 Okay everybody welcome again. Okay, do we do the test now or do we do a lecture? What do you think? We start Igor. Okay, on the rhythm of the music, on the rhythm of the music, so Igor is going to give us actually an introduction to the home network safety and I Hope to get some tips there as well. I tried to find out more secrets about him But he doesn't want to tell and maybe have to remind him of what he did last night, but let's not start this Light the fuse put it in play. Please Igor. Thank you Okay, well, it wasn't great start. I've just broken the job tonight. All right Good evening or afternoon whichever Thank you for having me to speak here. Thank you for that all and welcome So is anybody wondering why there's a a picture of some chocolate confectionery on there Me too. Oh, no, no, no, I'm supposed to know one day, right It is an after a mint crispy shell squidgey interior So what what do we have a picture of after a mint there? Well, if you've been around that security for a while, you probably have a good guess as to the illustration If not, hopefully by the end of this talk, you'll have a good idea as to why the after a mint is a good representation of a typical home network security In model and what the problems with that are So what are we going to talk about on this talk? Excuse me. I just need to click one thing Probably has to do with your home network There you go. Right So what what are we going to talk about we're going to talk about the fundamentals of home network security It's going to be very high level. It's not going to be in depth if you've never done anything networking before that's not going to be a problem Obviously in 40 odd minutes, we can't go into great detail What I'm hoping is by the end of this session You'll have a good grounding in which to go away and do some more thinking small research and to think about What aspects of the things that I raise might be applicable for you to do something about? Why why do a talk on Basics of network security at a camp like this and obviously come on this is going to be loads of experts Well, there's a few reasons first off not everyone's an expert in networking There's gonna be loads of people in this camp who for whom networking is a bit of a blackout It is a large topic I deal with experts quite frequently. He were really really really good coders very low level GPU based coding As soon as they start talking about networking, they're completely in the dark They all know almost nothing about it and you look at some of the code that gets produced and it's abysmal So networking is a something that you know even an expert in another area of IT can learn Another reason is I'd like to encourage other experts on network security to be talking to their friends colleagues Etc about these things and hopefully some of the things I raise here might prompt them to start to think about doing that It's also a topic. I find a lot of people don't know very much about Talking to people generally you kind of get the impression that no security isn't really something they understand So how are we going to do this? I'm going to use the vulnerability management theory as a basic framework to structure this talk around So let's have a quick look at that There are four basic bits within vulnerability management theory the assets the things that we have the things that we own The things that we want to protect They could be digital, you know your your email your files your PDFs, whatever that could be physical your phone your tablet The threats the threats are things that we want to protect against Self-explanatory really Vulnerabilities vulnerabilities aware either people or systems Create a weakness that the threat could exploit And then risk is the exposure of our assets if a threat is successfully managed to exploit of vulnerability So let's kind of turn out to take those four items and apply them to Network security. So what does an asset in a network? The physical infrastructure the yeah the plumbing Our internet circuit coming to our house the physical cables if we've got wide ethernet the switches the routers that kind of thing the connected endpoints So that could be your your laptop your phone Any other device that you have in your home that's connected to your network and the data on the endpoints in some ways This is probably the most important item the data on your endpoints is probably the your most valuable asset within your network You know if at the end of the day if somebody steals your PC You can replace it fairly easily if somebody steals your files and you haven't got another copy of them and they're gone That might be much much harder to recreate So threats what threats do we see? various types of threats denial of service attack The internet circuit to my house comes in over an overhead cable if somebody takes a pair of tin snips to that cable and cuts the cable I've got no internet now for me as a home user being convenient I have to phone the ISP and get them out to fix it But it wouldn't be terrible if you're a business of some kind actually that could have a serious consequence ransomware I'm sure everyone's seen multiple news stories over the last couple of years about a number of high-profile ransomware attacks And obviously for those who are affected they can be quite devastating Fishing fishing is still one of the most common and one of the most effective ways of breaching someone's network security whether it be home or business It's much easier to manipulate people than it is to manipulate object computer code, etc Data theft Again, you know nobody wants to have their data files stolen tracking a Lot of corporations governments websites, etc We'll do various bits of tracking and you know from a privacy point of view We might want to be concerned about that and think about that identity theft There's a real problem for those who happen to become a victim of it It can take weeks months years to try and sort out the resulting mess Botnets Obviously if your device gets compromised it might get used by a malicious entity in order to perpetrate whatever they're doing That can cause you problems in that it can come back to you in terms of Somebody logging that the malicious traffic was coming from one of your devices Sources of threats threat actors individuals from this is intent the Individuals from this is intent very very greatly So their their capacity to do damage and their intent can be quite different nation-state sponsor groups are very very common several most most world powers big will powers have Sponsored hackers who will attempt to infiltrate systems commercial organizations We give So much of our data away to commercial organizations without really thinking about it And maybe we need to start thinking about how much of that we should do and how much is reasonable So sources of vulnerabilities design problems So this is where somebody is designed an application or a system and there's just a fundamental problem with that design Implementation flaws. This is where the design is fine But actually when that design has been translated into the appropriate code or the appropriate hardware There's been a problem at that stage and there's resulting weaknesses Configuration issues. This is a very very common. This is probably one of the most common problems that I see in terms of Systems being insecure when they shouldn't be it's because somebody's either misunderstood how to configure the item or configuration has changed over time So someone's done something and then someone else has done something else and someone else has done something else and the system Is no longer secure because the original intent has been lost Failure to apply security updates there are dozens and dozens of attacks every year which are successful Purely because people haven't applied security updates These are known vulnerabilities have been around for years and years and yet systems are still vulnerable And assumption of trust Which we like to trust people we like to yeah, so someone says hey can I plug this into network? We want to say yes, we want to be helpful So but do you know is that necessarily always the right thing to do? Do we trust the the people do we trust the devices do we trust data? phishing attacks are very very common and still Successful because people will trust attachments. They receive by email. They'll open them and the payload gets executed We trust people a common problem in commercial organizations is people phoning a help desk and saying hey I'm so and so from HR. Yeah, I'm an assistant to so and so I've got this urgent deadline I've lost my password. Can you help me and a junior analyst if there isn't appropriate procedure in place will say Yes, and try and be helpful and then you have a compromise So let's look at some vulnerabilities in a typical small network as in what you'd have at home or a small business This little blue box is basically representative of the typical edge device which tends to be an all-in-one firewall router Wi-Fi access point Etc. We'll have some form of Modem in there DSL VDSL whatever that's going to connect us to the internet. That's going to give us our wide area network side our external Gateway will have some form of routing and firewall functionality This will basically enable us to Send data from the inside to the outside and back again with some degree of control We've got an internal side Which is going to typically going to be Wi-Fi and some form of Ethernet ports Usually these devices have some from a web server for configuration and Many of them have some from a file and print service So you could plug a USB key in the back of it will have some files on there or plug a printer into it Client devices we have all sorts of client devices. We connect years ago. You tend to just to be desktop PCs Then as things moved on people started doing laptops Yeah, more recently tablets and phones More recently still we started to see more and more Internet of things so security devices might be your home security system might be IP cameras Environmental controls have become very popular to attach to home networks lighting particularly in the last couple of years has kind of exploded Appliances, so you know your internet connected fridge freeze a washing machine, whatever Typically these devices have closed source firmware. You can't see what's going on under the hood on these devices They're usually built to a cost which means that the Manufacturers trying to make them as cheap as possible because essentially they want to give them away with a service Like if there's a couple of problems one is that they have a lack of incentive to maintain it because they want to keep the cost down And also they tend to have a lack of features because they're built to the cost Adding more features has more cost a little potential issues. They're really often remotely updatable by the ISP Which means that you could look at the device and say yes, this device is fine. It's okay But actually tomorrow it could have had a firmware update no longer be secure The web server has a potential weakness point of weakness a lot of these devices Historically and even some still today the web in configuration interface is Accessible on the outside if that web that obviously gives a nice leverage point to start trying to attack the device The file and print server again often the the code on these devices written once dumped out Hundreds of units shipped and doesn't get updated So for vulnerability discovered in either the web server or the file and print server functionality, which is probably the most common location to find an exploitable fault then That probably isn't good to get fixed The final issue is the fact that on the inside we have a flat network What do I mean by flat network? This is the after eight minutes that we're talking about earlier Essentially, we have a sort of a crunchy crispy exterior, which is our Router components in the middle here in yellow which is protecting us from everything on the outside But everything on the inside is one big squishy mess So if a device on the inside of our network becomes compromised then everything within that network is then compromised or Can be attacked by the things that are that have been compromised So that's looking detail a little bit more about how networks work in order to understand how we can then address some of those problems I Put this TCP IP model on the right hand side This is more for reference for you to look at later And I'm not going to go into great details about the how the model works now because it won't be time Essentially, our network is some form of communications media. It could be a wire It could be ethernet as a Wi-Fi, but essentially there's a communications underlying communications media Each of our clients will attach to that media in some way using an interface the So at that layer of the network access layer What we're basically looking for what basically have is Local transmission of data in an addressed frame So basically when we want to send something from one machine to another we build a frame We drop that frame onto the network and the interface deals with how we convert the signaling from something digital On the client device to a physical electronic signal Propagating across the wire At this level Yep, so the the predominant protocol for for this level will be ethernet if you want to do more research on that later Our next layer up would be the internet layer. This is where we have logical addressing One of the limitations of the interface layer is that we can only deliver Our frames to another client's machine if we already know the address of that client machine Or we have some way of Locally finding it out. It doesn't scale. So if you want to build a network on the side of the internet you can't do that with purely Locally addressable frames so the internet I address is that problem by giving us logical addressing The units of transmission across that would be packets So essentially we take a chunk of data and we say we're gonna break this chunk of data into individual packets I'm gonna put them on the wire There's no guarantees at this stage that those packets will or won't be delivered So they may arrive they may not and the order that they arrive it may or may not be the order they were sent in One of the advantages of this layer however it gives us the ability to root so we can build scalable networks We can have a small network here and a small network here and we can root between the two of them That that enables us to build a network at scale like the internet Typical protocols you'll see here for future reference internet protocol ICMP and The next layer is the transport layer At this layer this layer deals with end-to-end Communication so this point we can say we're gonna have a reliable delivery mechanism from client a to client B We're also gonna add another concept which is the concept of ports the idea of ports is that we can say We can have multiple applications running on client a talking to multiple applications on client B And in fact so they can all have their own stream within the network So your your typical protocols here are for reliable delivery would be TCP transmission control protocol and then there's also best effort Protocols common called UDP use a datagram protocol, and that's basically just lob it on the wire and see if it gets there because we don't really care Our final layer is the application layer So this is typically HTTP FTP SSH So this is where the applications that we're using are interacting with the stack below So what vulnerabilities do we have here well access beyond least privilege is the is the first issue So if we have a Wi-Fi enabled light bulb and a desktop PC on a single flat network in theory the Wi-Fi enabled Light bulb could attempt to establish an SSH connection to the PC Is there a legitimate reason for a Wi-Fi enabled light bulb in your house to be trying to SSH into your workstation? probably not Another potential issue is guest equipment that somebody comes around to visit They say hey you can jump on your Wi-Fi you say sure give them the key You don't actually know what? Networks their PCs been on before You don't know whether they're running antivirus software Etc their machine could have been compromised somewhere else and then you're dropping on your network It's then got access to all the devices on your network because it's a single flat network The other thing is that typically your guest device is probably going to be on Wi-Fi Wi-Fi has a whole other kind of worms in terms of vulnerabilities. Let's look at a few of those Do you control the hardware if you go to a coffee shop? Jump on their Wi-Fi. You've no idea what hardware. They've got who's running it what it's doing Do you control the software you might own the hardware Yeah, if you've got your router from your ISP at home But you don't control the software or the firmware on that device Are the protocols broken? So Wi-Fi there are a couple of older protocols WP what equivalent privacy and WPA the original version Those have both been broken that they're broken they're cracked you can compromise sessions using those Who have you given access to as we've already said, you know another system secure Whose network if you connected to if you've been out and about somewhere you've plugged into somebody else's network What's been going on that out? What do you know has your machine been compromised now? You then bringing your machine back to your network to potentially compromise more things on your network Wi-Fi obviously gives you a non-physical attack vector You can sit in a car outside an office and and see their network So risks we said that basically risk was the exposure our assets if a threat exploits of vulnerability So what do we do? What do we do about the risks? What are our options? Two choices first one is ignore or accept it That kind of sounds like crazily, but actually it's not The difference between ignoring it and accepting it is basically risk analysis if we just choose to ignore a risk Okay, that might be a bit dicey if we deliberately choose to accept it. That's okay We might look at the probability of something happening. So we so we do some analysis. We say, okay What's the probability that's happening? So my internet service coming into my house while the overhead line What's the probability of somebody chopping that line not very high? What's what's the impact if somebody chops it? Well when my internet services off for a while But I could always do a hot spot on my phone What's the cost to me? Well, probably nothing because the ISP will come and fix the cable for free So am I going to spend time on money trying to prevent that? Possibility probably not I'm going to choose to accept that risk The other option is to mitigate Mitigation can take many forms and we're going to look at a few of those now So it's some groundwork for mitigation. There's no magic bullet. I get Questions quite frequently saying what software should I buy to make me perfectly secure on the internet or some variation of that? There is none A better question to ask will be what is an acceptable level of risk for me personally in for you For you as individuals what you need to do is to say, okay What risks are there to my data my privacy on my network and what if anything do I want to do about those? Don't try and do everything at once there are loads of things you can do to improve network security If you try and do them all at once you will go mad and you'll probably break your home network in such a way That you can't figure out how to fix it change one thing at a time learn one thing Make it an incremental process Presumable be compromised so sit down and just think about here. What happens if What happens if and then think through those things think through what the consequences would be that will give you some kind of Idea then of how you might want to prioritize So that you don't try and do everything at once you can say actually I'm going to do this first And then I'm going to do this and then I'm going to do this If I security in layers I see I've come across quite a lot of people who will sort of say I've got antivirus my pcs. I'm done Is that enough well probably not You know how you can have the best antivirus on your PC going, but if your Edge router firewall device is set up in a way that allows any traffic inbound Your machine is still going to get compromised whether you antivirus or not Security is an iterative process. You're never going to do all in one go and everything is constantly in flux So it's one of those things where you can't do it and forget it every time again You've got to go back to it and say what's changed, you know, what new devices am I adding to my network? What's changed in terms of security awareness? What protocols have been broken that weren't previously broken? the best thing you can do for network security is not software it's a personal Skepticism and good critical thinking Asking the question is this a good idea should I do this? Why what might be the Impact of this be will get you a lot further than trying to buy the latest gizmo that says I can do all these things and make your network perfectly secure So risk mitigation knowledge Know your gear So if you're putting things on your network Have some understanding of what those things are what they're doing and how they're working Dare I say it think about reading the manuals Think about understanding What protocols they're using and why what think about what they should be connecting to and why? poor scanning Again, if you're completely new to networking poor scanning is probably near some kind of black art In reality, it's actually quite simple to install a program like end map point to do your home network and say go And you'll see what comes back Even if you do nothing with that other than make a note of it and then do it again in three months time and see if anything's changed That would be a great start because actually that will give you some kind of baseline to know What is normal on your network and when you see changes you can you cast the question? Why what's caused that change? Is it something I've done? Is it something I've added? Is it something I've removed? Logging If your firewall stores logs every now and again have a browse through them see what's in there See if things look normal or abnormal again If you do it more than once over a period of time You can't you kind of get a picture for what normal looks like and therefore when you see abnormal you can you can respond to it monitoring detection systems At this stage you're kind of getting into slightly more advanced stuff If you get this far you're probably getting beyond Way beyond the average user But there are various systems you can put in place to give you more data about what's happening on the network Packet caption analysis will be sort of the top of this tree where you're actually pulling packets off the out of the network and Having a look at what's the side them and analyzing them. So this kind of whole Stack here kind of ascends in complexity. So, you know start at the top end with knowing your gear and Work your way down to to wherever you're comfortable and you know see where you go risk mitigation traffic separation traffic traffic segregation is Kind of a key area for securing a whole a network of any kind it's applying the principle of least privilege It's saying that Wi-Fi enabled liable. We should not connect to My PC and make SSH connections to it and I'm going to do something to actually prevent that There's a couple of ways we can do that We can do it the physical separation physical separation is basically saying we're gonna have two sets of wires In effect of two completely separate physical networks. It's a bit like the plumbing in your house We have one set of pipes of hot water one set of pipes of cold water the other option which we can do with a a Digital network which we can't do with a plumbing Would be to have a virtual segregation So essentially when we build our Packets that we put on the network we could put a little tag inside them to say This packet of data belongs to this network and we can therefore segregate traffic traffic and keep it apart It's unlikely that an ISP supplied all in one edge device is going to support this kind of segregation of traffic So at this point you probably need to be starting to think about whether or not It would be a good idea to invest in a better edge device that can give you more capabilities And there's loads of them out then I'm not going to try and list them all now because we hate on Christmas How can we mitigate risks of Wi-Fi First off as this idea hiding doesn't really work. Just don't bother There are ways of discovering that a network is there even if you tell it not to broadcast the fact that it exists Weapons broken as is the original version of WPA If your device will let you let you turn them off turn them off if it won't let you turn them off by a better device Don't use SSIDs that make you a target if you have an SSID that says unhackable Someone's going to take a pop with it Consider shutting down SSDs when SSIDs when you're not in use if you have multiple SSIDs for different things and some of them You only need at certain times If your device supports it have it automatically shut off the ones that aren't in use when they don't need to be there WPA 3 is a thing there Might be worth looking at Yeah Consider where you put your access point in in the house I see a lot where people just dump them on the windowsill right because that's the nearest thing to the phone sockets Obviously, that's then giving maximum propagation into the street outside if you've relocated to the center of the house That will really that will reduce the power that's being radiated outside of the property Which reduces the attack vector? Your Wi-Fi is only ever going to be secure as the weakest device you connect So think about what you're connecting to your Wi-Fi And if you have devices that you think might not be particularly secure think about setting up a separate SSID and ideally virtual LAN For those devices so that traffic is segregated and if one of those devices is compromised You the attacker can't get to all the other devices on your network Segregate traffic kind of same point really Disabled access to configuration interfaces from Wi-Fi so If you have your Wi-Fi access points and your your home router your firewall, whatever These devices typically have web configuration interfaces. You don't really want to Be Enabling access to those from a Wi-Fi connection Ideally you want to do those so that you can only get to them from a hard-wired connection That way if somebody compromises your Wi-Fi in some way They're not going to Take over your network by attacking that your your your router or your access points Disabled Wi-Fi protected setup. Wi-Fi protected setup was one of those technologies that is designed to make people's lives easier It has vulnerabilities and essentially you can brute-force your way into any network you're using WPS Yeah, just turn it off and then just connect your main Wi-Fi connections manually without using WPS Subscribe to alerts for vulnerabilities and patches and apply them most of the manufacturers for Good quality networking equipment even at the budget end We'll have alert systems where you can sign up and they will send you alerts if they have some form of vulnerability They've discovered on that advice and they have a patch available for it or a mitigation of some kind of work around Apply the patches as I said previously one of the most common attack vectors is People attacking systems where a vulnerability has existed for a long time, but people haven't patched Configure logging alerts if your device has supported Turn on the logging and then look at it every now and again Use strong passwords to consider and multi-factor authentication. So again, this is getting more interested of some small business territory if you have Network devices that you're responsible for and you can the authentication Mechanism for configuring those devices wants to have a good password and if you can have MFA on it even better Consider WPA to enterprise never WPA to personal so WPA has Two modes personal is what you pretty much everyone use at home where you have a pre-shed key You tell you want to connect to the SSID asks you for the key you type the key in and away you go The enterprise version of that essentially you back off the authentication to some form of authentication server And you have a list of users that can connect If you're looking at any kind of small business type network That's some that's something you should look at and research ideally on any kind of I don't need any business network. I would say you want to use enterprise or other personal I do know people use enterprise on their home networks 82.1 X is a way of Authenticating a device to a network If you get really serious about no security definitely with something worth looking at if you're if you end up in any way Looking for after any kind of business network again. Definitely look at 82.1 X Your Wi-Fi isn't as secure as the firewall so you can have you can have the world's best Wi-Fi access point But if your firewall rules a pool Then your network isn't going to be secure Think about disabling UP and P again one of those technologies in it designed to enable things and make it easy for people but actually There are a lot of weaknesses in that and you're probably better off just turning off and then making the configurations on your firewall yourself That way you understand what's been done on why? Don't enable or to connect on other people's networks, maybe yeah, it depends how much you trust them But if you if you're in any way unsure about the know it But you really want to use it turn off the auto connects that if you're there again at some future point You're not automatically connecting to it general risk mitigation for networks Data retention don't keep your data around for longer than you need to if you've got all data That's defunct get rid of it because that way if you do get compromised in some way that data isn't being harvested DNS Talk before this one Go look it up if you weren't here catch the stream There are ways in which DNS can leak your so DNS can leak information about what you're doing VPN consider considering a VPN So if you have any reasons not to trust your local ISP Using a VPN to make a connection to a trusted third party of some kind to push to your browsing and your other traffic through Can give you quite a good degree of security and privacy Antivirus, yeah, we're an antivirus generally good idea Remover needed devices and services so look at your devices look at your things you're connecting to your network and say Am I using all the features on this device if you're not using a feature and you can turn the feature off turn it off because that way if there is a Compromise of some kind in that particular feature you're already automatically protected because the features not enabled Is your hardware physically secure if you're putting IP cameras on the outside of your house Can somebody wander up to one of those pull it off the wall and in some way Gain access so think about what you know where your hardware is whether it's secure or not Be vigilant with devices you take to third-party networks Think about the what-if before you create or store any data or use services provided by third parties whether it be Have your other T's and C's for you for your Gmail account. Yeah, what's Google going to be doing with your data? Think about whether or not you need JavaScript on your web browser Be afraid of links in emails or attachments to emails Very very common form of phishing very very common way of compromising networks both home users and within businesses Use good passwords and use a different password for every different service that you have You can get a password manager You can think of one really good password for the password manager and then you can have really complicated snarly passwords for every single service That way if one of those services is compromised The only thing that they attack and our has is is your password to that service not to every service that you use Be careful what you install not all free software is free If you're running devices inside your network that Want to send mail or the one to do name lookups consider Having a proxy device where which you trust inside your network that you those devices talk to you Rather than going them going directly act or something out on the internet slightly more advanced probably more business oriented that one Containerization is one of the best ways of securing web browsing and email Most people don't do it even within businesses, but it's definitely something worth thinking about if you if you consider Compromise through web browsing or through Email of risk essentially what that says is let's run our web browser and some kind of container Where if there's some kind of compromise the container gets trashed, but everything else is okay I know people who run Raspberry Pi is just for web browsing and they only do the web browsing on the web Raspberry Pi that's kind of The high end of containerization in some ways there are other ways of doing it with an operating systems You can virtual machines where you just run those applications If you visit interesting places China, etc Assume your device will be intercepted and tinkered within some way Consider taking a burner device rather than your main device encrypt your data You can't get stolen lost left somewhere If your data is encrypted, you're probably okay if it's not someone's got it Punching is pointless if your configuration management is poor So if you set your firewall rules up on your firewall to allow any traffic to anywhere Even if all your patches are applied and you're on the code is good. You're still vulnerable Take backups. This is the number one thing in many ways. I deal with so many people who say I've got this problem with this disk. I can't get the data off it anymore And the first thing I say is have you got a backup and they think no So no security starts with knowledge The more you know the easier is to sort of understand what the implications of what you're doing are with your network Knowledge is the basis for risk management once you know what your devices are and what they're supposed to be doing You can manage the risks associated with them and make informed decisions about Whether to have that device on your network and how to configure it Aim for incremental correct gains. Don't try to do everything at once slowly build up your Confidence your ability and knowledge on the security of your network So So, thank you very much for listening to this talk if you want to send me any feedback, please do I'd love to hear it big thank you to all the angels who assisted with this talk and supported it Happy hacking. I hope you have a great conference Great eager. Thank you for helping me sorting things out back home Are there questions in in this room ladies and gentlemen someone with a question? You didn't dare to ask them They don't dare they don't dare No one dares here, okay, then we go party. What do you think sounds good drink? Yeah? Thank you once again Igor. Let's see you soon Have fun everybody