 Think Tech Hawaii, civil engagement lives here. Welcome back to the Cyber Underground, I'm your host, Dave the Cyber Guy, I'm Dave Stevens, I teach at the University of Hawaii Capulani Community College out here just about nine tenths of a mile away from the beautiful sands of Waikiki Beach, and today I have my compatriot from Capulani Community College, Hal the networking guy, Hal, welcome, thanks for being on the show. Glad to be here. I'm also an assistant professor of IT out at Capulani Community College, and you helped me teach the cybersecurity crowd. We do the cybersecurity courses, and we got a new semester coming up, I'll cyber all the time, and we're having a great time, and class is going to start rolling in August, so if you're out there sign up and come see us, and we'll teach you all the way through the first two years of your cyber operations program, and get you into the cyber industry, which is a huge industry now, with zero percent unemployment. Yeah, amazing. A lot of people say it's negative, yeah, but I don't think they do that, it's just zero. You just say I have a cybersecurity certification and a little education, and you have a job. And out here it's rolling with the DOD and all the other agencies, the FBI and even companies, highly, highly crazy. We're having a fast growing area. And needed. For employment. It's a tremendous need right now, and we're going to talk about that. We're being attacked on all sides. Constantly. Russia has, you know, is notorious for attacking us. China laid low for a while, and now they just ramped right back up with their new attacks, and North Korea has been persisting, even though we had the summit, there's nothing about cyber in there. So they just kept right on rolling with their attacks, and most of the attacks are focused on small office, home office, or what we call SOHO equipment. And that's our home, our small office, medium sized businesses that just put in a router or Wi-Fi router, and they turn it on because they just have a need for a more efficient network. But they skip a few security steps, so that becomes a target. And that's what this new malware from these three different countries is targeting. And it's not just where we're attacked on all sides in the U.S., out here in Hawaii, it's pretty unique. We're in the middle of the Pacific, but we're on the Pacific Rim, the Rim of Fire, and all three of our enemies are just to the east of us. So Russia's got some territory on the Pacific, so does China, of course, and North Korea. And we're at the vanguard of the assault, if anything ever happens. It's a unique position out here in the Pacific. What do you think about that? Well, people probably wonder, why would North Korea or Russia or China want to hack my router? What are they going to get from me? But this gives them a launching point for other attacks, and if they can create botnets here within the U.S., then they can launch attacks essentially from inside the U.S., instead of having to launch them from their own country. Remote control networks that are hard to trace back to their source, and the malware can essentially sit on your device and have absolutely no effect adversely on your system. So you really, you don't care. You're not going to go hunting it down because there's not a problem, but when the time comes, you're going to be used for an attack of some kind, or at least what they call a proxy. A jumping point to another point to another point, and you have several proxies in a row so you can make a more effective attack and not be traced, so you're not leaving as much of a footprint in each place. It's hard to trace back. And the malware that we were talking about from last week actually has a self-destruct capability. So after they're done with the attack, they can basically erase that device so that there's no more trace of what they did. And your device just stops working, and you don't know why, and you think, well, something went wrong with it. I guess it failed, but it could have been, you know. And nuked by remote. Nuked by remote so that there's no trace of what was done. Smart stuff, and it just keeps getting more and more sophisticated. And I think, I don't think I've mentioned this before. I used to use Apple routers. They were my favorite, Neckring devices. Really solid, good Wi-Fi connectivity and good range and solid performance. Unfortunately, Apple couldn't keep up with the security requirements of the newer routers so they're discontinuing making networking equipment. Yeah. Yeah, they're backing away. They just don't want to keep up with the big players. We have D-Link, Belkin, Linksys, which is the Cisco consumer grade. We have Asus is on the market now. We just keep seeing more and more security features added to those components. Now, in the second half of the show, we're going to go over exactly how to configure some of the most basic features on your router to make you secure. Right now, we left off last week not telling everybody how to secure themselves. So we're going to pick up where we left off. Let's go through this one at a time and try to get through this list in the first half of the show. These are just basic things that you should do in your computer life, just because. It's not specific to the malware that we were talking about, but really, these type of measures will help you to resist any type of malware that's out there. It's just general good security posture to do these things. It's sanitation. It's hardening your system. That's right. Hardening your network. I'm going to reinforce for everybody out there in the audience. It's not that you have to run faster than the bear chasing you. I just got to run faster than Hal. So if I got to stop at Lake Sase of my Nikes, that's all I have to do is beat Hal. That's the unfortunate part of the game. So if you're a hard target and the person next to you of same value is a soft target, there's no challenge. They're going for the soft target. Yeah. And there's enough soft targets out there that they can find as many as they want. Plenty. In fact, you discovered one just recently. Did you not? After last week's show, a friend of mine asked me if I would come and look at her router to see if she might be susceptible to some of the malware that we were talking about. And she has the spectrum, which is the big ISP here in Hawaii. So the first thing I noticed was that there was a published vulnerability for that router and it required a firmware upgrade and that had not been applied. So first of all, she was vulnerable and she needed to update. And the second thing I noticed was it had been set up with the default administrator username and password, which is just terrible. So for every manufacturer, those are published. You can look those up on the web. I have links to this router. It's this model I go and to the links to site and the default username and password is listed there. Because you might reset your router by mistake and you got to get back in and you might have thrown away the instructions. Not the guys do that. It was in the user manual, like on the first page, it said log in with these credentials and then change it immediately. Well, no one had ever changed it, so it was still the default. Like admin password. It was exactly admin. So it was the first thing I did with it. So we should let everyone know that if anyone has your Wi-Fi username and password, usually those things, and we'll see the second I have to show, those routers are turned on, you can remotely manage them. So you can log in through the internet, default username and password, and take over that network. And so that's a bad thing. And once you're inside the network, you can scan it, you can compromise other machines and we can go into that. We can do a bunch of other attacks, all kinds of things. Let's go into the best practices. From this point on, let's get through how to protect yourself from, like you said, the general malware attacks coming up, maintaining up to date antivirus signatures and using good antivirus engines. Now, Microsoft's got some good stuff built in. I've always liked Windows Defender. It's good anti-malware, it's good antivirus, and they update it frequently. And Microsoft Windows comes out with the, what's that, the patch Tuesdays, you get all the updates. All the security updates roll faster than that. So if you have automatic updates on, Windows is a fairly secure system right out of the box. Use Windows, but you also use Mac. Yeah, and I also use Linux to an extent, too. There are some good free antivirus software out there as well. I like Iobit myself. Iobit. There's some other ones out there as well. But yeah, there's antivirus out there now for every platform. But it's not just Windows anymore. And no matter what platform you're on, you really should have some type of antivirus. That's the basic thing, right? And not just scanning your system, but there's real-time file protection where if you do click on that attachment and it's a known attack, it's happened before, it's been listed and the antivirus, you've updated your antivirus, so it knows about this attack. You double-click on that file and it says, whoa, hey, slugger, throttle back. That's a known virus. We're going to quarantine that and you can look this up later, but they won't execute it. You know, you get a macro virus and a Windows MS Word file or something like that. Those are known viruses. Flash gets attacked all the time, right? The Flash player, we have to update that constantly. Acrobat. Acrobat. Anything Adobe. It has a lot of... Yeah. And for a long time, Mac users would say, well, we don't have to worry about viruses. There's no Mac. Oh, not so much anymore. That is not true anymore at all. Yeah. Well, the user base went up, right? There's more users, so of course, and more hard targets in the Mac universe, you know, a lot of universities use Macintosh, so there's a lot of information you can steal from researchers who use Mac. So if you're out there researching, you should use that. And we should probably just explain why it's so important to update the antivirus signatures. The reason why the antivirus works is that it has a database of signatures for all of the known viruses, and that if you don't update that, then new viruses are coming out, and you don't have the signature, therefore, you can't detect them and you're still vulnerable to them. So that's why it's important to continually update that. It's like wearing a pseudo-armor that's slowly rusting, and eventually it's just going to crack right off and someone will get through. So polish that armor, keep downloading the new stuff. For file and printer sharing, this is a tough one. I mean, you set up a file printer in your, you know, a file server or a printer in your office and you do want to share it. So let's go over some of the things we can do to make sure you don't get taken advantage of. I know my HP printer comes with, I scanned it, it's an open port, 443, 80, 8080, and a couple other ones, and I only need the printer ports, it's like 651 or something like that. I don't need port 80s internet access, 443 is the HTTPS, right? And I think there was a VPN port. If you don't need it, turn it off, right? What else can you do from a file server? You're setting up a server for everyone access. So if there are print services, file services, or some other type of service that you only want to be accessible from the internal network, there is kind of a networking trick you can do. If you don't give that device a valid default gateway, so when you set this, we can't get to the internet. Then it can't get to the, it's still good on the local network, but it doesn't know how to get to the internet. So usually there are three things you have to set up for, you know, when you put something on your network, it needs an IP address, it needs a subnet mask, and it needs a default gateway. For services that are just local, you can leave out the default gateway or just put it in a bogus one, and it will be able to find, you'll be able to find it on the local network, but there's no way that anyone could connect to it from the internet. So the default gateway is usually your router at home. That's your router IP address, usually something at 192.168.1.1, usually it's the bottom of the range, right? And if you don't give the default gateway, that device can't get to the internet, but it still has an IP address on your network, which will make it into the tables, the IP tables. So a device is asking where is this device, can find it by address and ship information over there. As long as they're on the local network, anything from off your local network will not be able to find that. That's a cool trick. All right, good job. So we don't want to add users to the administrative group unless it's absolutely necessary. And this kid, this angers some people, right? They want to be able to install stuff, right? But some people you can give them other than administrator access, right? You want to limit them a little bit. It might be a little bit of an inconvenience, but generally if you need to do something as administrator, you'll get a pop-up that you can log in with an administrative password just to run that one command, to do that one install. It's not that much of an inconvenience, you know? Because if you're logged in as administrator and you interact with some malware, you accidentally go to a website or you open an email that has some malware, that malware installs as administrator. It can take over your entire system. God writes. Yeah. If you're not the administrator, if you're just a regular standard user, it can really only affect that one account, so it can't take over the whole system, it can only take over that one. And it's harder to pivot to the next system, which is an attacker's choice. Escalate privileges, go to the next system, see what you can get. Before the break, let's discuss passwords. Yeah. It's no longer passwords. We're asking for past phrases because, you know... Longer and longer. The longer it is, the harder it is to crack. And it's just a mathematical problem now. And you could put phrases in there, blank space is okay. You want to type in, Mary had a little lamb, that's fine. I would swap in some weirdness in there and change out some of the words to other languages maybe. Think of a phrase that you can remember and it can be hard. As much complexity as you can. So that means different types of characters, special characters if you can, uppercase, slowcase numbers, pound signs, periods, whatever type of, as many different types of characters as you can. And still keep it something that you can remember, you're not going to have to put on a post-it note. Oh, that's the worst. And that usually comes about because we say we're going to change passwords like every 90 days. So people get lazy and I go into offices for security audits all the time. I look under the keyboard. There's a post-it note with a password. The one item of my favorite, you look up and there's a post-it note on the ceiling with the password on it, you know, but of course the worst is like you said, a post-it note on the bottom of the monitor with the password on there. Like we saw when we were looking at the National Center after the alert for the missile alert we saw the interview. I think I had his admin passwords right there. Oh, that's not good. Okay, we're going to take a little break, pay some bills, come right back. Until then, stay safe. Aloha and Richard Concepcion, the host of Hispanic Hawaii. You can watch my show every other Tuesday at 2 p.m. We will bring you entertainment, educational, and also we tell you what is happening right here within our community. Think Tech Hawaii, Aloha. Hi, I'm Ethan Allen, host on Think Tech Hawaii of Pacific Partnerships in Education. Every other Tuesday afternoon at 3 p.m., I hope you'll join us as we explore the value, the accomplishments, and the challenges of education here in the Pacific Islands. That's you. I want to know, will you watch my show? I hope you do. It's on Tuesdays at 1 o'clock and it's out of the comfort zone and I'll be your host, RB Kelly. See you there. Welcome back to the Cyber Underground. I'm Dave the Cyber Guy. I'm here with Hal the Networking Guy and now we're going to go through some basic stuff that you should do to your home router to configure it, to harden your network so you're not going to be a victim and you're just tougher than the next guy. Again, let's go through the analogy. You don't have to be faster than the bear. You just have to run faster than the guy next to you. The slowest guy. The slowest guy, right? So lace up your Nikes and you've got to do this stuff to your network to be harder to get into than the next guy. It's usually that they're scanning several Wi-Fi networks in the same area. I know I've got 27 of them in my condo complex. I mean, just everyone's got Wi-Fi and nobody throttles it back. They just go for broke and you get bleeped through all the walls. So yeah, I get like the full five bars on six or seven different networks. So I know who's around me, right? But thankfully I've informed my neighbors, hey, you got to do these things. So let's go through some stuff. First of all, when you have a router, how do you usually access your router configurations? Well, I think the best practice is to hardwire to the router. Oh, when you're first setting it up? With a laptop. When it comes out of the box? Yeah? Anytime. Well, normally you would connect to the admin interface from the internal network. But I like to take it either one step further. And I would even disable that so that I had to connect hardwire to it, so that even if someone managed to connect to my internal network via Wi-Fi, they still couldn't get to my administrative interface. But it's always a browser. It's always a browser, yeah. And most of the interfaces are fairly similar now. Some have more features than others, but all of them are going to have a certain set of basic features. Almost all of them have some type of firewalling capability. Most of them will have some type of MAC address filtering. And they'll have similar types of encryption available. So usually you want to make sure that you're using the strongest encryption that your device is going to support. So usually that's WPA and AES for the encryption method. And we have a screenshot of that. So let's go through this. We have the images in order. The first thing you'd want to do if you're hardjacked in or you're on the Wi-Fi network, you'd want to go into your browser and in the URL, in the address bar, type in 192.168.1.1. That's usually the gateway address for most commercial routers today. And hit enter and you'll get to the admin page. You log in with your default credentials, like admin, password, whatever. Then the first thing you want to do is change your default username and admin. But let's look at some of these other features. We'll get to that first. But when you get in, you can do things like this. What you're looking at right here is a list of all the devices connected to the network. This is actually on a light day. I've had 20 or more devices. That's a lot of devices. Yeah. And I blanked most of them out. But you can see there at the bottom, there's an iPhone on the network. And the other have specific names. So I didn't, I read those out. But you can see your IP address. This is IPv4, by the way. And we'll talk about that in a minute, too. Then you have a MAC address. Now the MAC address is Media Access Control Address. These are specific hardware, firmware, actually, addresses. They're embedded in the firmware of each electronic device that can get onto a network. So these are in the network cards. And these are hexadecimal addresses. They're two characters separated by a colon, and there's six different units of it. And that's what they look like. Those are MAC addresses. If you want to, later on, we're going to discuss MAC address whitelisting. And we'll show you how to use those MAC addresses. But that's what you're looking for when you talk about a MAC address. The other numbers in 192.168.1.26, those are IPv4, version 4 addresses. Those are the usual types of addresses you're going to see. One of the first things I do, first of all, before you even plug your internet into a cable modem from your cable provider, you want to hardwire into it and keep it off the network while you go through your basic configurations. Because if you hook that up to your cable modem provider and it auto-configures to the internet, while you're going through this stuff, you're vulnerable, right? So let's go through some of this stuff. You want to set up a guest network. So most routers now come with a guest network, and you always have the anterior uncle coming over and they want to use your wi-fi. And you don't want to give them the keys to the kingdom for your wi-fi network. So set up this guest network for people coming over. They can use your wi-fi. And not that your auntie or your uncle is going to launch some type of attack or do anything nefarious, but you don't know what's on their device. They could have malware on their laptop and they're going to join your network. Guess what? That's going to try to spread to every other device on it. So if you can keep them on a separate network, guest network separate from your main network, then you should be insulated from whatever malware or whatever bad stuff might be on their device. Right. And usually they write down the password. So it's okay. With a guest network, it's logically separated from your other devices. So even if someone was on the guest network and broke in nefariously, it's almost impossible to jump networks. It's called a VLAN, a virtual local area network. Then we want to look at MAC whitelisting. We just talked about that. When you put MAC addresses into your router to say only let these devices in. And we see here, this is from a tri-bound router, a tri-band router. Sorry. We have the band. I picked the 5 gigahertz band. I enabled the MAC filter. And for every MAC address I add in here, that's going to be allowed on my network. If a device tries to connect to my network and does not have a listed MAC address, it will be refused connection. Now just so you know, hackers can spoof a MAC address. It is possible. However, it's difficult. I mean, you got to know what you're doing. And you got to scan the network and see what their valid MAC addresses are flying back and forth. And if there's encryption enabled, sometimes you don't get that in a packet. Right. Let's look at encryption. You were talking about encryption. Encryption, yes. So you want to use WPA2 if it's supported, hopefully it is. Unless you buy an old router, it should be supported. And there's the AAS that you told us. AAS is kind of the gold standard right now for encryption. That's the advanced encryption standard. And you'll see other options like DES or triple DES or 3DES. And those are older encryption standards. Sometimes you do have to throttle back a little bit because some of your other devices might not be able to support the latest. But if you're using a device that was made, I think, anywhere after 2005, you're going to get WPA2 personal and AAS. AAS has been around a long time. You want to put a key in there that's pretty long too, yeah? Yes. Yeah. Oh, by the way, there's going to be WPA2 enterprise. That's not one that you can select without having an enterprise support system in place. That's for any more bigger size companies. A centralized authentication server for that, which almost no one has in their house. So that's kind of for larger installations where they have their own authentication servers. But for home use, it's going to be the personal. Just the personal. WPA2 personal. Let's look at port forwarding. So this is for you gamers out there. If you had an Xbox, what you're going to see in here is you're going to have whatever the game is or your Xbox in there, your source target, your port range. Your documentation from your Xbox or your PlayStation is going to give you open ports for online gaming. And you've got to put the port range in there from a certain port to a certain point and put the local IP address in there and the protocol you'll be using. Usually you want to enable one for TCP and then same port for UDP. One is connection less. That's UDP. Doesn't wait for a response. And TCP actually do the full connect. So both of those protocols will be used in your gaming and you want to enable these ports. So port forwarding is kind of important, especially if you're a gamer. Also, if you're a developer, if you're doing remote management of a SQL database or things like that, you have to open up that kind of port. Unfortunately, well, I would advise you use a different port. Don't take the default port. Change your port number. And try to minimize how many ports you open. Don't open ports that you don't need to. Wow, we have one minute left. Okay, let's do SSID broadcast is really important. SSID is the name you're going to see on your device when you go to hook up to the network to tell you which network you're hooking up to. What you should do is make that SSID name, hook up all your devices, and then like we're showing here, hide it. Turn off the SSID broadcast. So people can't, what's war walking or war driving when they're going around looking for the SSID. One more. I think we have time for one or two more. Let's do default user and admin. We want to change this right away. This is going to say admin or whatever the default name is, and it'll have this default password of like password. Or the worst, the old links, this was admin and nothing. You can get in and do whatever you want. We can also, we have to disable the WLAN management. So the remote WAN management. So most of these devices will allow you to log in externally from the internet, access an IP address publicly, and remotely manage your network. Always turn this off, like Hal was saying. It's better if you cable into your modem and you don't want to do that. We're probably going to get network access address translations netting by default. That's a good thing. We don't have time to explain that. But turn off unnecessary services. A lot of the routers nowadays come with IPv6. Hal, tell us about IPv6 really quick. Yeah, so IPv6 is the newer IP protocol that we're slowly moving to that's replacing IPv4, because IPv4 is running out of addresses. But if you're not using it, why have it enabled? You should shut that off. Any services that you don't use? Every service is a possible vector of attack. Of attack. So don't enable services unless you need them. Well, we got to come back and finish this list again next week. I like this. This gives us a theme for every show. Thanks for joining us. Harden your network. Go do it right now. The latest information from the FBI is telling us that you should reset your router to the default settings, the factory settings. So go reset that thing according to your instructions. And set it up as we just informed you how to do. And stay safe. Till next week.