{"id":18596,"date":"2022-03-25T12:30:02","date_gmt":"2022-03-25T20:30:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/03\/25\/news-12329\/"},"modified":"2022-03-25T12:30:02","modified_gmt":"2022-03-25T20:30:02","slug":"news-12329","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/03\/25\/news-12329\/","title":{"rendered":"How to boost cybersecurity defenses using your router"},"content":{"rendered":"

Credit to Author: Paul Gillin| Date: Fri, 11 Mar 2022 12:01:00 -0800<\/strong><\/p>\n

COVID-19 has made us all more aware of the need to protect our computers at home from online evil. But when was the last time you pointed your browser at your router? The little box that connects your PC and all the other devices in your home to the internet has an array security features that many people are unaware of.<\/p>\n

After speaking to Derek Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs<\/a>, I logged into my Verizon FIOS router for the first time in years and discovered there were no less than 18 devices connected to it, including TVs, printers, thermostats and a half dozen Amazon Echoes. Each is a potential security vulnerability. \u201cIf you look at your home router, you\u2019ll be surprised what you find there,\u201d Manky said.<\/p>\n

Security suites do a pretty good job of protecting against external threats, but the enemy is increasingly inside the network. \u201cThe most prominent threat we\u2019re seeing right now is the Mirai botnet,\u201d Manky explains. Fortinet defines<\/a> that as \u201cLinux malware that primarily targets IoT devices such as IP cameras and routers\u2026 [and] can mine cryptocurrencies, perform [distributed denial of service attacks], execute arbitrary commands, and scan the internet for other vulnerable devices to infect.\u201d<\/p>\n

The last part of that statement is what should catch your attention in particular. Most routers used in home networks assume that everything connected to them can be trusted. By default, they allow each device to see \u2013 and possibly connect to \u2013 every other device. A compromised camera or thermostat could thus be used by an attacker to navigate to a PC and install malware or a keylogger that captures keystrokes.<\/p>\n

\u201cOnce attackers get command and control, they establish an active communication channel,\u201d Manky says. \u201cIf you see your thermostat connecting to a bunch of weird servers, you should block it.\u201d<\/p>\n

Zero trust begins at home<\/strong><\/p>\n

Corporate IT departments apply sophisticated network segmentation controls to reduce this risk. Segmentation enables administrators to isolate sensitive devices into protected sandboxes that have their own policies. It\u2019s part of zero trust security, an increasingly popular form of cyber protection that assumes that nothing and no one on the network can be trusted.<\/p>\n

Manky likens the scenario to physical home security. \u201cMost people lock up their valuable assets to protect against someone breaking into their home, he says. \u201cThat\u2019s segmentation and the same idea applies to cyberattacks. Segments make lateral movement much harder.\u201d<\/p>\n

Most home routers don\u2019t support segmentation, though. The capability is available in software from Fortinet and others but if you want to try it yourself, it will take some poking around. I spent the better part of an hour digging through my router\u2019s menus and user manual and couldn\u2019t find anything related to network segmentation. I did find a new service called Verizon Home Network Protection<\/a> that tightens security at the device level but doesn\u2019t appear to prevent them from seeing each other. Comcast\u2019s advanced network settings<\/a> offers similar functionality. In both cases, they are disabled by default, and you have to turn them on.<\/p>\n

Good router hygiene<\/strong><\/p>\n

Even if your router doesn\u2019t support segmentation, there a few basic measures Manky recommends that can improve protection.<\/p>\n

If you want to get super geeky, you can configure an old laptop as a router<\/a> and install Snort<\/a>, a highly regarded open-source intrusion prevention system. However, your existing router probably has enough features to protect against the vast majority of threats. If it doesn\u2019t, time to buy a new one.<\/p>\n

Next, Read This:<\/em><\/strong><\/p>\n

How to secure your home Wi-Fi network and router<\/a><\/p>\n

Top 10 Tips To Protect Your Home Wi-Fi Network <\/a><\/p>\n

How to Secure Your Wi-Fi Router and Protect Your Home Network <\/a><\/p>\n

How to Secure Your Home Network<\/a><\/p>\n

10 Ultimate Tips for Wireless Security <\/a><\/p>\n

How to secure your router and home network<\/a><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Paul Gillin| Date: Fri, 11 Mar 2022 12:01:00 -0800<\/strong><\/p>\n

\n
\n

COVID-19 has made us all more aware of the need to protect our computers at home from online evil. But when was the last time you pointed your browser at your router? The little box that connects your PC and all the other devices in your home to the internet has an array security features that many people are unaware of.<\/p>\n

After speaking to Derek Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs<\/a>, I logged into my Verizon FIOS router for the first time in years and discovered there were no less than 18 devices connected to it, including TVs, printers, thermostats and a half dozen Amazon Echoes. Each is a potential security vulnerability. \u201cIf you look at your home router, you\u2019ll be surprised what you find there,\u201d Manky said.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11080,714],"class_list":["post-18596","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-networking","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18596"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18596\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18596"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}