1 / 13

Chapter 25 : Securing the Last Frontier in Digital Invasion: The Home Front

Chapter 25 : Securing the Last Frontier in Digital Invasion: The Home Front. Guide to Computer Network Security. Introduction

lynchr
Télécharger la présentation

Chapter 25 : Securing the Last Frontier in Digital Invasion: The Home Front

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 25: Securing the Last Frontier in Digital Invasion: The Home Front Guide to Computer Network Security

  2. Introduction • As digital technology conquers new territories and there is ubiquitous use of technology, the home as the last frontier, has fallen in the digital invasion and the digital activity hub have come home. • It is almost a paradox that as more technological activities have come home to make the lives of millions of people easier and more enjoyable, the threat to their core personal security is directly under attack. • From the home, with little fanfare and unknowingly, we have become members of a mosaic of social networks connecting with millions of other people we never and we will never know. Kizza - Guide to Computer Network Security

  3. The Changing Home Network and Hotspots • The growing and evolving entertainment technology in the home, the advent of the internet and the new monitoring home technologies, have all turned the home place into the new “ Wild West” as far as the security and integrity of the home, including house data and individuals in the home are concerned. • There are several avenues that intruders and hackers can use to penetrate and access house data at will: • CABLE LAN - As more digital devices started to enter the homes, there was a need to interconnect them with cables for easy use, better services and experience. A central component to connect all devices was needed and it came to be the router. • With this kind of cascading of home devices, a Local Area Network (LAN) was formed in the home, with the router as the central and weakest connecting device. Kizza - Guide to Computer Network Security

  4. (2) Wireless Home Networks • The development and the perverseness of wireless technology have created great freedoms and mobility in homes as several wireless networks have sprung up. The most common of these home wireless networks are: (i) Wireless Personal Area Network (WPANs), based on IEEE standard 802.15.4 of 2004, interconnect home devices within a range of between 10- 100 meters with a transfer rate of 250 kbit/s. WPANs focus on low-cost, low-speed ubiquitous communication between devices within the range. (ii) Wireless Local Area Networks(WLAN) or (WI-FI) – are short range local area wireless networks, up to 500 meters, that allow an electronic device to exchange data or connect to the internet using 2.4 GHz UHF and 5 GHz SHF radio waves. Wi-Fi is probably the premier local-area network (LAN) technology for high-speed Internet access for mobile devices like laptops, smart phones, tablets and smart TV sets for video transfer. (iii) WiMAX LAN - (Worldwide Interoperability for Microwave Access) is another limited area wireless communications technology based on IEEE 802-16 standard, designed to extend the range and functionalities of Wi-Fi technology. It provides data rates reaching up to 75 megabits per second (Mb/s) and a number of wireless signaling options ranging anywhere from the 2 GHz range up to 66 GHz, with up to 1 Gbit/s for fixed stations. It can also provide a service range of up to 10 miles. Because of that range, WiMAX can be installed either by a survice provider as base stations or as small receivers installed by clients to connect to the base station. (iv) LTE (Long Term Evolution) LAN - is a wireless broadband technology designed to support roaming Internet access via cell phones and handheld devices. It is also commonly known as 4G (fourth generation) technology. Because LTE is a newer technology, its communication protocols are based on Internet Protocol (IP). Kizza - Guide to Computer Network Security

  5. Types of broadband Internet connections • We discuss three types of broadband internet connections: • Wired Internet (residential broadband):connects the home LAN to the Internet via a physical cable such as a telephone line (DSL) or a cable line (cable), or a fiber optic line (FIOS). • Satellite Internet (satellite broadband): connects the home LAN to the internet is via a satellite disk, probably on the roof, which communicates with ariel satellites to provide the LAN with Internet access. • Cellular Internet (wireless broadband): connects the home LAN to the Internet via a cell phone signal to carry data and connect the supported device directly to the Internet. Kizza - Guide to Computer Network Security

  6. Data and Activities in the Home LAN • It used to be that the most common types of data in the home network were pictures, usually from family vacations and other valued occasions. Given the changing nature and utility of the family network, a lot more data types have come home too: • Work Data - The growth of work-at-home movement is bringing the home enterprise data home. Also the new concept of bring-your-own-device (BYOD) to the enterprise premises is creating avenues where employees are bringing home enterprise data on their devices knowingly or otherwise. • Social Media Data - The increasing use of smart and more powerful mobile devices is increasing the amount of both personal and public data brought into the home LAN by these mobile devices from social media and from public commons. • Banking and Investment Data – The convenience of home banking is making home LAN transfer sensitive data back and forth between the family LAN and the banker servers. Kizza - Guide to Computer Network Security

  7. Health Devices – Health providers, hospitals and health insurance companies are increasingly embracing technologies that enable patients to have operations and leave hospitals in a day or two to get follow-up care at home. Medications, monitoring signals and patient data information from these follow up care are usually and commonly uploaded on the family LAN or other monitoring devices and many times this data stay stored either on the family LAN or LAN histories. Kizza - Guide to Computer Network Security

  8. Threats to the Home and Home LAN • The digital invasion of the home front is now real. • What is more worrying is that, the individuals in the home front, unlike their counterparts in the workplace, are less knowledgeable and far less prepared to deal with the intruders. Even if they come to know, they may not be able to do anything to stop it. • Hackers are taking control of home LAN via the LAN servers and through electrical outlets and are able to capture data and sniff signals in the home anyway they like. • The tools and attacks to the home LAN are varied and are on the increase. Attack types are also changing enabling hackers to remotely enter the home and reprogram house devices to do what they want done like opening doors and jamming home security and monitoring systems. Kizza - Guide to Computer Network Security

  9. Most Common Threats to Homes and Home LANs • Trojan horse programs - social engineering programs sent by introducers and designed to make you trust them as they introduce access traps for easy access into the home LAN. • Back door and remote administration programs –used by intruders to gain remote access to the home LAN. Common tools are: BackOrifice, Netbus, and SubSeven. • Denial of service - attacks that cause digital devices on the home LAN to crash or to become so busy processing data that you are unable to use any device on thre home LAN. • Mobile code (Java/JavaScript/ActiveX) – code from web programming languages executed by most web browser and used by intruders to gather or to run malicious code on any computer on the home LAN. • Cross-site scripting - malicious scripts moved around the internet by computers visiting servers sitting these scripts. A home LAN is exposed to these scripts through: • following links in web pages, email messages, or newsgroup postings without knowing what they link to • using interactive forms on an untrustworthy site • viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags. • • Kizza - Guide to Computer Network Security

  10. Actions to Safeguard the Home LAN • The most recommended steps a home owner and home LAN user can take are again CERT [3]: • Consult your system support personnel if you work from home • Use virus protection software • Use a firewall • Don’t open unknown email attachments • Don’t run programs of unknown origin • Disable hidden filename extensions • Keep all applications (including your operating system) patched • Turn off your computer or disconnect from the network when not in use • Disable Java, JavaScript, and ActiveX if possible • Disable scripting features in email programs • Make regular backups of critical data • Make a boot disk in case your computer is damaged or compromised Kizza - Guide to Computer Network Security

  11. Using Encryption to Protect the Home LAN • Various wireless security protocols have been developed to protect home wireless networks: • Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks to provide the same level of security as wired networks but WEP suffers from many well-known security flaws, it is difficult to configure, and it is easily broken into. • Wi-Fi Protected Access (WPA): further hardens the wireless network developed as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed. Most current WPA implementations use a pre-shared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates. • Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard and finalized in 2004. It enhanced WPA by introducing the use of the Advanced Encryption Standard (AES) for encryption. The security provided by AES is far superior to that of WPA. The U.S. government uses it to encrypt information classified as top secret. Kizza - Guide to Computer Network Security

  12. Protecting the home LAN with known protocols. • Although Wi-Fi LANs provide many benefits to a home LAN, it broadcasts data in every direction to every device that happens to be listening, within a limited range. Unprotected WI-FI LANs can result in unauthorized use and potential harm to the home LAN and those in the home. Home WI_FI ANs, therefore, need to be protected with the most efficient encryption protocols available to the user: • Turn on the WI-FI LAN router’s encryption setting right after installing the router. As the router comes out of the box, the encryption feature is usually disabled. When turning on WPA2 choose a longer password that utilize a combination of letters, numbers and symbols for better security. • Turn on the Firewall at WPA2 install to protect the LAN from harmful intrusions. Wireless routers generally contain built-in firewalls, but are sometimes shipped with the firewall turned off. So it is important and recommended to check and see if the wireless router’s firewall is turned on. • Change Default Passwords to change all preset passwords and prevent unauthorized users familiar with the default passwords. Kizza - Guide to Computer Network Security

  13. Change the Default Name of the Network, known as its “SSID” (service set identifier). When a computer with a wireless connection searches for and displays the wireless networks nearby, it lists each network that publicly broadcasts its SSID. Manufacturers usually give all of their wireless routers a default SSID, which is often the company’s name. It is a good practice to change the LAN’s SSID. Never use personal information such as the names of family members. • Turn Network Name Broadcasting Off since wireless routers may broadcast the name of the network (the “SSID”) to the general public. This feature is often useful for businesses and institutions offering free WI-FI to the public. For personal or home Wi-Fi networks turn this feature off. • Use the MAC Address Filter, that unique ID called the “physical address” or “MAC” (Media Access Control) address. Wireless routers can screen the MAC addresses of all devices that connect to them, and users can set their wireless network to accept connections only from devices with MAC addresses that the router is set to recognize. In order to create another obstacle to unauthorized access, change the home LAN’s router’s settings to activate its MAC address filter to include only the LANs authorized devices. Kizza - Guide to Computer Network Security

More Related