How The Grinch Stole… Your Information – Part 1

By June 27, 2016 Cybersecurity

This is the first post in our multi-part Seusstastic series on the real threats that face home networks, where we can apply real-world enterprise grade protections to keep ourselves save in the connected world.

We’ll start out by stating the obvious: Thieves stink. Nobody likes to get robbed. More so, nobody likes to admit that they didn’t prevent thieves from entering their house and taking their stuff. So generally speaking, it is always a good idea to lock your house’s windows and doors.

Apply that same mindset to your home network. When most people think of their network, they focus on their laptop and desktop computers. But in this day and age, networks are much broader! Your network is comprised of your computers, phones, home automation components, smart TVs, smart appliances, and more. Each of those devices (or “hosts”) has the ability to store or access information that might be valuable to a cyber thief. We feel it’s an important enough topic to understand so we’re going to split this into multiple articles. In this first installment we’re going to break down the problem and explain why this is important. We’ll also outline some questions you should ask yourself when you connect any device to the internet. Let’s get started…

It’s a dangerous digital world out there…

At the end of the day or before you leave for work, you might walk through your house and make sure all of your windows and doors are closed and locked. Do you do the same for your network devices? You should – because imagine if thousands of bad guys were always crawling on your front lawn, climbing on ladders, and tapping on your windows to see if any were accidentally left ajar. Creepy huh? That’s what it’s like to be on the internet.

Before smart devices flooded the commercial market there were really only a few services that ran on home computers that opened ports which put people’s computer security at risk. These were limited to things like printer sharing or leaving your AOL Instant Message application open all the time. Nowadays, consumers buy connected products because of the convenient features that make everyday life feel like we’re living with the Jetsons.

Want to view that baby monitor video feed while you are outside gardening? How about changing the temperature of your house from the Bahamas because you forgot to do that before you left for vacation? Or there’s that door bell camera that lets you answer the UPS delivery person all the way from your desk at work in the city. How can all of these services do that? They use the ubiquitous internet connectivity that we all take for granted. And unfortunately, they also sometimes unknowingly operate on your network with open ports. Some of these devices actually operate over protocols that aren’t secured at all!

This is where you as the owner and administrator of your home network need to carefully weigh the risks of security vs convenience. The questions you need to ask are:

  1. Does it operate over secure protocols?
  2. Does it operate over standard ports?
  3. Does it self-maintain its own software updates?
  4. Is the device manufacturer regularly updating the device’s firmware/software?
  5. Can I isolate it (disconnect it) from the internet and have it still meet my needs?
  6. If I disable the feature that requires the internet, can I live without that capability from this device?

Your level of risk reduces with every “yes” answer from that list above – especially #5 & #6. If you don’t need to use it or if you can disconnect it from the internet and it still functions well for you – that is ideal. That puts you in control of your defenses like lowering and raising the drawbridge to your castle from inside.

But your options for managing your computer’s security aren’t limited to just plugging into the internet or not… you have the ability to leverage services that are designed with security in mind and when coupled with effective port scanning give you a clearer understanding of the risk profile. We’ll discuss what that means and how you can do that in the next article.

In the meantime I leave you with another analogy…

Imagine if the Grinch had to ask the Whos down in Whoville if they would let him in… He’d never have almost stopped Christmas from coming. But they didn’t protect their chimneys and windows. Don’t be a Who!

Join us next week when we show you how to know exactly what’s connected to your home network so that the Grinch cannot sneak in through a system you didn’t know was there, or hadn’t thought of as an exposure before.

Jeremy Wheeler

Author Jeremy Wheeler

Jeremy Wheeler is an information technology solutions leader with 10+ years of extensive experience spanning government systems engineering, data analysis, HR systems management, project management, custom application/database development and information security analysis. At Alpine Cyber Solutions Jeremy is a solutions architect who assists customers with establishing security programs, performing vulnerability risk assessments and executing penetration tests. Jeremy is a graduate of Philadelphia University and The George Washington University with a masters degree in Systems Engineering.

More posts by Jeremy Wheeler