So you thought you were safe in your own house behind closed doors. Well guess again, chances are that a bad actor already gained access to your beloved secure perimeter. Of course, this is technically speaking and not about a burglar that gained access to your house and is now waiting under your bed.
Then again maybe nothing is stolen from your household, there is still a severe possibility that something valuable was taken from you.
Question: If had the choice between wearing a t-shirt with your home address or phone number or a generic number and address on it, what would prefer to wear? Okay, hold that thought, I’ll come back to it later.
Looking at the current development in the field of security, a lot of focused on the Zero-Trust concept. Although this is a great way of approaching things, we often forget to look at the basics. In this blog post, I will explain the basic steps you need to configure your SoHo (small office/home network.
And trust me, implementing these changes will take you 10 minutes.
When your internet service provider (ISP) provides your home address with a broadband connection a network address or as we call it IP address is assigned to your subscription. This IP address identifies your household in the online world.
Most ISP’s give their customers a routing device that is used to connect your personal devices to the broadband connection. In some cases we buy our own routing device and use this instead of the one we got from our provider.
Many among us internet junkies leave their home router configured with the default settings and never look after it again. The only thing that is important to us is that our beloved devices can connect to the routing device to browse on the internet. But without us knowing it, a lot is going on around our broadband connection and the connected devices.
Hopefully after reading this blog post, you understand what risks there are and what basic steps we can take to remediate this.
If you are not interested in the details, and just want to know the solution. Scroll down to the bottom of this post and start taking action!
1. Hide your public IP address
First, we are going to check what IP address is assigned to us by our ISP to communicate to the internet. This can easily be done through Google by searching for ‘what is my IP address’ in the search box. Clicking the first link will also show an estimate of our home address based on the IP address. This means that the so called bad actor already has knowledge about where you are living.
steps to take:
- invest in a VPN connection. Personally I’m a fan of NordVPN
2. Disable remote management
If you have an older router device where this feature is enabled by default or enabled this feature because you thought it might come in handy. RED FLAG! you are in direct danger!
No serious, disable this as soon as possible and I will explain to you right now why you should.
In the first step, we were able to retrieve our public IP address without the use of VPN. We can use this information to start investigating if we have any open ports on our network. Non technically speaking we are going to look for open windows or unlocked doors in our house.
There is a humongous amount of online tools and websites available for testing the security of our network. But there are also more sophisticated tools that hackers use. We will go for the easy way and that is through an online tool. It is important to do these tests from the outside of your own network. In this example, I will use ZoomEye https://zoomeye.org but you can also use https://pentest-tools.com to scan for open ports and protocols on your public IP address.
Be aware the result can be shocking and result in instant panic attacks! But don’t worry, after reading this blog post to the end, you will understand the risks and know how to fix them.
Let’s enter our IP address on the ZoomEye website and look at what information we can find.
We have now got some valuable information about the environment, just based on your public IP address. One of the things that stick out is the Product Linksys WRT320N. This tells us what kind of routing device is used to connect to the internet. This extra piece of information is extremely useful to gain access to the local network.
Now think back to the first paragraph, if a bad actor would know that you have something valuable would you still feel comfortable wearing that t-shirt with your home address on it? Don’t think so right!
As said before, many among us bought a router run the basic setup wizard, and never looked at the device again. This means that there is a big chance that the default admin credentials were never changed. Let’s see if we can validate this. With the information about the device being used, we are going to ask our good friend google if he can help us out and search for the default credentials.
I always love to see how helpful manufacturers are in sharing information. As it seems we don’t need to provide a username and the default password is ‘admin’.
Damn! That was easy. So just because we thought it would be easy to turn on remote management, we also made it very easy for a bad actor to gain access to our environment without us knowing it! Now that we have access to the management page of the router, we can also see what devices are connected to this home network.
This information makes it extremely easy to start targeted attacks against this environment to harvest credentials of redirect the users to malicious pages.
If you need remote access to your home router, use a VPN connection which can be configured in almost every routing device. Now that we are in the management console anyway, make sure you always update your router to the latest firmware version available. This helps to patch any known vulnerabilities.
Steps to take:
- Disable remote management
- Change the default login credentials
- Update your firmware
- Enable VPN access for management and access to local devices/resources
Enable Guest networks
Okay, this is an easy one. Almost every home routing device has the option to enable guest networks. And as you might expect, this is intended to be used to provide your guests with an internet connection.
Okay, but why is this so important to enable the guest network for that purpose? Although most of us would only allow people to our network that we trust, we have no way to validate if we can trust their devices. Maybe your guests have a mobile phone or tablet that is infected by malware or ransomware.
So the risk we take by allowing these guest devices to our home network is something we need to take seriously. Because of the current pandemic situation most of us also have their corporate devices connected to the same network as where would would allow our guests. Therefor I recommend enabling the guest network option and only join devices that you own to the internet home network
Another good practice is to disable the SSID broadcasting option for your internal network. This prevents your networking from screaming around that it is available and asking devices to join. Your laptop and mobile phone will keep connecting to your home network once they are in reach without any manual actions.
Another good reason to have this in place is to protect yourself against wardriving.
WHAT? Yeah, that was my first reaction when I heard that term years ago.
Wardriving are hackers who drive around in search of unsecured or vulnerable wireless connections (networks) using a laptop and a strong antenna. Their main purpose is to gain access to your network and steal information that is being sent through and received by your network.
By enabling the guest network and disabling SSID broadcasting you create isolation between trusted and untrusted devices that have access to your network(s)
Disable NAT rules and other open ports
This sounds geeky but is very important and easy to do. One of the options in your routing device is to configure rules to forward requests internet to your locally connected network devices like laptops, tablets, phones, etc. NAT rules are little holes in your fence around your secured house.
These rules are mainly used to give remote access to devices that are running in your SoHo. Again, this sounds convenient but is very dangerous and vulnerable. As shown in the previous step it is very easy to connect to your routers management page which is hosted on port 80 or 443
Common ports that are being enabled through NAT rules are 21, 22, 3389, 8080, 9000. Especially port 22 and 3389 are underestimated in the risk taken by opening it to the outside world. These port numbers are used to remotely log in to your computer.
As soon as a hacker detected that port 3389 or 22 is opened they will start firing usernames and passwords against these open ports until they have access to your computer.
If remote access is really required, you can configure a VPN connection in your router device to get secure remote access to resources that are internally connected to it.
Steps to take:
- Disable all NAT rules and forwarding rules
- Enable the Firewall
- Use a VPN connection for remote access
Risks from the insight
Technological development has certainly brought a lot of convenience to our lives, allowing us to interact from almost anywhere with connected devices. Unfortunately, this has also brought convenience to hackers because it allows them to exploit and capture data from all our connected devices and even take control of them.
Although we plugged a lot of holes in the previous steps, we often don’t realize that we are also creating many new holes in our secured environment by using IoT devices like smart lightbulbs, smart speakers, etc.
For a smart device to be functional, a connection between the device and an online server is required. This connection is created by the smart device in your network to the external server that it is trying to communicate with online. As soon as this connection has been established, the two endpoints can start sending data to each other.
But are we sure that we can trust that online endpoint? When buying a Sonos device or a Philips Hue system, you can expect of these brands that they have the right security measurements in place to keep you and your smart devices safe.
When looking at the aftermarket products like the lightbulbs of an unknown brand that you’ve bought because they were a lot cheaper, might changes things a bit. Because we don’t know to what servers they are communicating, we cannot guarantee that these devices are secure. Therefor we should isolate them from our internal network, just like we did with our guest users.
This is a more complex solution that involves creating separate VLANs in your network.
More about that in a later blog post.
To Do list!
- Hide your IP address by using a VPN connection
- Disable remote management
- Change the default login credentials
- Update your firmware
- Enable Guest networks
- Disable SSID broadcasting on the home network
- Disable NAT and Forwarding rules
- Enable the build in Firewall
- Create a VPN connection to the device for remote access