Cyber Security Awareness Month - Day 2 - Securing the Family Network

Published: 2010-10-02. Last Updated: 2010-10-11 17:39:19 UTC
by Mark Hofman (Version: 1)
2 comment(s)

Manufacturers really aren't doing many of the home users any favours. Devices are sold with worse than lame default settings in the guise of usability. Personally I think that many manufacturers are underestimating the capacity of people to follow instructions, but then I guess Heinz Ketchup does have on the instructions "put on food", so maybe I’m wrong.

Manufacturers could make things easier for us and many of them kind of do. We now have external hard drives where the backup is a push of a button (even my mother knows how to drive that one) and many of the network devices come with one button configuration settings to secure the network. Personally I've had limited success with this, but maybe I'm buttonny challenged. 

I know that your home network is as secure as you can possibly make it, but alas your neighbour’s, cousin, brother, parent, grandparent, etc, network is not up to the same specs.  It has been or will be used in the future to spread evil such as Zeus, Stuxnet and even Kevin’s favourite, slammer.  Securing the PC helps, but you do need to secure the network as well.
So lets get stuck into it. 

  • Make sure that the device connecting to your service provider at least has some statefull filtering capabilities. They should only allow outbound traffic, but you may wish to check that.
  • Change the default Passwords. Many devices come with default passwords, typically admin or blank. Many people still have their internet facing devices with these default passwords.
  • Use long passwords.  It will only be used infrequently, so it might as well be a long one.  You’ll want to write it down and keep it safe, use paper and not a file on the computer. Providing you don’t staple it to your windows, keeping the passwords written down should be fine.
  • Control who connects. Whether you have a wired network or wireless make sure you know what is connecting to your network, your laptop, fridge, media centre, etc. You might want to consider using mac filtering. Not the best, but better than nothing. 
  • If there are security settings available use them. Keep in mind that the security of your network is often dependent on the least secure device.  For example I have a couple of older devices that can only use WEP 40 keys. So if I want to use it I either reduce the security of the whole environment, or as in my case, I have a second access point in a little DMZ off the main internet connection.
  • For wireless networks WPA-PSK is the minimum to use. 
  • Harden devices.  Just like corporations any device you connect to the network should be hardened. Many of the network connected printers have so many services open that will never be used, so shut them down. 

Now unless you want to be the extended family’s internet helpdesk (might be the only way you get to see them) I suggest that you write down down basic instructions for them, or set things up so they never have to touch it again.

I’ve made a start feel free to add those things you do for your family to keep their network clean.

Mark H

2 comment(s)

Comments

All this is fine as long as you have only IPv4 service, when you get IPv6 service, even through a 6to4, then everything gets its own global address and is not any longer behind any firewall in most contemporary routers.

Also when all sorts of people want access to things in your home e.g. the guy who maintains your heating system, then things get interesting - how to block unneeded access and allow access for those who need it?

Welcome to the next level.
another suggestion: change the default IP configuration (e.g. router IP, network etc.)

Diary Archives