Home Networking — The New Wild West
The new frontier is here. It’s been here for quite sometime, but it is time for security professionals to start paying more attention to it. Home Networking. As generic and basic as it sounds, home networks are becoming increasingly complex and more uncontrolled everyday. Often born without a dedicated network administrator, a home network can quickly become a breeding ground for bad stuff to happen.
It is a common misconception that home networks don’t need to have strict security because there is nothing of true value short of a few family photos and a music library stored on home computers. The reality is, home networks can contain the keys to many kingdoms, and if not properly protected and understood, the network owner could jeopardize not only personal data, but personal safety and well being.
Let’s face it, home networks are no longer two or three endpoint networks. A private home network could have anywhere from ten to twenty, even thirty devices connected to it at one time. If that sounds surprising to you, let’s do the math:
How many smartphones do you and your family own? Do you use your home Wi-Fi to connect?
How about tablets or laptops…printers?
Do you own a gaming computer or a desktop computer?
Can your TVs connect to the internet?
Do you have any personal cloud storage devices that store data on your home network
Do your kids (or you) own a Playstation or Xbox
Does your family use Apple TV, Chromecast or Amazon TV?
While this is not an exhaustive list, it is often an eyeopener to people who have a home network set up. With that many devices that are potentially communicating on your network, what is the likelihood that all of them are configured properly, secured and up to date?
This is the type of uncertainty that hackers around the world are counting on. Big businesses spend millions of dollars on securing their networks; home network owners buy a router and antivirus software and oftentimes never give security a second thought. This culture must change. Owners of home networks must become de facto network administrators and take responsibility for securing and managing connected devices. Manufacturers and vendors need to ensure consumers are provided the right level of documentation and in some cases, training on securing and managing devices. Just as owners of a car a required to have a driver’s license in order to legally operate a vehicle on the roadways, home network owners should be required to have a license to operate a home network that accesses the internet. The consequences of being hacked extends beyond an individual’s personal space. With the sophistication of today’s cyberattacks, a small home network can be used as a staging ground for a large scale attack on a business, a financial institution or even a country. Additionally, with the convergence of cyber security and physical security, there is an even greater risk that negligence in the home network space can lead to potential harm against people. What good would a home security alarm system do if it could be disabled by an attacker from the internet?
I encourage security professionals to become thought leaders in this space. As most of us provide consulting services as part of our day to day operations in order to make a living, I believe it is up to us to provide the same level of service at the consumer/community level. While it is not plausible to secure every network and stop every cyberattack, taking small steps like identifying the types of risks with home networks, centralizing research and providing a network security education forum for users to learn can go a long way in starting a positive trend of a more secure internet.