Search Our Site

Our Newsletter

Our Ramblings

Home Network Security

1448644898859For those of us who grew up in the 80’s, we can probably think back to a time when hackers were looked upon as being pretty cool robin hood style outriders who dared to stand up against oppressors. The movie Wargames demonstrated that fascination about the possibilities of connectivity. Drinking terminals, discarded fast food boxes and unfinished cans of flat cola. The reality nowadays is considerably murkier. Hardly a week goes by without a story breaking about the nefarious activities of the hacking ‘community’ which is nowadays better described as organised criminals. As we’ve seen in the past it’s not just security agencies, nuclear launch facilities, or evil dictators that get stiffed by hackers, it’s more often normal folk like us.

In recent years hacking has continued to hit the headlines almost every week. The most well known has to be the UK phone hacking scandal. Ironically, that wasn’t even a true example of hacking as the clueless victims of the “hack” had merely neglected to change the pin on their voicemail from its default setting. It all goes to show that the weakest link in the security chain is usually human stupidity. I suppose calling it “hacking” deflected the glare of publicity away from their own stupidity but thats another discussion for another day. The ones that hit the headlines are usually interesting in some way, but they pale into insignificance when compared to the millions of attempts that occur every day to the rest of us. Cybercrime is big business. We hear it so often that the words threaten to lose their impact.

According to the Trustwave 2016 Global Security Report, there was a recorded 26.6 million victims of hacking and identity theft in a 12 month period during 2015. A number which roughly equates to one person being hacked every second. In 2015, 96% of all hacking attacks were credit card, or payment data theft used in fraudulent online or at the till transactions. Over £24 billion was estimated to be have been lost to identity theft from hackers, with a potential loss averaging £5,061 per household globally.

The checklist of items the hacker tends to go for are usernames, passwords, PINs, National Insurance numbers, phone and utility account numbers, bank and credit card details, employee numbers, driving licence and passport numbers, insurance documentation and account numbers, and any other financial background account details.

How they get this data ranges from acquiring remote access to your computer, SQL injections to a popular website, spoofing a banking or other financial website, remote code execution, exploits in website trust certificates, physical theft, and through social media.

On the subject of social media there are some interesting and worrying facts. According to sources, 18% of people under the age of 19 were the victims of a phishing scam, and 74% were victims when they followed links posted by they know that they believed were legitimate. Furthermore, 74% of all social media users share their birthday information publicly. 69% shared the schools and universities they attended. An amazing 22% of users publicly share their phone numbers, and unsurprisingly, 15% share the names of their furry little friends.

If these numbers aren’t scary enough, there’s the fact that 15% of all Wi-Fi users worldwide are still using WEP encryption for their home WIFI and, 91% of all public Wi-Fi hotspots are unsecured, unmonitored, and available 24x7x365.

And finally, it’s estimated that 11% of all spam contains some kind of code designed to hijack your computer if opened. A further 8% of all spam contains links to websites that have been designed to grab information or download some trojan to gain access behind your firewall.

WHAT CAN WE DO?

We’ve put together a number of measures to help you prevent hackers invading your private domain, whether in the cloud or locally inside your trusted networks.

We don’t suggest you take thing to the extreme but there is a happy medium where you can do everything you reasonably can to protect yourself and educate yourself to spot the signs when they arise.

NETWORK PROTECTION

Starting with the home network there are a number of easy wins we can gain to stop the baddies from getting too close. Most of these steps are surprisingly simple.

CHANGE ROUTER ADMINISTRATOR CREDENTIALS

This is one of the most common points of entry for someone to gain access to your home network. The router you received from your ISP may well be up to date and offer the best possible forms of encryption, but they have a weakness. They usually come with a limited number of preconfigured SSIDs and WIFI keys which can be found on the back of the router on a sticker.

It doesn’t take too much gumption to do a google search and find out the SSIDs and WIFI keys used by the big ISP’s. It doesn’t help that your router is usually advertising itself as a BT, Sky or Virgin Media router and that just makes life easier for the baddies.

A reasonably savvy hacker can therefore gain access to your router, get connected, and even log in using the weak default logins. For this reason we recommend that our customers change the default router usernames and passwords to something more complex.

CHECK WIRELESS ENCRYPTION

Most routers come with a level of encryption already active, but there are some examples where the default state of encryption may be extremely weak, or worse still, completely open.

If you scan your WIFI using your phone and you see a padlock beside your network name then you at least know you have some encryption active. If you then look on your router and it tells you that the encryption method is WEP then you’ll need to fix that PDQ. WEP is the older standard of wireless encryption and can be cracked in less than fifteen minutes by using a variety of tools, all of which are freely available on the net. Unfortunately, WPA isn’t great either, but the its generally strong enough to hold back low level hackers.

USE MAC ADDRESS FILTERING

Every network interface has a unique identifier known as a MAC (Media Access Code) address, regardless of whether it’s a computer, tablet, phone, or sky box.

The idea behind MAC address filtering is simple enough. You obtain the MAC addresses of your devices at home and enter them into the router so that only those you know about are able to connect. Obviously, if you have loads of network connected devices this could take a while. But it will improve your chancer against a drive by hacker in a car outside your home with their laptop balanced on their dashboard.

But hey, MAC addresses can be spoofed, so while the junior hacker will likely give up the more determined one will not. Think of MAC address filtering as putting a padlock on the garden gate; it may stop most casual nasties from entering your garden, but those who really want to get in there will just jump over.

DISABLE SSID BROADCAST

There are two schools of thought when it comes to hiding your network SSID. The first recommends hiding your router’s SSID from the public view, with the idea that invisibility to those around you makes you somehow immune to their attempts. But a hidden SSID may seem like a far more juicy target to a determined hacker with an SSID radio grabber. Both sides of the argument have merit. Are you successfully hidden by being invisible, or is the best hiding place in plain sight? Probably invisible on balance.

USE STATIC IP ADDRESSES

By default your router will automatically assign an IP address to any device that connects to it, so the pair, and the rest of the network, can communicate successfully.

DHCP (Dynamic Host Configuration Protocol) is the name for this feature, and it makes perfect sense. After all, who wants to have to add new IP addresses to new devices every time they connect to your network?

On the other hand, anyone who gains access to your router will now have a valid IP address which allows it to communicate with your network. So to some degree it’s worth considering opting out of DHCP controlled IP addresses and instead configuring your devices and computers to use something like 10.10.0.0 as their range of IP addresses.

Like most good anti-hacking attempts though, this will only slow the intruder down.

ROUTER POSITION

This simple network protection act is one of the best, if done correctly.

Believe it or not, by moving your router to the centre of your house, or more to the rear (depending on where your closest neighbours or the road is), you are limiting the range of your wireless broadcast signal.

Most routers are located in the front room where the master phone socket usually is. This means the router can reach most corners of the house, and to some degree beyond the house. If someone was moving down the road, for example, sampling wireless networks then they would come across yours as they passed your house.

If the router is situated in a more central location, away from the front window, then the signal may be too weak to get a successful reading without having to stand on your porch.

SWITCH OFF THE ROUTER WHEN YOU’RE NOT USING IT

Most people will already do this anyway. Since no one is using the router, what’s the point of wasting electricity?

However, a lot of people simply have their router powered on all the time, regardless of whether they are in the house or not. Granted there are those who will be running a server, or downloading something while at work or asleep, but the vast majority just keep it on.

If you’re not using the internet or any other home network resource, it’s a good idea to power off the router. And if you’re away for an extended period, then do the same.

BEYOND THE HOME NETWORK.

cloud-computingHome network security is one thing, and frankly it’s not all that often you’ll get a team of hackers travelling down your street with the intent of gaining access to you and your neighbour’s home networks.

Where most of us fall foul in terms of hacking is when we’re online and surfing happily without a care in the world.

PASSWORDS

Passwords are the single weakest point of entry for the online hacker. Face it, how many of us use the same password for pretty much every website we visit? Some people even use the same password for access to a forum that they use for their online banking, pretty alarming we think you’ll agree.

Using the same password on every site you visit is like giving someone the skeleton key to your digital life. It’s a bloody pain having different passwords for every different site, but when you stop and think logically about it, doing so leaves you incredibly vulnerable to those who have ill intentions with regards to your identity and bank balance. For many a kind of compromise is usually sufficient. Many of the sites we use on the net that require us to use a password are pretty innocuous. Using the same password for this swathe is normally fine but make sure that you use strong passwords for those services that are really sensitive. More about that below.

Where passwords are concerned, using ‘12345’, ‘password’, or ‘qwerty’ isn’t going to stop someone from gaining access. And passwords such as ‘L3tmeIn’ aren’t much better either. Additionally, as we mentioned earlier, using the names of your pets may seem like a good idea, maybe even mixing their names with the date of your birth as well sounds like a solid plan, but if you then go and plaster Mr Tiggywinles, Rover, or Fido’s name all over public posts on Facebook along with pictures of you blowing out the candles on your birthday cake then you’ve just seriously lowered the strength of your passwords from staying secret.

Security questions and two-phase verification techniques are now being employed by a number of credible sites. What this means is that you basically enter more than one password to log into your account. Most online banking is done this way now, and sometimes includes a visual verification such as a pre-selected thumbnail image from a range that the user can click on to verify who they are.

If you have trouble coming up with passwords yourself, then there are a number of password managers available that can help you create highly secure combinations of letters, numbers, and special symbols unique for every website you visit. Even better they’ll even store them for you in the program itself in case you forget them. They are usually managed by one ultra secret master password. Be sure to keep that one complex and safe. Some examples are as follows.

LastPass – LastPass allows you to create a single username and password while securely entering the correct details.

Kaspersky Password Manager – A fully automated and powerful password manager that can store your username and password details, then enter them into the site for you while remaining encrypted throughout.

Either way, human beings are the weakest link in the secure password chain so any help you can get is to be welcomed.

DON’T TELL THE WORLD EVERYTHING

David Glasser, the MD at Twitter US, recently admitted, “I hate to say it, but in reality, people need to share a little bit less about themselves.”

While there’s nothing wrong with letting your nearest and dearest know what you’re up to on Facebook, you really must consider the fact that they probably aren’t the only ones reading. Facebook and Twitter often come under fire because of their attempts to make users newsfeeds public by default and where you have to jump through hoops to limit the views for your own timeline.

It’s worth taking the time to double-check the security settings on all your social media sites and check back often. Are the things you’re posting on your timeline or feeds viewable by friends only, or friends of friends? Has it mysteriously been reverted back to public viewing? Are you sure you want to display that picture of you sat at your desk with all that information on the screen behind you?

As we said before publicly announcing your private details, like when you’re on your hols and for how long, the names and birthdays of you, your nearest and dearest, children, pets and so on, isn’t particularly smart, but hey we’re all guilty of it.

CLOUD SECURITY

The newsworthy hacking events of Pippa Middleton and many others has rammed home to us the fact that cloud storage isn’t quite as secure as we’d like to think.

Every device, either Android, Microsoft, or Apple, is capable of backing up your photos to its own particular cloud storage solution – sometimes it’s even a default setting. Most of the time the cloud solutions used are so secure that anyone trying to hack into them will have a pretty rough time of it, and no doubt bring down the wrathful vengeance of Google or Apple upon themselves. How the celebrity photos and videos were obtained is something you’ll have to find out for yourselves, but if storing stuff on the cloud is alarming you there are a couple of choices.

The first is to encrypt everything locally on your computer before uploading it to the cloud. This will take time, we’ll grant you, but it means only you’ll be able to decrypt them. Secondly, you could always compress everything first, using Winzip/Winrar etc., then password the compressed file. Breaking a password compressed file takes far longer than it’s actually worth, providing you’re not a celebrity, so most hackers won’t bother.

Finally, there are cloud storage solutions that encrypt the data on the device before uploading it to the also fully encrypted servers e.g. SpiderOak and Tresorit.

CONCLUSION

The very fact that you’re online makes you a potential target. If you’re sitting back and saying “they’ll have no interest in me” you’re sadly mistaken. Lets face it, you’re easy to find, easy to hack, and probably won’t do much about it when you do get hacked. Its in your best interests to stay up to speed with the latest hacking techniques and how to defend yourself against them.

Are Home Firewalls Really That Important?

In the latter stages of the 2nd decade of the 21st century, our homes have not really changed that much from those of our parents. Aside from a new predominance of cheap throwaway furniture, todays house is largely similar to that of the 70’s. Similar, that is, until we change our point of view, examining not the visible spectrum but rather the electromagnetic spectrum. working-from-home_colorThe past 20 years have seen an explosion in our use of the airwaves and that change has not stopped at our front doors. Todays homes are filled with an argosy of gadgets, many of which independently communicate without any intervention from their human hosts. Indeed, whilst the home of the 70’s was equipped with two main communications channels, namely the desktop telephone and the front door, the contemporary home has been unrecognisably changed by the communications revolution. It is the network which has been the real change across the years, allowing us to reach out in countless different ways but also, quietly, allowing the world to reach in.

And reach in it does.

The latest Government Security Breaches Survey found that nearly three-quarters (74%) of small organisations reported a security breach in the last year; an increase on the 2013 and 2014 survey. SMEs are now being pinpointed by digital attackers. If SMEs are being targeted, rest assured that home networks are too.

So how do we protect our homes? Well, the picture isn’t as bleak as it may seem. Most ISP’s provide equipment which has a built in firewall. Firewalls form your home network’s primary defence against online security risks, and can therefore considerably boost your peace of mind concerning your network security. Without any human intervention, the stock firewall set at its default settings is pretty effective. It basically blocks everything from the outside unless it was requested by something on the inside. So far so good you may think, and you’d be right, however its that sticky part about human intervention that hides the real danger. People feel the need to change their firewall settings. Not only that, they download dodgy code, click dodgy links and generally just circumvent all that good security the firewall was designed to provide. Before long the network security is full of holes and the world starts reaching in.

Home networks are becoming ever more complex and the paucity of good quality consumer grade network equipment speaks volumes about our inevitable prioritisation of cost above just about anything. ocean-digital-home-upnp-dlna-font-b-network-b-font-font-b-device-b-font-newsIn their race to the bottom, home network equipment manufacturers need to keep their costs to the bare minimum. They do this by using free vulnerable operating systems which have no simple mechanism to ever be upgraded or more importantly fixed. Theres no getting around the fact that our homes are full of and will continue for quite some time to be full of network equipment that is of a shockingly low security standard.

This brings us nicely back to the question of the home firewall. Yes, generic router firewalls are great out of the box but they only look outwards and never inwards. It is becoming increasingly apparent that home networks which are basically the same as small business networks require better. Low cost solutions do exist and they are effective. For example for those with a spare PC hanging around, the option exists to install a free software firewall (e.g. Sophos XG Home Edition) but its far from an elegant solution to keep a dedicated PC powered up 24×7 and it is one which few consumers would countenance. Other dedicated hardware solutions exist of course but they can be expensive and are in all likelihood, business solutions. Sadly, for the consumer, the choice to manage a firewall in the home is still the preserve of the nerdy computer enthusiast who, ironically is probably less vulnerable than most.

legislationFor now the discussion remains unresolved. It is unlikely that the consumer will find it in their gift to look beyond cost to something that keeps their online lives secure enough and it will likely therefore fall to some broader agency to act. Whether that agency turns out to be the government, the banks who perhaps have most to lose, or some other combination of private sector collaborators remains to be seen. One thing however is certain. The problem is going to get worse before it gets better and it will probably take some form of paradigm shift in public perception for the motivation to be found.

Lets hope the cause of the paradigm shift isn’t too painful.

Features of Surveillance Systems

dvrThere are many features that are available with different DVR home and small business surveillance systems. Some features come as standard with many surveillance systems, while other features can cost extra. The following table provides a list of the most valuable features of any DVR home and small business surveillance system for those who want to stick to a tight budget.

Motion Detection – These pick up movement within the home and small business, when the alarm is set; strategically placed throughout the home and small business to cover all entrances and exits

Interactive Monitoring – Allows home and small business owner to access system via cell phone and Internet; system can be turned on or off and settings changed remotely; also offers email and text alerts

There are many features offered with various DVR home and small business surveillance systems. The more expensive the system, the more features it should offer. For those who don’t want to spend excessive amounts of money, but still want ultimate protection, the above features are a good selection.

What to Consider When on a Budget

DVR home and small business surveillance systems can be very expensive, but they don’t have to be. There are a few aspects of any surveillance systems that, if carefully considered, can help the buyer get the most out of even the smallest of budgets.

Size of the Hard Drive

A DVR system can record onto a hard drive. The size of the hard drive determines the length of recording time the system is capable of. There are various hard drive sizes, with the most common being , 500 GB to 750 GB, and 1 TB to 2 TB, Naturally, the smaller the hard drive, the less expensive the unit. A unit that offers up to 500 GB is normally more than sufficient for most home and small business surveillance needs, making it unnecessary to spend more money purchasing a larger hard drive.

Number of Channels

The number of channels a surveillance system offers determines the number of different cameras that can be used with the system. Buyers generally have the option of 4, 8, 16, or 32 channels. For most residential home and small business surveillance needs, a four or eight channel system is sufficient. This means the user has up to a maximum of eight cameras to use.

Camera Resolution

The term resolution refers to the number of the smallest picture elements or pixels that make up a video image. The more picture elements, the better the detail of the picture. Resolution for analog cameras is typically measured in Television Lines or TVL where resolution in digital cameras is typically measured in pixels and communicated by either the number of pixels both horizontally and vertical (such as 640 x 480) or as a total number of pixels in the image (such as 1.4 megapixels).

In a camera system, resolution is typically the balancing factor. Depending on the purpose of your system, you may need a large resolution in order to recognize faces or licenses plates. Under other circumstances, you don’t need a high resolution at all because your field of view is so large you only want a general idea of what is happening. Typically adjustments to a camera system are made to get the most resolution with the lowest storage and bandwidth requirements.

Self-installed Systems

Many DVR home and small business surveillance systems require an experienced professional to install. This can end up being very expensive. For those who want to buy a surveillance system on a budget, a self- installed system can be a good option. These systems are designed to be simple to install with minimal knowledge required. These products tend to come with step-by-step installation instructions.

Preferred Specification Minimums:

CCTV Digital/Analog Systems:
Camera Resolution and IR : Minimum of 600 tvl. The higher resolution the clearer. With IR minimum of 35 feet. Weatherproof if installing outside. DVR: Recording capacity of at least 20 days. Online calculator below. http://www.zmodo.com/tools/dvr_storage_calculator/dvr-storage-calculator.htm H.264 video compression is preferred compression

If you want to be able to view system remotely, make sure it has mobile phone viewing Apps for your type of phone. IE… Android, Windows or iphone.

How to Set Up a Wireless Network Webcam

If you want to monitor your home remotely with a security camera, using a wireless network camera is the most permanent way to do it. You can make do with a standard USB webcam (or use your iOS or Android device as a webcam), but wireless network cameras are easier to position and they’re designed for the task. In this how-to, we’ll walk through the process of setting up a wireless network camera and using it for home monitoring.

For this how-to, we decided to use the D-Link DCS-932L wireless network camera, which you can connect to your network via ethernet or 802.11n Wi-Fi. Of course, specific setup instructions differ from camera to camera, but we’ve found that many of the basic features that you’ll want in a wireless network camera are similar for most models.

Step 1: Find the Right Place for Your Wireless Network Camera

Before you start configuring the camera, you should try to decide where to put it. The main limitation here is the power cord: You’ll have to place it fairly close to a power outlet, or you’ll have to use an extension cord–meaning that you probably won’t be able to position it in an elevated spot without leaving unsightly power cables dangling from your walls.

You’ll also want to test your network connection from the spot where you want to place the camera. The easiest way to do this is to grab a laptop, put it in the spot where you want to put your camera, and see whether you can get a reasonably strong wireless network connection from the laptop. If your laptop struggles to load basic Web pages over Wi-Fi from that location, you can bet that your wireless network camera won’t be able to upload a constant stream of video from there.

If you’re concerned about your camera’s wireless network reception in the spot you’ve selected, you can use a Wi-Fi stumbler app like InSSIDer or NetStumbler to see whether any nearby networks are running on the same channel as your home network. If your neighbor’s wireless network uses the same channel that yours does, the competition can make it harder for your Wi-Fi devices to connect to each other. Run the stumbler app. If you get strong signals from other networks on the same channel as your network, change the wireless network broadcasting channel in the setup interface of your wireless router to something that your neighbors aren’t using.

Step 2: Configure Your Wireless Network Camera

These directions are specific to the D-Link camera that we’re using. If you have a different camera, the setup process will vary, but it’s likely to be quite similar.

Start out by plugging the camera into a power outlet close to your Wi-Fi router. Connect the camera via ethernet to your router (if your wireless router has a built-in ethernet switch in it) or to a connected ethernet switch. Alternatively, if your router supports Wi-Fi Protected Setup (WPS), plug the camera into a power outlet, open the D-Link setup wizard on the included CD, from a PC connected to the same network as the camera, and press the WPS button when the wizard tells you to.

Once your camera is plugged in, navigate through the setup wizard provided on the CD. For the setup wizard to work, your PC will must be on the same network as the camera. Depending on the version of your software and on your network connection, everything might be running just fine by the time you reach the end of the wizard. On my first attempt, though, I couldn’t get the camera to connect to the wireless network or register with D-Link’s Web-monitoring portal, Mydlink.com. Instead, I had to update the camera’s firmware and run the wizard a second time, using the following instructions.

First, run through the whole wizard and see whether the first attempt works. If it doesn’t, click the Camera Settings button at the end of the wizard setup process to grab the camera’s local network IP address. Open the camera’s configuration page in a Web browser by typing in http:// in your browser bar and pasting the camera’s local network IP address. From there, I logged in, using the administrator login and password that I had specified during my first trip through the setup wizard; clicked Maintenance, Firmware Upgrade; and updated the camera firmware to the most recent beta that D-Link had on its website.

Once I updated the firmware, I stepped through the setup wizard again, and this time everything connected just fine: I could remotely view the camera via Mydlink.com without a problem.

Step 3: Set Up Your Wireless Camera’s Motion Detection Features

Now you have a working wireless camera, and you should be able to view whatever it’s filming from anyplace where you have an Internet connection, either with Mydlink.com or with the camera’s Web UI. But unless you plan to be at your desk monitoring the camera feed 24/7, the “always on” functionality isn’t particularly useful. That’s why most wireless network cameras include support for motion-tracking features that respond to sudden changes in the scene–such as someone walking by the camera–and send the images to you via email or FTP.

You can usually access these email- and FTP-alert features through the camera’s Web-based configuration interface (the same one that we used to update the firmware above), though some manufacturers may include desktop software for you to use instead.

For this D-Link camera, open the Web interface and click Setup. Then click Motion Detection from the side menu, click Enable, and specify which blocks in the image you would like to monitor for motion. This ability to define what motion will trigger the motion detection software to activate the camera can be particularly handy if you’re worried about setting the camera off too often. For example, if your camera faces a window with a tree visible outside, you can exclude the regions where the tree might sway in the wind, so you won’t get email notifications every time a stiff breeze blows through (while still including the area that a potential intruder might pass through when breaking in at that window). Once you’re done, click Save Settings.

Next, let’s set up the camera’s auto-email feature. Click Mail on the left-hand side of the page to get to the configuration page. Here, you’ll need to find the right settings for your email provider–at right, I’ve filled out the settings for using Gmail’s SMTP server, which you can find at Gmail’s “Configuring other mail clients” help page. Next, check Enable emailing images to email account, and check the Motion Detection radio button to set the camera to email you images every time the motion detection sensor is set off.

Now you have a wireless network camera set up with basic surveillance features that make it perfect for monitoring your home, children, pets, or snack fridge at work.