If you are getting into Enterprise networking, or if you want to learn more and is setting up a lab environment at home, you might have heard the phrase domain controller before. This is a fundamental part of enterprise networks and if you are even thinking about working with networking, knowing what a domain controller is, is essential.
It is in everyone’s interest that you secure your home network, even if you are not a tech person. Having an open network where other people can (and will) spy on you is something that I think we both agree is a bad thing. I just came bad from a work-trip where I spent some time setting up a new office. While that was on another level of network configuration, I couldn’t help to wonder how many people that simply connect the ethernet cable to the router and then lives happily ever after.
It is not hard to secure your home network. Most of it is basic things like having a strong password, keeping software up to date and turn off features that you don’t need. However, you should not have to turn off features that are there for a reason. Some say that you turn off DHCP because it’s more secure. Well, it’s even more secure to have no internet at all, but who wants that?
That is my realization. When I sat down to write this post, I did as any other blogger do when they are about to write a new blog post, they google the topic. When I searched for this topic, I found multiple “tips” that told me to turn off DHCP or enable MAC filtering. I am speaking for myself here, but that is not tips, that’s stupid. More on this later…
Are you one of those people that, when asked about security, gives any of the following answers?
First off, shame on you. Second of all, you need to read this article because I will give you reasons why you should care, why you should bother, why you should be interested in protecting your selfie-images.
If you have an unsecured network, people will be able to surf on it without your control. Technically, this means that criminals can use your network for their business and if the police would notice, it’s your name that they will have. Not happening to you? Criminals know that there are unsecured networks out there and they are looking for them.
It is possible to monitor the network traffic if you have access. This means that someone else can see the sites you are on or see when you purchased something and from where. They could then send a fake invoice to you where the money goes into their account. With network access, they could also plant ransomware or viruses on the devices in your house, making you pay them money or worse, taking your bank credentials and stealing your savings.
If someone would steal images of you or someone else, they could easily pretend to be you. This can be used to create fake personas or even stealing your identity. An example would be to create a new Facebook-account, upload those images and then contact your friends, asking for a loan. Some friends are not that careful and don’t check much more than the name and the profile image.
There are hundreds of reasons to secure your network, these were just a few examples. Not securing your WiFi is like to outside naked. You would never do it, yet everyone looks the same under the clothes. You have nothing to hide on your network? I dare you to walk outside naked.
I’m sure that you have heard this before but not having it as the number one factor when talking about your home network security should almost be illegal. Having a secure password will make your network a much safer place to be. Manufacturers have common passwords like admin or admin:admin so that it should be easy for you as a consumer to configure your network.
It is then up to you to change it yourself. Something that I like to do when I choose a password is to use a phrase and then add some numbers and symbols where it does fit. C=OLb0ySchool is an example of a password that I have used in the past. It has the phase coolboyschool in it but instead of hitting o, I press 0 while holding shift to get an equals-sign.
If an unauthorized user would get access to your router, you are doomed. They will have access to your whole network, your passwords, control of your networks traffic and its devices. If you have admin as password, go change immediately. This article will still be here when you come back.
You are most likely already using WPA2 today since all WiFi-certified devices support WPA2 but some people like to be stubborn and like back compatibility. WPA2 stands for WiFi Protected Access 2 and is a security protocol that has been around since 2004. It is the standard security protocol in the industry and is being used everywhere.
In short, WPA2 is an encryption protocol that is mostly used for home networks. It makes sure that the information in your wireless network is encrypted and secure. Before WPA2, there were WPA and WEP, both of them being unsecure. If you are interested in these protocols and want to learn more, I highly recommend this article from Lifewire.
In some routers, you can choose to support WEP, WPA, WPA2 or a combination of them. You should not use anyone other than WPA2. I wanted to take a screenshot of how it can look but it turns out that my Asus-router doesn’t support anything other than WPA2. But what if a device doesn’t support WPA2? If a device that you use doesn’t support WPA2, thus older than 12 years, it’s time to replace it. That device in itself is a security risk.
Anonymous SSIDs. Ermahgerd, Wi-Fi! and Network Not Found is mine 🙂
Your SSID (Service Set Identifier) is the name of your network. Most people have two different SSIDs today, one for 2.4GHz and another for 5GHz. If you live in an apartment (like me), it can be common to see a long list of SSIDs when looking for a WiFi-connection. What many people are doing here is to set their last name as the SSID or a family member or similar.
The problem with this is that if someone wants to hurt you and your family, all their have to do is to get close to the house and search for WiFi-connections to quickly know which network yours is. If you instead have your SSID being more generic, like a random word, or the street name, it is much more inconvenient to understand what network yours is.
If you have a router from your ISP, this becomes even more important. Many times, the name of the SSID can be something like ISPname123456. Telling everyone which network provider you have is not a good thing, especially if you have a router from the ISP. Since the ISP tell what router they offer on their sales page, an attacker can check what ISP you have based on your SSID and then check the sales page to see the model number of the router. Now, they know what router you have at home, and can find a way into that specific router.
Some say that you should hide your SSID so that you have to enter it manually. While I can understand that, it’s not something that I see would be that beneficial. Sure, my grandmother would probably not know how to find it, but my brother would with a quick Google search, and he does not know IT.
Many routers have a feature where they can be controlled and administrated over the internet. Unless you know what you are doing, this is not something that I recommend, at all. I also thought that this was quite an easy one, since it is off as default on most routers, right?
Nope. My Asus-router had it set on ON and when I went to the URL that was listed, I got access to my router, outside of the network. It was when I turned it off and got a message that I understood why it was on as default. In 2018, most routers come with an app that lets you control them from your phone. When I turned this off, I got a message saying that I wouldn’t be able to access it from my phone while not connected to the network.
It should go without saying what type of security issues you might get in trouble for when you expose your router to the internet. Your router has all kind of information and if someone got access to it, and your internet traffic, the person could do serious damage. So, in your router settings, make sure that Remote Access is turned off, especially if your router has an app.
WPS is a feature that is making it easier to connect to a wireless network. Have you ever seen a button on your router that says WPS? This means that when you are about to connect something to the router, you can push that button to automatically connect to the WiFi, without having to enter your password. As long as you have physical access to the router, you can do this.
Another method involves a pin code. This is something that is automatically generated on the WPS configuration page on the router. The problem with this method is that it is vulnerable to brute-force attacks. Bruce-Force is a kind of attack where you guess the pin or password multiple times until you find the correct one. This is something that software can do and it’s the biggest reason why I recommend that you turn off WPS.
And if you start thinking about it, there is no need for it unless you are connecting different devices every day. You enter the password once and then the device will remember it, it’s much more secure and safer.
Something that I always recommend my friends to do is to use their stuff instead of using the ISPs. Many ISPs will send out a router for you when you sign up for a subscription. The problem is that you often don’t have full control over the router and instead, it’s the ISP that has control over it.
If the ISP lets you (which they sometimes don’t), I can highly recommend that you leave their router in the box and instead you purchase a new one, for your own money, that is yours, and yours only. This gives you much more control over your network and even if you don’t plan to do any special configurations, the router you purchase will in 98% of the cases have better performance than the router from the ISP
Lastly, I would just recommend that you keep your software updated on all your devices. Companies are always fixing bugs and filling security holes in their devices and it’s your job to apply that update. I am talking about everything connected to the internet like your router, TV, Philips Hue, computer, phones, tablets, whatever it is. If there is an update, you should update.
Did you hear about WannaCry in May 2017? This was a massive cyberattack that hit all kinds of systems around the world. It encrypted files and demanded a ransom. The ransomware infected over 200 000 computers around the world in just one day. Do you know who got it? The ones that were on old software or hadn’t upgraded in a long time. The ransomware attacked Windows-machines, but Microsoft had already released a fix for their operating systems. However, if you hadn’t update, it was game over.
As I mentioned at the beginning of this article, I did some research while writing this topic, as I and any other blogger always do. The problem I found was that there were so many bad tips out there, that was there simply to have a bigger list for people to read, not useful.
One of those things was to turn off DHCP on your router. The point here is that devices that connect to your network should not automatically get an IP address, something they need to use the network and internet. No, someone else, like an administrator or a family member should give the device a static IP (having a static IP means having the same IP all the time).
Think about all those times that you have had friends over. What if you were to manually give their phones an IP address so that they could use your home network? It would be a nightmare.
MAC Filtering is almost the same. This means that you only have approved MAC addresses in your network and no other devices can connect to the network. This would also be an extreme measure that normal folks like you and me don’t have to bother with.
So, if you read that you should turn off your DHCP, don’t. It’s not necessary at all.
Not too long ago, we had quite the situation at work. We got a virus into the network, which started encrypting all our files and stopped us from using them. The only way to unlock the encryption was to pay money into a BitCoin-account. Now, this is a company, where we take regular backups, re once the virus was stopped, we rolled back an hour, and everything was back to normal. But what when you are not a company? Making sure it never happens in the best defense.
The best way to prevent viruses and malicious software to enter your computer or network is to use virus software that regularly scans your computer for virus. That, together with a common sense, will prevent 99% of all viruses to be stopped from never getting in. But there are other ways to stay protected as well.
But what can you do if something bad is in your computer network? Can you save your files and stop it from spreading further? Let’s look on some ways that you can protect your network and computer and actions to take if the worst would happen. Also, a simple tip on how to save some money.
The truth about viruses and malicious software is that everyone can be affected by it. For a long time, there has been a rumor saying that an Apple MacBook can’t get a virus, that viruses are something for Windows-machines only. This is of course not true at all. In an article from Macworld, it’s clear that viruses for MacBook’s are something that very much exists. The company Malwarebytes saw an increase of 270% in 2017 for viruses on Macs.
A computer that is vulnerable to viruses too
But viruses are not only for Windows-computers and Macs, but it can also be found in basically anything these days. Our TVs are connected to the internet, many households have some form of smart device, cars are filled with software and it’s more common to have them connected to the internet as well. And I haven’t even mentioned the computer in your pocket, your mobile phone.
Any one of these devices is vulnerable to a virus, especially smart home devices. Many smart home devices aren’t being developed with security in mind, and thus, they can be very easy to hack, even with a simple Google search.
This is the reality that we live in. We love being connected to the internet at all times. The problem is that if you don’t protect yourself in these new times, you can end up with a world of trouble. This is how you do it.
Having a good antivirus-software is number one, always. But it doesn’t have to cost money. If you are running Windows 8 or 10, you already have a good antivirus. Windows Defender is a perfect antivirus-program and you can rely on it to always protect you. If you are running Mac, you are safe as well from the start. Apple does a lot to make sure your machine is safe.
Next, having the UAC enabled is a must. UAC stands for User Account Control. You might have seen it before, it’s this annoying window that pops up when you try to install something. This is a great thing because this means that everything that is being installed on the computer will have to be approved first. So, if you don’t have this enabled, something could be installed without you knowing. To make sure you have UAC enabled, you can follow these steps (Windows 10):
Updating your operating system and other software is crucial. New threats are always being found in software and the only way to protect yourself from them is to update them. Both Windows and Mac are quite easy to update, there is no excuse to not do it. Also, if the software is asking to be updated, you should always install it, if possible.
Having a firewall is a popular way to control traffic intro to your network. Now, it should be said that a topic on firewalls needs its post because this can become complicated very quickly. However, it’s good to know that there are two types of firewalls, software, and hardware. At work, we have a physical firewall, whose job is nothing else than to filter traffic. This is a bit over the top for a home network but instead, you can use software that acts as a firewall. And again, if you are running Windows or Mac, you already have a firewall built-in to the operating system.
I think that the above tips are easy to follow and execute and I see no reason for anyone to not do them. However, there are two things stand out like nothing other. If you follow these two tips is crucial and you can easily skip any other tips, including the ones above if you only do these two.
The first one is to take backups. Taking backups of your files and documents is extremely important, yet so many don’t do it because they don’t can’t be bothered. Then, when they get a virus or their computer crashes, call an it-guy (like me) and blame us when we can’t restore the files. Always do backups, it’s not hard, it’s not time-consuming, it’s not expensive. Here are 4 easy solutions:
The second tip is to use common sense. If something looks sketchy or shady, it probably is. If something looks too good to be true, it probably is. If you get an email from someone with an “invoice” and a file attached, think if you are waiting for an invoice. Invoices don’t come without reason, so if you haven’t purchased anything, you will not get an invoice either. It’s the same logic with competitions, if you haven’t been in one, you can’t win. Don’t trust emails that say that you won if you haven’t participated.
My Backup-Solution. An old computer that I am using as a NAS
If a computer was to be infected, it’s good to be aware of the steps that you need to take to solve it. Which steps to take will depend on what kind of virus it is. A very common type is ransomware. This is what happened at work, which I mentioned in the beginning. This is when your files are being encrypted and you need to pay someone to unlock the files. DO NOT PAY! If you pay, you are supporting the creator of the virus, something you don’t want to do. You are also spending money in hope that the criminal that created the virus, will unlock your files. Never trust a criminal.
But before you do anything else, remove the network cable from your computer so that it isn’t connected to the network. This will stop any eventual damage on your other devices in your network. Next, you want to go into safe mode on your computer, which means that Windows will load as little as possible to function. This is a great way to investigate the system. To enter safe mode, to the following:
When you are back inside of Windows, everything might look a bit weird. That is because Windows hasn’t load any graphics drivers and is instead running on the default resolution.
Now when you are in Safe Mode, run Windows Defender to scan for viruses. Do a full scan and let it finish before doing anything else. When the scan is finished, connect back to the internet and download the Microsoft Safety Scanner and let it scan the system.
If the virus is still there after these scans, it might be time to simply reinstall Windows. This will remove everything on your computer and make the computer like new again. This means that you will have to reinstall your games and programs again, as well as to restore your files from backup. To do a clean Windows 10-installation, the guys over at How-To Geek has a great guide for it, which you can find here.
Finally, I would like to talk about all the antivirus-software and hacker software protection that you can purchase today. Don’t spend money on this. It’s well-known that you need some sort of antivirus software on your computer and it’s common to purchase this service, which is reasonable. But today, if you run Windows or Mac, it’s built into the operating system.
Companies like Avast, Symantec, and Comodo are still making a business out of antivirus-software because people don’t know how much better Windows Defender has gotten over the years. Heck, a company called Kaspersky even sued Microsoft over it.
If you start looking for antivirus-software on Google, you’ll end up with 1000 of software that is “the best” and the “most secure” and this and that. I can agree that Windows Defender isn’t the best security software on the planet, but the combination of Windows Defender and common sense is as good as any other paid software…
