Top | |
Newsletter 02/24/2023 |
Back to Contents |
NSA Publishes Tip Sheet On How To Secure a Home Network
The NSA has released a Guide to
Best Practices for Securing Your Home Network.
(9pp PDF will open.) As
do many of the Cheatsheets released by Uncle Sam, its prescriptions and proscriptions will
sound familiar to Readers of The Dispatches From the Front.
Indeed, I do recommend most of these practices to my clients, but not
all of them. When taken as a whole, what these 9 pages tell the
SMB is that Dear Mr. or Ms. Small Business
Owner, you need full time professional help if you plan to implement all
of these suggested measures using the graphic above as reference.
Most SMBs do not have any budget for full time tech help. And if
they did the owner would soon come to resent the tech's salary being paid for
sitting around most of the day waiting for something to happen.
Or, the tech would be unhappy when drafted into non-IT work.
Upgrade to a modern operating system
and keep it up-to-date
Updates do occasionally fail, however. If a user does as
recommendation to: "Leave computers in sleep mode to enable
downloading and installing updates automatically," and that
update fails and disables some feature or process on the system, there
would not be the immediate knowledge of cause and effect. On Feb.,
06, 2022, I posted
How to Run Windows Update Manually. I still maintain
that running updates yourself first thing each day should be routine.
Schedule frequent device reboots
The sentence "Malicious implants have been reported to infect
home routers without persistence." refers to the recent
discovery that because there is no device to save the attacker to, any
malware infecting your router will be removed when powered down.
To minimize vulnerabilities and improve security, the routing devices on your home network should be updated to the latest patches, preferably through automatic updates. These devices should also be replaced when they reach end-of-life (EOL) for support. This ensures that all devices can continue to be updated and patched as vulnerabilities are discovered. This is all well and good. I am in complete agreement. But the practicality of one person trying to run a business, and yet constantly investing the considerable time involved to ensure the networking gear has all of its updates that are available, makes the issue almost moot. Few SMBs I have known, have any idea that the router has an internal interface to log into the inner workings of their router. Moreover, many would simply be terrified to do so. Further muddling this situation is the many vendors who just do not offer clear upgrade paths to their devices. Finally, after three years of enduring this endurance course, the SMB must toss out the device and buy a new one. Networking gear is opaque to most users. Until this situation improves, this issue will remain a very weal link in the overall security stature of the entire Internet.
Employ firewall capabilities
One issue most SMBs face, but may not know it, is your ISP doesn't give
a Horse's Patootie about their customers' security
posture. The ISPs often supply their customers outdated gear that has
little security built in, and that gear may also often conflict with third party
firewall products. The NSA Directive recommends purchasing your own
network gear (pg 2), which I am recommending clients do. The newer
DOCSIS 3.x modems are faster and more secure. But because of the
predatory pricing ISPs offer for the complete package the ISP offers,
including Voice Over IP telephone service, many people have their
telephone calls routed through the modem gateway. That is one more
layer of complexity that makes securing the network more difficult with
third party networking devices.
Furthermore, far too many SMBs and users in general, like the ISPs, just
don't care one Horse's Patoot when it comes router security.
Exercise secure user habits
The crooks cannot steal or encrypt your data if that data set in not
present on ANY NETWORK. The document doesn't even contain the word
"cloud" in reference to storage. I do, however, differ with the
NSA on disk encryption. I have been associated with the
electronics industry in one form or another since 1975, and specifically
computers since 1985. Machines
break; software becomes corrupted and crashes; power failures can have
devastating effects on computer gear. These are just some of the
everyday occurrences that can wreak havoc on devices and/or software.
Moreover, users now cannot easily manage passwords to websites; but at
least those passwords can be easily changed. Forget your encryption key
password and it's just about game over for the SMB. I will not be
the party responsible for that kind of cyber wreckage. If a user
wants to implement full drive encryption that is their choice; and is
mine not to participate.
Ain't it a thing of beauty? You Betcha!
As has been true in all times of rapid change that have come before, navigating through life has always entailed evaluating and
managing risks. And so it is with even the most secure computer
installation. We all do what it is we can do. Prepare for
the next step along the journey. And evaluate where we have been so
as to have a better idea about where to go next. This NSA document
is an excellent roadmap to more secure computing. And allows users
to benchmark their own security posture and prepare for the next steps.
It is worthwhile to
download the PDF and evaluate your own security
posture.
Woke up this morning,
|
¯\_(ツ)_/¯ |
Gerald Reiff |
Back to Top | ← previous post | next post → |