We cannot make someone reads our article to become a CCNA-level network administrator anytime soon. Networking is hard, with various protocols, wiring standards and other critical parts that need to work hand-in-hand to even enable a transfer of PING packets. Take a look at the basics of the seven layers of the OSI model, to have a brief glimpse of what we are dealing with when we talk about the nitty-gritty of computer networks. It was designed for “easy” understanding of IT professionals in a networking career, not really for the common Joe and Jill who just wants to use their tablets to play an online mobile game.
Hence, this article is written for the common network user in-mind. How do we make our Internet devices safe in our little network that our ISPs set up in our homes through their modem/router combo equipment they issued?
- You do not need to be on the cloud.
Seems like many people are peer-pressured to be in the cloud. Facebook.com is a cloud service in itself, same goes with Twitter, Instagram, WhatsApp, and the list goes on and on. These are websites that behave as apps, in fact, their respective mobile app counterparts are not much different, they pull their app content from the website hosts. A glorified browser without the address bar and other typical browser-centric controls aside from the back button functionality. Privacy and security go hand-in-hand, and we recommend that if you have time, to specifically read the entire Terms of Service for these websites. We can fully guarantee that you will discover horrific “rights” you provide Facebook and other similar apps of such nature over your data and devices you used to access its services. Never be pressured that you need to be in the cloud in order to be fashionable,
- Physical barriers are still good security.
In an office environment, physical barriers on networks are the actual physical cable that connects the workstations to the network switch. That in itself is the physical barrier that can be controlled in order to minimize further damage in the event of cybersecurity trouble. That is why the first thing the IT team advises people after a virus outbreak is detected on the network is to disconnect the workstations from the LAN. Same goes with Wi-Fi, the closest to physical security are the MAC addresses. System administrators may choose to implement MAC address filtering, with only those on his list can connect to the Wi-fi router. The counterpart to physically pulling-out the cable is to remove the laptop’s MAC address from the Mac Address filtering white list. This will then automatically disconnect the computer from the network, with similar effect to physically disconnecting the device.
- Modem/router equipment is designed to be easy to install, not easy to secure
Modems/router should not be the immortal and perpetual device that sits between you and your ISP. It should be of good quality from a dependable brand, with an adequate online manual for troubleshooting purposes and upgradeable firmware. Being a hardware device, it is run by software, though different from other computers as a modem/router’s operating system is embedded as part of the chip, also known as firmware. Unfortunately, ISPs chose their modem/router to be as plug&play as possible, in fact to a point that it is blamed for the insecurity of the home network. Remember the term Universal Plug & Play (UPnP). In an effort to reach “it just works” level of compatibility with various devices, UPnP in many home modem/routers is enabled by default, opening an attack surface that should not be there in the first place.
- Trust no one, encrypt your data
Encrypt your data, we cannot stress this enough. Even simple zip-file level encryption of data is much safer (though can be brute-force cracked) than nothing. We recommend full disk encryption through Veracrypt if your data are highly sensitive.