Last time there was a lot about DoS attacks which affected whole Internet network. And actually, this was not a usual attack. This attack was done using …..web cameras. Just normal web cameras which were used as attacking zombies or botnet computers. In most cases that were caused by unprotected cameras and home networks with low security. If you want to know more just go to one of the web pages which were including reports LIKE THIS ONE.
I think most of us are using at home Internet-connected devices. Some of you – maybe a refrigerator. In the most situations, we have TV’s, radios, cameras, home automation systems, tablets, phone, and computers – all connected to our one main LAN.
Using that LAN network we are writing emails, entering passwords to access Facebook, accessing PayPal or our BANK. In most cases, we have probably antivirus installed and that’s it. Nothing more. Now just think that hacker accessed your web camera, he is observing you, more – he can track whole traffic in LAN, he can at the end upload to your network, not a very nice software – to track all your activity. Then you can have a nice screen like this…..
Just to mention – if you see that screen on your computer or similar – do not pay – your data are normally lost and not safe.
Or suddenly your TV is doing strange things…. or your camera is moving…. when you are not looking….
Let’s go back to your network. Just look how it looks normally – I have created the typical schema on average LAN networks at home.
What can we do to increase safety? There are a few ways. In this article I would give you some tips – a solution which I would give you is not free – it would be necessary to invest probably 150-200 Euros – but this would be a one-time investment. Eventually – I would suggest as well to change your WiFi – which would cost another 30-40 Euros. But let’s start the analyse.
- In the diagram above we have all elements in one network. The only security wall is our Firewall on the router – which was delivered by ISP company. In most cases this is the very basic firewall – easy to break and at the end, the hacker can access your network. This router has a usually low level of security.
- Our TV is on our network – it is known that after some years producers are not pushing updates to old TVs… Today old is just very often 3 years!!! In the past, you were using your TV for years…. If this TV is without updates – we can expect it is not very safe…. next is our WiFi or LAN printer, next to Web Camera….. next tablet… etc…
- We have as well our personal computers on that LAN which we use daily, protected by good AV – we use that computer to access Bank, PayPal, mail etc… This is the place where we are storing important information.
If we look at this diagram and type of equipment which we are using – I think we can divide this network into some segments.
- Not fully trusted equipment – that would be TV, Web Cam, maybe printer, eventually tablet/mobile
- Trusted equipment – that would be our laptop or PC or any other management system.
- Guests – people who temporary are using our resources.
In the next step, we can create a logical layout based on those segments. We would mark our segments as VLAN’s – virtual LAN networks. Generally, the idea is to keep all segments separate. Of course, we want to have full access from our LAN which is trusted, but in some situations, we want to block parts which are not fully trusting. So our diagram could look like this….
As you see the idea is to secure not trusted part from the part which we should fully trust. Potentially where we are doing banking or shopping, storing photos etc.
In the next step, we would look how to improve that scheme even more and what we need to protect the whole network. Generally – it would not cost us more than 200 Euros…. which I think would be best-spent money ever for computer security. Please look at the next steps.