Nine best practices to keep threat actors from using our networks for cyber warfare.
Nearly everything we do, awake or asleep, involves our connection to the Internet. Our lives are improved because of it, but the Internet is home to the most dangerous people in the world, and our home networks are connected. These evil people would love to use our computers, mobile devices, and network devices to commit their cyber war operations and let us take the blame. In this article, I describe nine practices everyone should do to keep cyber threats out of home networks.
There are international laws for war and peace, but the Internet is usually out of scope.
The Internet is a world all its own, a literal cyberspace that exists as more than the sum of all its parts (i.e., routers, switches, servers, and mobile devices). It's a new frontier, like the westward expansion in the United States centuries ago, and just as lawless.
Cyberspace is the new wild west.
Regulating communications is entirely different from regulating the way people use the Internet. The Federal Communication Commission (FCC) regulates wired, wireless, interstate, and international transmissions from the US, but not the Internet. We are not the exception, and most countries refrain from publicly announcing Internet laws due to the lack of precedent. The Internet aside, we have laws, rules, and regulations governing how we conduct peaceful communication and interactions with foreign neighbors in a global community. Still, cyberspace's legal versus illegal argument is a disputed topic as vast as cyberspace is itself.
Cybercriminals use our networks against us to do the worst possible crimes imaginable. Internet threat actors and cyber adversaries know that the Internet is a free-for-all as long as they don't get caught. And a large majority of the Internet comprises our home networks. In the void of international cyber law, chaos ensues.
We all should do something about it.
Uninvited guests in our home networks.
Many developed nations have high-speed broadband connections to their homes with download speeds of 50 megabits or more. This broadband allows us to conduct remote work, sleigh at our online games, stream the latest binge-worthy television shows, monitor home security, and make critical online purchases. Everything is at our fingertips, and we buy more bandwidth if we need more speed.
The first image below is an example of a modern home network and some connected devices.
While the following image is how the bad guys see our home networks as targets.
Both images above are of the same house. The difference is that the second image displays how unauthorized users look to gain access. I have discovered many of these activities on my home networks throughout the years, and to my surprise, these were happening even though I had a firewall.
Let's start by describing each of the nefarious connections in the image above.
Many cheap networking devices, like those we purchase online, can periodically or continually phone home to entities in their country of manufacture.
Entities in foreign nation-states conduct network discovery scanning and penetration testing on publicly accessible IP addresses, like our addresses provided by the Internet Service Provider.
Neighborhood smart cameras and doorbell devices connect to our smart devices and piggyback on our private networks to maintain cloud connectivity, even when the owner's network is down.
Drive-by hacking includes hijacking our Internet connections for web browsing or actions taken to steal our personal information.
Each unauthorized connection is not illegal, but what bad guys could do from our networks might be an act of war.
What we can't see might hurt us.
Each of these scary connections is a real-world scenario in home networks. The gut-wrenching reality of this topic is that most cyber adversaries are great at hiding, going undetected, and appearing as benign as possible when they are in our systems. Hackers use the most sophisticated technologies to obfuscate their activities from network security technologies, like home firewalls and network intrusion devices. Adversaries hack as a day job; it's what they are best at, and their cybersecurity practices are better than most businesses. However, they are not entirely unstoppable, and, in many cases, hackers take the path of least resistance to decide whom to hack.
You can learn to deter a cyber threat even if you aren't a cybersecurity expert.
Here are some best practices to deter and evict uninvited guests.
Let's review each uninvited guest, details about the scenarios, if these would be considered illegal, and what you can do to deflect them.
Connection 1: Cheap network device phoning home.
I start this list with an example from my own experience. A few years ago, I purchased an inexpensive networking device with a built-in firewall for security reasons. I believed it to be a great value, and it worked as expected initially. After a few days, I noticed my download speeds were slowing down; I was experiencing severe lag. I immediately reviewed the firewall logs on my Internet Service Providers (ISP) modem discovering an open session from my new networking device to a foreign country server. In the records, I saw that this occurred too often to be random. Sure enough, I found in web forums that other people had reported the same events in their logs from the same server. That amount of traffic was so large that it was causing my lag.
Many cheap networking devices perform this unwanted activity for firmware updates or maintenance; however, sometimes manufacturers lie, and something else is happening. Unfortunately, it would help if you were more skilled to root the device or modify the feature in the code to figure it out, or else it will continue to phone home.
Here are two security practices to block this type of connection.
Practice 1: Replace the device with one from a reputable manufacturer. I trust devices from top-tier retailers versus the cheap versions found through bargain online marketplaces.
Practice 2: Block the IP addresses to and from all network ports and traffic communicating from the external network to that device's address. This is known as denial or blacklist in IT terms. This takes some experience and training, but it's simple. I have used this method without fail; however, I only keep these devices for internal networking purposes rather than a firewall or security.
Legality: You might be surprised to find out that there is nothing illegal about these devices phoning home. On the contrary, if you root the device or modify the source code, you might void your warranty or find yourself in an intellectual property debate with the vendor.
Verdict: It's not worth having these cheap networking devices on our networks; if anything goes wrong, we're to blame.
Connection 2: Unauthorized network scanning or penetration tests.
Penetration testing is the practice of gaining access to an internal network through the use of exploits or by compromising vulnerabilities in firewalls. Many companies hire skilled, ethical hackers to perform these assessments on their corporate networks and learn where to patch or plug holes in their firewalls.
In this example, entities with these same skill sets perform similar tests on publicly accessible IP addresses without consent. But they don't stop at the firewall. If they can penetrate our firewalls and access our internal networks, they continue their network discovery scans and locate all devices on our networks. Essentially, they found a way in, cataloged our devices, and recorded where our vulnerabilities were. Now that they have our information consider it out of the open market. These hackers often go unnoticed and are out of our networks before we know it.
Do your best to stop the penetration test and protect your data by following these two practices.
Practice 3: Don't rely on the ISP router/firewall as your last line of defense. Purchase a high-quality home firewall from a top-tier retailer, and update the firmware whenever a new update is available.
Practice 4: Identify your essential data, like financial information, marriage and birth certificates, titles, etc., in a secure location and use multifactor authentication to gain access. Examples are Google Drive, Microsoft OneDrive, and Apple iCloud. These cloud providers also support Virtual Private Networks (VPN) to encrypt your communications between your devices and the cloud.
Legality: Your network was penetrated, and your information was stolen; that has to be illegal, right? Unless your information was used in some way that could cause harm, i.e., your identity was stolen or bank accounts drained, no crime has been committed. Yep, while people have sued testers over this activity, scanning and accessing your network is not illegal. Finally, if a hacker was sophisticated enough to penetrate your network and steal your information without your knowing it, they're gone.
Verdict: We should all do our best to keep unauthorized users out of our home networks by installing a top-tier home firewall and keeping it up to date.
Connection 3: The Neighbors' smart cameras automatically tunnel through our networks.
Amazon.com sells Ring, a popular home security device suite that provides customers with cameras and burglary alarm systems. Ring products, like other intelligent security systems, connect to a cloud service that users can access from an app on their phone or via the web. That's a great, cost-effective approach to home security.
Ring took the security services one step further by preemptively building a surveillance and profiling service that functions 24 hours a day, seven days a week, and 365 days a year, called Sidewalk. For Amazon Sidewalk to continually operate, each Ring device connects to other Ring devices creating a mesh network. If one user's Internet connection goes down, Ring automatically routes through other home networks where Ring devices are installed. This means that devices are piggybacking on our Internet connections without our knowledge.
Recently, Amazon also added Echo devices to the Sidewalk network for a fully meshed surveillance network allowing Amazon to monitor our activities and notify the authorities if Amazon deems it necessary to stop a crime.
Those who have a Ring device can opt out by following this practice.
Practice 5: From your Alexa app on your phone, tap More, tap Settings, and go to Account Settings. From Account Settings, you can access Amazon Sidewalk and switch it Off.
Legality: Sidewalk is not considered illegal, and Amazon posits that providing this service is helping to stop crime.
Verdict: While Amazon claims to be helpful, I don't support creating a Big Brother network or leaving the decision to report a crime to AI. But intelligent devices make life easier, leaving me on the fence.
Connection 4: Drive-by hackers prey on WIFI networks.
Hackers drive around with Linux laptops full of custom software to capture network packets, spy on us, and surf the web over our ISP services. These hackers can browse the Internet for free, set up file servers, host websites, and steal personal information while going undetected. These bad guys access our home networks through exploited wireless access points. Once in, they can do whatever they want, and it's usually not good. Cars are optional as these hackers might live nearby instead.
These practices can deter drive-by hacking.
Practice 6: Set up a separate guest network on your wireless router. All wireless routers allow for a guest network that can be configured to prevent lateral movement and network visibility. Use this guest network for the least essential devices and your guests' phones and tablets.
Practice 7: Disable Service Set Identifier (SSID) broadcast on all wireless networks other than your guest network. Disabling your SSID broadcast will hide your network devices while allowing you to connect devices simply by typing in the network name and password.
Practice 8: Enable the highest level of wireless encryption possible to protect your network, i.e., WPA-PSK [TKIP] + WPA2-PSK [AES].
Practice 9: Separate your smart, WIFI-enabled devices into a dedicated wireless network. Please remember that some intelligent locks, outlets, and garage door openers do not support the latest encryption standards. I've found it easier to manage by separating those devices to a dedicated network and employing hardware and MAC address list security to ensure nothing can connect if not on the access list.
Legality: High-jacking your WIFI and stealing your personal information is not illegal if no one finds out about it or the information isn't used to support a crime like extortion, blackmail, or larceny.
However, identity theft is a crime as quoted from the US Department of Justice, "Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's data in some way that involves fraud or deception, typically for economic gain."
Verdict: We should completely fortify our wireless access points and do our best to keep unwanted users out!
Prevent international cyber war.
International experts tend to agree that cyber attack attribution is nearly impossible in the current cyberspace environment. Regulators like the FCC have ensured that technologies can track wired and wireless traffic back to a home address if necessary, meaning they can track lateral movement back to our homes. Sophisticated threat actors will use our home networks to commit crimes if we let them. Once their crimes are complete, they can escape, leaving our identities shaken and our well-being exposed. We all must do our best to deter the bag guys from using our networks to commit cyber actions, especially in a cyberwar against our critical infrastructure.
Comments