{"id":2393,"date":"2013-09-05T09:58:03","date_gmt":"2013-09-05T13:58:03","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=2393"},"modified":"2020-02-26T20:27:11","modified_gmt":"2020-02-26T14:57:11","slug":"protecting-the-whole-home-network-and-everything-connected-to-it","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2393\/","title":{"rendered":"Protecting the Whole Home Network and Everything Connected to It"},"content":{"rendered":"

Protecting your home network is as daunting a task as you make it. If your home network consists of a wireless router and a laptop, then it\u2019s pretty easy to lock down. If you wireless network consists of a router, several computers and mobile devices, a slew of wirelessly networked printers and smart TVs, and a wi-fi enabled security system, then the task will be much more difficult. As a general rule, the more connected your home is, the harder it will be to secure \u2013 for now at least, though I suspect all of these connected things are going to be more streamlined as we venture deeper into the Internet of things<\/a>.<\/p>\n

\"guide_title_EN\"<\/a><\/p>\n

For the sake of sanity, let\u2019s assume your home network is fairly straightforward and consists of a router, a couple computers and smartphones or tablets, maybe a networked printer or two, and, just for fun, a smart TV and an XBOX or other wirelessly connected gaming console.<\/p>\n

The most likely scenario is that all these things are going to connect to the web wirelessly through your router. Your router is therefore the hub for all the internet comunication going on inside you home. By extension, if you\u2019re router is unprotected, then so is everything else. You could always hardwire everything into your router through a complex system of ethernet cables. That would be pretty secure but totally inconvenient (not to mention messy).<\/p>\n

Let\u2019s begin with the router. You obviously want to password protect your wireless network with a unique and not easily guessable passphrase<\/a>. Most new routers will offer you the ability to set up a guest network. Do it. Give the guest network its own unique password and let visitors log into this network if they want to access the Internet from your house. In this way you can you can have a bit more control over the devices that are allowed on the network that you use regularly, essentially quarantining unknown machines to a separate network that you don\u2019t go on.<\/p>\n

Just password protecting the wireless Internet connection produced by your router isn\u2019t enough. Pretty much every router you can buy has an administrative panel. You can reach the admin panel by entering one of a handful of IP addresses into your browser\u2019s address bar. You can figure out that IP address by searching Google or any other search engine for \u201c[your router model] + IP address.\u201d If you enter that IP address into the address bar and wait a few seconds, you will be prompted to enter a username and password. The username is probably \u201cadmin\u201d and the password is probably \u201cadmin\u201d as well. Again, if you don\u2019t know the username-password combo, look it up on a search engine. You\u2019ll find it; believe me.<\/p>\n

Your router is the hub for all the internet comunication going on inside you home. By extension, if you\u2019re router is unprotected, then so is everything else.<\/div>\n

Once you\u2019re in the router\u2019s back-end you want to be careful. I don\u2019t recommend messing with too much in there. So, your wireless network has a password, but it it different from your router\u2019s administrative panel password. Once you get in the router\u2019s back-end, you can go to the wireless security section and view the wireless access password in plain text. To connect the dots: this means that \u2013 even without knowing you wireless network password \u2013 an attacker could potentially access your router with a default password and username and then view your wireless access password in plain text and even change it. Changing that administrative panel access password is therefore something you must do.<\/p>\n

Some routers require that you go into the back end to do so. In my router, there is an administration tab in the back end user interface. If I click on that tab, I will see there are two fields, one says \u201cRouter Password\u201d and the other says \u201cRe-enter to Confirm.\u201d All I have to do is enter a strong, unique password in the field that says \u201cRouter Password\u201d and then re-enter the same password in the second field and click the save settings button and I am good to go. A lot of routers will also come with a set-up wizard that prompts to do this when you initially set up their router.<\/p>\n

While you are still in the back end, there should be a tab that says \u201cwireless.\u201d You should go in there and dig around a little until you find the wireless security section. This is where you can view your wi-fi access password in plain text. It is probably also where you can see the kind of encryption you are using. Most new routers will come out of the box using WPA\/WPA2. This is good. However, if you have an older router, it may use or be set to use WEP, which is easily breakable and could let an attacker monitor your traffic. If it is set to WEP, then you should change it to WPA or WPA2. If you can\u2019t change it from WEP, then you should buy a new router.<\/p>\n

You can also disable wireless administration access altogether: meaning that in order to access the backend, you would need to connect a ethernet cable directly into router to access the admin panel. We are working on a post that will go into more detail on all the things you can do to lock down your router, so check back in on the Kaspersky Daily for that.<\/p>\n

Next we\u2019ll move onto the computers and the mobile devices connected to your network. An infection on one computer could impact the network into which that computer is connected in any number of ways. In theory and depending on the relationship between your various computers and the network itself, it is possible for an infection to cross over the network onto other machines. Beyond that, a keylogger \u2013 a piece of malware that records key strokes \u2013 could allow an attacker to figure out your wireless password and access your network and router to perform man-in-the-middle-type attacks<\/a>.<\/p>\n

In fact, I lived in an apartment building a few years back in which a Massachusetts teacher was uploading and downloading child pornography. Unfortunately for the guy living next door, this teacher somehow figured out his neighbor\u2019s wireless password and was connecting to the Internet through the neighbor\u2019s wireless network. Either the neighbor had a weak password or the teacher sniffed it off him in some other way. At any rate, one day the DHS and FBI came knocking on the innocent neighbor\u2019s door with a search warrant, cuffed this kid, dragged him out of his apartment, and interrogated him while they raided his space and everything in it. They analyzed his network and his computers and quickly realized that the malicious traffic was not coming from any of his machines and actually belonged to the teacher next door.<\/p>\n

That\u2019s a bit of an extreme example, but on a similar note, if one of your machines is infected with malware and contributing to a botnet, there is no way of knowing what that computer is up to. That botnet could be using your IP address and your computing power to perform all sorts of sordid and illegal actions that could draw the attention of law enforcement \u2013 thinking that it is you, not the botnet, generating all this malicious traffic.<\/p>\n

For these and a million other reasons you have to make sure the computers on your network are protected as well. While it\u2019s true that a network is only as secure as its router, it is equally true that your router is only as secure as the computers that connect to it. On the simplest level, you probably used your computer to configure that router in the first place. On another level, if your computer is compromised then someone is already on your network no matter how secure the router itself is. So make sure you\u2019re running a solid security product<\/a>. Not only on your computers but on your mobile devices as well<\/a>.<\/p>\n

Install hardware and software updates on computers, phones, tablets, printers, routers (if there ever are any and you know about them), TVs, gaming consoles, and anything else that might receive updates. Nearly all the malware and exploit kits I read and write about target known and patched vulnerabilities. Let me repeat that, almost all the malware I know of exploits vulnerabilities that the affected vendors have already patched, meaning that you are largely protected against these threats if you install updates. The problem is that people like you and me and everyone else refuse to update their software. If I could give you one piece of advice to stay secure, it would be to install updates. In order for a home network to be secure, everything on it needs to be secure.<\/p>\n

In fact, for smart TVs and gaming consoles and networked printers, I\u2019m not sure there is a whole lot you can do other than to install updates. I sat in on some talks and press conferences at the Black Hat security conference in Las Vegas<\/a> last month where researchers demonstrated compromise after compromise on smart TVs. No one is really making security products for these yet, so the best you can do is assume that the vendors are paying attention to the research and fixing the bugs and pushing out patches to affected devices. The good thing here, is that most of these researchers are giving their findings to the vendors before they publically release the details<\/a>. It is becoming more normal than it used to be for the security researchers and the technology companies to work together so that product-bugs are fixed before researchers publish their data.<\/p>\n

The real truth here is that you want to make sure that you are following all the best security practices on the things you connect to your network, as it is only as secure as its weakest link: password protect, update, run security products, and \u2013 as always \u2013 be smart by staying abreast of the threats by reading this and other security blogs.<\/p>\n","protected":false},"excerpt":{"rendered":"

Protecting your home network is as daunting a task as you make it. If your home network consists of a wireless router and a laptop, then it\u2019s pretty easy to<\/p>\n","protected":false},"author":42,"featured_media":2394,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[190,444],"class_list":{"0":"post-2393","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-device-protection","9":"tag-home-network"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2393\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2300\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2486\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2336\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2648\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/protecting-the-whole-home-network-and-everything-connected-to-it\/1516\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2648\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/protecting-the-whole-home-network-and-everything-connected-to-it\/2648\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/device-protection\/","name":"device protection"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=2393"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2393\/revisions"}],"predecessor-version":[{"id":18881,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/2393\/revisions\/18881"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/2394"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=2393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=2393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=2393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}