We’ll start out by stating the obvious: Thieves stink. Nobody likes to get robbed. More so, nobody likes to admit that they didn’t prevent thieves from entering their house and taking their stuff. So generally speaking, it is always a good idea to lock your house’s windows and doors.
Apply that same mindset to your home network. When most people think of their network, they focus on their laptop and desktop computers. But in this day and age, networks are much broader! Your network is comprised of your computers, phones, home automation components, smart TVs, smart appliances, and more. Each of those devices (or “hosts”) has the ability to store or access information that might be valuable to a cyber thief. We feel it’s an important enough topic to understand so we’re going to split this into multiple articles. In this first installment we’re going to break down the problem and explain why this is important. We’ll also outline some questions you should ask yourself when you connect any device to the internet. Let’s get started…
It’s a dangerous digital world out there…
At the end of the day or before you leave for work, you might walk through your house and make sure all of your windows and doors are closed and locked. Do you do the same for your network devices? You should – because imagine if thousands of bad guys were always crawling on your front lawn, climbing on ladders, and tapping on your windows to see if any were accidentally left ajar. Creepy huh? That’s what it’s like to be on the internet.
Before smart devices flooded the commercial market there were really only a few services that ran on home computers that opened ports which put people’s computer security at risk. These were limited to things like printer sharing or leaving your AOL Instant Message application open all the time. Nowadays, consumers buy connected products because of the convenient features that make everyday life feel like we’re living with the Jetsons.
Want to view that baby monitor video feed while you are outside gardening? How about changing the temperature of your house from the Bahamas because you forgot to do that before you left for vacation? Or there’s that door bell camera that lets you answer the UPS delivery person all the way from your desk at work in the city. How can all of these services do that? They use the ubiquitous internet connectivity that we all take for granted. And unfortunately, they also sometimes unknowingly operate on your network with open ports. Some of these devices actually operate over protocols that aren’t secured at all!
This is where you as the owner and administrator of your home network need to carefully weigh the risks of security vs convenience. The questions you need to ask are:
- Does it operate over secure protocols?
- Does it operate over standard ports?
- Does it self-maintain its own software updates?
- Is the device manufacturer regularly updating the device’s firmware/software?
- Can I isolate it (disconnect it) from the internet and have it still meet my needs?
- If I disable the feature that requires the internet, can I live without that capability from this device?
Your level of risk reduces with every “yes” answer from that list above – especially #5 & #6. If you don’t need to use it or if you can disconnect it from the internet and it still functions well for you – that is ideal. That puts you in control of your defenses like lowering and raising the drawbridge to your castle from inside.
But your options for managing your computer’s security aren’t limited to just plugging into the internet or not… you have the ability to leverage services that are designed with security in mind and when coupled with effective port scanning give you a clearer understanding of the risk profile. We’ll discuss what that means and how you can do that in the next article.
In the meantime I leave you with another analogy…
Imagine if the Grinch had to ask the Whos down in Whoville if they would let him in… He’d never have almost stopped Christmas from coming. But they didn’t protect their chimneys and windows. Don’t be a Who!