The theme for the week is: Securing Devices at Home and Work. As was pointed out last week, the average American has access to ten connected devices. A home network also has a router and possibly switches and repeaters. An American home network has the numbers and capability of what was a business network not too many years ago. American homes have business networks without business, network administrator staff.
There are predators lurking who desire to exploit home networks. How can we defend ourselves from predators?
This is only a short survey, not an extensive review.
The biggest threat on any network is the users of that network. With the possible exception of pissed-off teenagers, we shouldn’t need to worry about malicious threats on home networks. Untrained or inattentive users can cause damage, even without malicious intent.
While the Nigerian Prince scam is largely a thing of the past, similar cons are still being perpetuated, but with much better English. The objective of the Nigerian Prince type cons is to obtain the bank information of the target. Family members should be taught to be very careful when giving bank information. If someone obtains bank information, that information can be used for nefarious purposes.
Care must be exercised when giving any personal information.
There is a lot of personal information that is shared on social media. Not all shared information is shared on purpose. When posting home photos or videos, be careful as to the backdrop. There is a lot of information that can be obtained from what is displayed behind you. Everything on the net is forever. Teach your children to be careful what they post, on purpose and as the backdrop. What they post now affect them in the future.
Kids are also at risk to those soliciting photos or videos.
The sending and possession of these types of photos is a serious crime. Also, there is no guarantee as to where the photos will go. There are also pedophiles and child grooming gangs who hunt children. They may only be looking for child pornography. However, they may be human trafficking gangs hunting for victims for the sex trade. Parents need to have frank discussions about appropriate use and potential dangers. Parents also need to monitor their children’s on-line activities.
All accessed web sites should be https:// sites. The “s” indicates that commutations are encrypted communications. There are fewer and fewer legitimate, http:// sites but they do still exist. A number of endpoint security programs will issue warnings if an http:// is accessed but users should still be aware of the danger.
There are also web sites with names similar to legitimate sites.
Some of these are somewhat obvious such as www.whitehouse.com that was a porn site in the 1990s. A more nefarious use is to send mail with a link to a name that looks close and will direct users to a site that looks like the legitimate site but is a site that collects user names and passwords. An example would be something like cm.com instead of cnn.com (this is only an example; I
do not know if cm.com exists).
One very successful cyber attack method is to drop infected thumb drives in parking lots and wait for victims to insert the drives into their machine.
The Stuxnet attack is only the most famous example of such an attack. Be careful about picking up unknown items and taking them home; you don’t know where they’ve been.
Most American children have a smartphone by the age of twelve. Kids under the age of twelve are accessing the net; therefore, kids under the age of twelve should be taught how to be safe on the net.
Home cybersecurity is not limited to user behavior. There are actions that need to be preformed by the home system administrator (i.e. you).
Devices Need To Be Secured
Computer cameras are relatively easy to hack. All cameras, not just computer cameras, need to be covered when not actually in use. This includes cell phones, tablets, game systems and anything else with a camera. Webcams do not need to be covered with ugly masking tape or band-aids. There are a number of commercially made webcam covers available. Webcam covers are available in a myriad of colors and designs. They are also quite inexpensive.
In spite of programmers’ best efforts at writing secure code, security vulnerabilities are constantly being found in software. Periodically, software manufacturers distribute updates. System administrators need to download and install software updates. This is a requirement for applications as well as operating systems. All connected devices, smartphones, game systems and all other connected systems need to patched.
Rather than constantly patching code, manufactures eventually release new versions of software. Software must be updated, when necessary. The 2017 ransomware attack against the English National Health Service (NHS) succeeded because much of the NHS was still utilizing the 2001 vintage, Windows XP. More modern systems were immune to the attack.
Software Needs To Be Regularly Updated
Systems also need to have up-to-date endpoint security software installed. It is critical that security software be kept patched. The security software can only find vulnerabilities that it knows. The device is vulnerable to any threats that have been discovered since the last update.
We (the hackers) only have to be lucky ONCE.
You have to be lucky ALWAYS...
In 1984, the Irish Republican Army (IRA) attempted to assassinate Margaret Thatcher with a bomb in her hotel. The attack was unsuccessful. The IRA issued a statement which said, “…we only have to be lucky once. You will have to be lucky always.” This statement applies to all branches of security. There are a lot of predators out there. We have to be successful against all of them.
