In today’s digital world, cybersecurity is more important than ever. We are all responsible for our own network hardening and security. Just about everyone has a home network, and the people that work remotely surely have one. This blog post is about how to harden your network and push Advanced Persistent Threats (APTs) efforts away.
Home networks that remote workers are using should have a router/firewall under your direct control and ownership. Relying on the router/WiFi Access Point (AP) supplied by your internet provider is not recommended. Placing your own router/firewall between your devices and the ISP’s router enables a more secure network. The more sophisticated routers allow for many advanced features such as WPA3 instead of a less secure WiFi protocol like WPA or, even worse, WEP. You can also block nefarious sites easier with web filters that are built-in to many firewalls. This allows you to block your network from bad sites instead of software on each machine to block unwanted sites.
Another great feature of having your own router/firewall is that you can setup a guest network. We all have friends and family (F+F) visit us. The cell coverage in your home may not be so good, so your F+F wants to use your WiFi/Internet. Letting people use your network that is used for your remote work is not recommended. You have no way of telling if their devices are compromised or not. A better solution is to have a guest network and let the F+F connect to that WiFi network. On many routers/firewalls, you can ‘lock down’ a guest network tighter than your home network, which will close your exposure to a ‘knock on the door’ as the saying goes, it is better to be safe than sorry.
Here is a screenshot of the settings for a Linksys Guest network:
A guest network is separate from your home network that is used for remote work. The traffic is segregated away from your home network traffic.
On some firewalls and routers, you can Geographically Filter your traffic. In other words, you may only allow or deny traffic from specified countries. This can be useful for blocking APT actors from countries that have a history of attacks. This is also helpful with the IoT (internet of things) devices as it can limit what countries these devices can reach over the internet.
In addition, you may want to limit your DNS in the same manner. Using a DNS service such as Quad Nines is also recommended to filter out known bad actors and sites.
Moreover, if you can purchase an enterprise firewall (FW) you should be able to implement an IPS (Intrusion Protection) policy. And most FW’s allow SSL inspection and file inspection. All FW’s are not created the same, which means if you have a particular idea of how this should work, you will have to research which company matches your desired inspection. If your resources allow an enterprise type of FW, it is highly recommended to implement one into your network.
As for WiFi; we have all been warned about connecting to open WiFi networks and the dangers presented by doing so. Simply do not do it unless you also use a VPN. When doing so on a public open network, your applications should all be closed with nothing running until AFTER your VPN is established.
For your home network, your WiFi should be configured with the WPA2 security protocol at a minimum. WPA3 is the latest and greatest standard for secure connections to WiFi. There are other methods that are more secure, but that topic is for another discussion.