | | | | | | |
'...In this day and age, our mobile devices carry more personal and
business information than any other electronic device. Is it any wonder,
then, that attackers want to have access to them?
But sometimes they can't find a way in, and opt for the second-best
option: stealing mobile backup files from the victims' computer....' | |
|
| Month in Brief | | Facebook Incidents Reported to Sri Lanka CERT|CC in
November 2015 | |
 | | | | | | | | |
Statistics - Sri Lanka CERT|CC | | |
| |  |
A JAPANESE COMPANY HAS INVENTED A
SMARTPHONE YOU CAN WASH | |
| |

| |
'...If you�ve ever wanted to give your smartphone a good scrub with soap and
water, then you�re in luck: A Japanese company has invented a smartphone
that can be thoroughly washed.
Kyocera said it created the device, called Digno Rafre, by developing
�better sealing� for the phone. It will go on sale in Japan next week
for �57,000 ($460), but there are currently no plans to sell the phone
elsewhere....' | | |  |
Cyberattacks will compromise 1-in-3 healthcare
records next year | |
 | |
'...TConsumers will see an increase in successful cyberattacks against
their online health records next year; supercomputers like IBM's Watson
will reduce patient deaths and treatment costs by 10% in 2018; and
virtual healthcare will soon become routine....' |  |
Joomla Patches Critical Remote Execution Bug
| |

| |
"...The open-source project
behind the widely used Joomla content management system has issued a patch
for a vulnerability that is now being widely used by hackers..." |  |
Apple Patches 50 Vulnerabilities Across iOS,
OS X, Safari | |
 | |
'...Apple has piled on the patches already released by Adobe and
Microsoft today, and pushed out updates for iOS, OS X, Apple TV, Safari,
and it�s watch-based operating system watchOS this afternoon.
Fifty-four vulnerabilities across OS X were patched Tuesday, including
fixes for Mavericks v10.9.5, OS X Yosemite v10.10.5, and the most recent
builds of OS X, El Capitan v10.11 and v10.11.1. Almost half of the
issues could either lead to remote code execution, or make it so either
a local user or malicious application could execute arbitrary code �
with kernel privileges or system privileges. |  |
UK Man Arrested in Connection to VTech
Hack | |
 | |
"..UK law enforcement has announced the arrest of an individual as part
of its ongoing investigation into the hack against VTech, a provider of
electronic learning products.
On Tuesday, officers from the South East Regional Organized Crime Unit (SEROCU)
published a statement in which they explain the status of their
investigation..." |
|