 Also Welcome everyone to become a cyber security ninja a 10-part webinar series today session basic network security This is session two of ten and we have with us a special guest who I'll introduce Momentarily, thank you everybody for coming today just to quickly go over our ninja plan two weeks ago on the 24th We started off with threat modeling risk assessment today. We're doing network security basics In week three actually the titles changed instead of authentication. We've called it your passwords are broken That will be on February 21st these titles and topics may change as we go through but we'll see how it goes We've got encryption on March 7th. We've got gone fishing social engineering and ransomware on the 21st We've got mobile security on April 4th digital privacy VPNs tour reigning and social on April 18th Security tools a review of our favorite tools and services on the second now What infinite response and then a wrap-up and of course our cyber security ninja quiz on May 30th So that is the full plan. I of course from Joshua pesky vice president of technology strategy at roundtable roundtable helps Technology, I'm sorry. We help hundreds of organizations achieve their missions through effective use of technology And I'm going through mine fast because I want to introduce Ken Montenegro. Ken tell us about yourself So thank you Josh, and so I'm the IT director at Asian Americans Advancing Justice And I've been doing this work for creeping on 20 years And so I'm really glad that to be part of this Thank you Joshua and roundtable and I think that the format that Josh was presented is wonderful because I think when it underscores How security is really a process rather than a product, so I guess we could get dive on it Let's do it. Alright, so Ken's gonna start us off at the beginning today on basic network security We've got I'll just give everybody like 15 seconds here to read this cartoon before I hand it off to Ken But this is not what we're trying to achieve, right? I joke a lot of times that there's always a balance or not joke But I kind of point out people there's a balance between security and convenience and generally Although not always when you increase security to decrease convenience. So this cartoon I think demonstrates that taken to the ridiculous extreme and Ken with that off you go So cool as as we begin this session today, and you review the learning objectives There will be space for questions at the end So if you see something here that you feel is relevant to the topic of network security Please please please put it in the chat, and we'll try to cover it time permitting. Do you want the next slide Ken slide? Yep So We're gonna you're gonna be seeing a poll Right now And we'd love to see your response to these questions. They're this question Go ahead and close that up and show the results awesome This is I actually really promising to see that so many folks are I within the upper hand of The response rate for this And there are reasons that we could dive into really deeply. Here's the short version of it the 40% You know That the firmware exists. So that's always a good thing actually to think about it through the 60% that responded and The 30% that knows awesome kind of good and we'll get into that in a short bit So this is a typical network diagram I say typical because as organizations grow The posture will will change substantially. Some people have their Wi-Fi hanging off to the side in a completely parallel network Other people will not have this orphaned workstation But the general concept of this is that at the periphery at the border of your network the best practice is To have a router firewall that is controlling traffic in and out of your network One of the reasons why you want to do this is a router firewall or at least a business class router firewall Will let you do some logging so you'll be able to analyze and study What traffic has been going in and out and when we think about a business class firewall What differentiates that from your home device is that a business device? Will usually have things like web for the ability to buy licenses to do things like web filtering Some data loss prevention sometimes even bundle of VPN like a really basic VPN functionality in there Which are all really good Elements of a network that give you a lot of flexibility give you and your staff a lot of flexibility as to what you can do with it You'll notice that in in this diagram We have all the elements that even a small network would have so we have to incorporate the Consideration of what do we do with personal devices that staff bring into the office like smartphones personal laptops organizational laptops We also have to think about storage is one of the factors that will hopefully be diving into Time permitting like what are the what are the elements that a server could be running and how is that part of a network? architecture When we think about the primary roles of a firewall it is really Really the gateway between your local network So the computers that are just like roaming around in your office connected generally usually by ethernet To the big bad internet And as the image shows or the figure shows that you know Sometimes there's good stuff Sometimes they're bad stuff and you really want to keep the bad stuff off your network a lot of folks will say well You know we're really small. Why do I need to network? And I think there is a Substantial cost benefit to networking and to do it right. We have to do it securely So if you want to share printers and files, etc The data shows that there's increased productivity when people are able to share these things very easily in a very uniform and simple way And when we're doing this we want to make sure that security is not an afterthought But really one of the primary factors in this design and part of that design is Determining what type of traffic we allow to come into the network and to exit the network as well a lot of times It's easy to easier to just say well, you know, I just want port 443 which is secured HTTPS traffic coming into my network and only this other type of traffic leaves I would say this is a good opportunity For you a user-centered design because you'll be able to identify what are staff doing on your network and by doing that You can kind of adjust your security posture so that when you're securing things you're not creating a huge inconvenience And I think that it's merits the bold that it has that errors in configuration are Really common means of a breach. That's kind of the low-hanging fruit Someone will an error in configuration could be Necessary ports open like if all traffic is allowed in and out an error in configuration could be default passwords Or turning on services like VPN that your staff don't need and that you don't intend to use But you turned it on anyhow because well, we thought about using it and we never got around to turning it off and so going back to the the Consideration of auditing where the scanning of inbound and outbound traffic Is one good way to identify is something fishy going on the network? So if you have a computer that is a very loud talker like generating a lot of traffic It could be someone who just loves their cat videos Or it could be a machine that is a part of a botnet so that is under the command and control of a foreign computer doing something else So as I as I said earlier when we're looking at the larger diagram An additional role of a firewall is it could do content filtering what that means is that let's say in an environment Depending on the firewall once again. These are very contingent on how the manufacturer implements it You can buy a license to do content filtering which says certain people like let's say in our office Interns cannot click through to adult web content staff. I work it. I'm looking enough to work at a legal aid So if our family law unit needs to click through to what is classified as adult content They get a splash page. It says are you sure and they say like hell? Yeah, and they're through and they get to the content they need to do their work for interns We try to be a little bit more protective of them because we don't have that Degree of trust and and sophistication and super direct supervision that like let's say a staff person does and and so that would be What content filtering does? There are many ways to do content filtering. So sometimes it's built into the firewall as an additional feature You could also do that using DNS which Cisco bought open DNS which has a product called umbrella But there's also the free version which is just open DNS. So there are many ways to do kind of content filtering And and seeing it and using it as threat mitigation As I said earlier as well a lot of firewalls and routers come with a VPN functionality And the reason why VPN is very valuable and and I'll use our use case scenario at advancing justice Our legal case management system lives on our physical network. If someone if an employee Is doing work at a legal clinic? They have a hotspot they launch the hotspot open their laptop and connect to our office to the VPN And they have to enter username and password and they have to use a second factor to authenticate Which will be covered in the next session And so we know that our data is not outside Generally speaking out or to the best of our knowledge outside of our dominion and control and a VPN allows us to do that An additional role is bandwidth allocation and throttling usually that's meant For things like quality of service So if you have a voice over IP system your firewall will usually have a setting that'll say hey I want to prioritize X type of traffic That's awesome. It really really improves the user experience So the person watching the goat videos or the cat videos Isn't stealing bad with or taking bad with is a better way of putting isn't taking bad with from a more priority and Unforgiving application like voice over internet protocol The other thing that you can do and and what we do is we have a backup connection The backup connection is a lower quality connection. So we have our main fiber connection and we have the backup connection We put things like Spotify Pandora ESPN we throw all of those kind of more entertainment type of Functions onto our backup connection so we can say okay our main big fat connection is really for hardcore We think you're working type of functions the backup connection is for more recreational functions Which we will generally allow in our office But it's important to have that control and that granularity so that you can control the user experience When we're talking about controlling user experience We can't do that without network monitoring network monitoring is one of those critical aspects where we need to know What devices are up what devices are down what devices have access with devices don't have access without that We really don't have I would dare say that you don't have a fully functional network unless you know what's happening on that network so key factors to success Current firmware, I'm a big fan of current firmware and that sounds easy But I think in a business environment. There are a couple of steps to getting to current firmware Current firmware generally to me at least in our shop. The process is we make sure that we're not on beta firmware We try to stay away from beta firmware because if something goes wrong Everybody will suffer In our office at least and that means that will be like the fulcrum of the suffering So current firmware generally means not beta firmware our current firmware process also entails We make a backup of the current configuration of the router before we install a new version of firmware It's a step. That's easy to forget But it's a step that has saved our lives a couple of times well not our lives But it's really avoided a lot of pain a couple of times where we'd have to revert to a previous configuration Proper configuration like we talked about earlier proper configuration is the configuration that works for you Generally speaking. I'm not a big fan of this configuration will work for everyone And I also like to tell my users you're the experts in the area that you work What functionality do you need tell me in like your regular work language what you need and we'll try to translate that into tech And that means that then that manifests itself generally by making sure that you know the necessary ports are open that we Don't have anything unnecessarily running Unnecessarily open that if someone has a user control issue that they can get through that user control issue It's also very important and it's difficult because these are the things that are invisible and kind of superfluous Until you really need them Nothing is evidence of that more than documented change controls It's easy for us to say like hey, I'm gonna add this service let's say Google Play music to my backup connection configuration or a better example, which is a real example Where in our office we said oh, you know Amazon music player Amazon music player we're gonna put that on the backup connection We did that and then we broke Amazon web services from going on the big connection So document your changes backup configuration. It's already been mentioned and alerts for anomalies I think that's really really important and then that would be the basic factors to succeeding with your firewall I'm knowing what you have knowing what features you could add So this slide is a really more academic in nature, but it shows the various manufacturers of firewalls and Where they stand in the Gartner quadrant. So Gartner does a really good industry research and usually top right Quadrant is Where you kind of want to be though look at all of these products is kind of not bad per se depends on your needs so This is very important Things always change. It's important to always try to not try to actually make the time to do assessments Fortunately, there are many tools and and Joshua has a nice list of various tools to do assessments The fort net assessment is pretty solid Have a look at it Run it your firewall vendor might have their own assessments We may not even have to go this route, but please please please do a network assessment You will learn so much about how things are running All right, so Ben throw up the next poll and we were just gonna we're gonna shift into wireless We wanted to ask everybody very quickly How confident are you that your organization's Wi-Fi or wireless networking within your office is set up securely? And we'll ask everybody to let us know whether you're very confident We were going to ask you more specific questions like the type of encryption whether you're using WPA or WPA to or WEP, but we felt like probably a lot of people wouldn't know So we'll just leave the poll open for another couple of seconds see if anybody else gets in we're missing a good number of Here comes everybody great and I go ahead and close that up and let's take a look at the responses So everybody does seem to have Wi-Fi so if no one here doesn't have Wi-Fi and no one he doesn't know what it is So that's good. We've got a that tells me with the audience is It's fully savvy with some trade Not a ton of people very confident that that's the Wi-Fi set up securely. Although Almost 60% of you are somewhat confident. That's good. All right. Let's close that up then All right, so Wi-Fi basics, okay So let's start very quickly with your SSID which is a service set identifier not that anyone cares I didn't even know what it meant. I knew but you know heard the term SSID for 20 years But I didn't know what it said for it. I looked up for this webinar And that's the name of your wireless network and one thing a lot of people don't know is it can be hidden And that's a quick way to kind of add a nice layer of security to wireless network is to actually hide the name of it It makes it significantly harder for people to connect to it because they have to know how to add a net a wireless network by name But it is a good little security thing that very few people do It is good practice to segment your network into public and private zone So you might have a private wireless that actually allows access to your land so people can access maybe your file server Maybe printers other things and then you have a public that's for guests to come in that's internet only and again might be Throttled right you might throttle for that segment for encryption, and I just I put the picture here because I want to be really clear about this You have all these different options for for for encryption WPA to AES encryption is considered the most secure that is available on most devices So if you have that choice that is your best choice for encryption, and I can't say any more clearly than that Mesh networking, so what is mesh networking mean? I've seen a lot of organizations where they have a wireless access point and it's not covering So then they buy a second wireless access point and put it in a different place And they maybe have two different SSIDs because they're two Different access points so they you know you're when you're in one part of the office You connect to one wireless access point then when you move to the other you have to connect to that other Wireless access point when you lose access or maybe they give them the same name, but they're not actually connected So there's not a kind of seamless handoff among the wireless access points So what mesh networking means is you actually buy a bunch of wireless access points that are all part You know from the same manufacturer that are designed to all work together And every you know Google recently released a new thing for home Wi-Fi and if you look at like Google home wireless They have three of them the idea is you spread those three things right out around your home And they have really good wireless mesh networking around your home other Ubiquity are the ones that round table generally recommends to clients and not a reseller of that or anything So it doesn't matter to me, but we really like the ubiquity packs But don't be stingy with the wireless access points with the wax All right So you know they tend to cost somewhere between 75 and 150 dollars a pop and if you have a big office Just add additional ones that make sure that you're doing mesh networking It's so much easier than you can just walk around and the the little access points will just seamlessly hand off your computer From one to the next so you have good coverage without ever having to think about it T success factors for office Wi-Fi right again current firmware. You'll notice that coming up by the way There's a number of different reports out number of different webinars that I've attended from Different security folks where they're like incident response teams and they do summaries of like here's all the causes that we found behind breaches and Out-of-date firmware Unpatched systems and misconfigured systems is pretty much everything Fishing and you know those kinds of things which will come up in the in the security awareness is another way But often those things can't be successful unless there are things that are out of date So this this firmware thing is super super important. Okay I'm WPA to AES encryption public and private segments to your wireless network and then sufficient coverage for a mesh network and Java wants to update speaking of update firmware Java wants to update my computer right now, which is great All right, another quick poll when before we jump in the next session when did your organization last perform a Vulnerability scan now this Fortinet Kind of you know threat assessment that they do or checkpoint or lots of other providers Is a way of kind of doing a quick vulnerability scan you can and we'll get into these in a little bit But I'm curious to see what people are so go ahead and please do vote on this Let us know when did your organization last perform a vulnerability scan if you don't know what that is We're going to talk about it in a little bit But if you don't have any idea what a vulnerability scan is Probably you haven't had one So then let's go ahead and close that up and and show everybody the results and this is about what I expected That there's not a lot of this going on We do have a couple of folks that are doing these in the past three months No one that has ongoing vulnerability scanning happen. It looks like I'm out of service. Let's go ahead that then And let's talk about what vulnerability scanning is. All right, so there's two different Essentially places you can scan you scan your local network, right? We talked about how the firewall Separate your LAN or your local network from your WAN, which is usually the internet All right, so we can scan from the WAN side and basically see if there are open ports on your firewall If there are misconfigurations on your firewall if your firewall is out of date firmware There's things we can look at from the WAN side. All right That can typically tell us if there's problems there and then on the LAN side your internal network All right, that requires generally someone, you know Putting a little appliance or installing a piece of software on some computer or attaching it to your LAN And that will collect data usually for a week or so and then that will produce a report of vulnerabilities Okay, and that the LAN side ones will typically produce especially if you've not done this And you have a large local network with lots of computers and servers and endpoints and printers They will find a lot of stuff and it can you're going to want help sort of prioritizing which of those findings to address But I'll kind of show you so this is a kind of sample WAN Vulnerability scan report. This is from TrustWave and depending on how big your computer is but basically it's just Identifying on a particular IP address. All right, which is 10.70.30.12 So that's a WAN IP address. That's someone's network, right? And we're looking at it and we found these various vulnerabilities Which then are given a sort of severity rank and if you click on one you can see we've clicked on the TCP state manipulation denial of service and it kind of walks you through basically the problem and what to do about it The first time you do this if you haven't done this in a while, it's a ton of work I do this with lots of organizations and the first time we go through it We might find like 20 different things that we have to go fix on the firewall Once you get through them all and you fix them all then you just keep running the scans and typically you'll just have one or two Findings, you know every quarter every six months or when you rerun the scan All right, here's a LAN vulnerability scan report and this is from checkpoint three security check And there's a link in the in the resources to have this done and you can see we found all kinds of stuff This is one page by the way, I'm including links to the sample reports as well This is just one page of what I think winds up being a 30 or 40 page report that you get from me So again, these are they're free, but they give you a lot to look at okay, so Have something to think about We're gonna talk just very briefly because we're running up against time about antivirus and So opinions, I just want to kind of say again. This is where I encourage you to weigh in and then you as well I did to kind of get the different antivirus opinions just to show everybody that even among the three network people here, you know You'll get varying opinions about the the Importance and value of antivirus However, this is roundtables official position Which we've had to develop because we had asked this question multiple times a day, right? We still strongly recommend for Windows endpoints including servers that they run some kind of antivirus product We do not believe that max needs to run an antivirus product We are okay with our clients not having an virus on their Mac computers And if they want to use it, we typically recommend a free product called so foe Which we like on Chromebooks, which increasingly people are using again No need for antivirus in our opinion All right, and then the last thing we'll say is that for the windows endpoints or if you're going to have antivirus for max as well Managed solutions are better than unmanaged. What does that mean? So you can install Microsoft's free security essentials You can download free, you know a vast home or malware bytes or things like that But those are not managed solutions being that it's individually installed in individual computers And there's no ability to know if they're up to date. There's no way to send alerts to some sort of central Communication if there's malware detected on a system. So managed solutions like semantic endpoint or AVG cloud care or Kaspersky enterprise or a vast enterprise, which is available. I believe free for nonprofits Through through TechSoup and semantic endpoint, which I'm not a fan of but is available at a speed discount through TechSoup For nonprofits are good solutions The key thing I do want to say is that antivirus by itself is no matter what no matter How well it's implemented is not by itself sufficient defense against malware threats It is not and if you think it is you then you're you're at risk. So Ken Ben Either of you wanted to send from anything I said there strongly I encourage you to do so if you if you feel it in your heart and also in the audience too If anyone wants to put in you know in the chat, you know strong disagreement for that anything I just said I I can give a slight more slight bit more context to the Mac question for years now the opinion has been you don't need any kind of antivirus on Mac's and And it's generally been true. However That is official policy. Yes Unfortunately under that You do still and you should always maintain a good secure password for your administrator accounts like you would on any other Windows Mac Linux doesn't matter because although Macs are less susceptible to Malware and you know web-based viruses if something does get on your machine and you are an administrator and do not have a strong password and they can Basically craft a screen that says please just enter your password for this, you know this flash update or this Java update It can it's basically like there was no protection So Yes, it is optional But it is optional when also used in conjunction with a good strong password and normal administrator Lockdowns on your Mac. So that's which by the way is our it's our it's our webinar in two weeks Perfect. Yes. So we'll talk about that. You could not set us up any better, but yeah So a question quickly we have how do we get the free vulnerability scams important that there is a direct link in the resources We'll get there Ken. Did you have anything you wanted to throw in there and thank you for that by the way then? Yeah, that was pretty solid Ben But let me add and kind of go in a different direction. So in advancing justice We've been using Sophos from Sophos antivirus for more than 10 years What's cool about Sophos is Sophos has a free product for Windows and Mac that just anyone can download Since we are an organization that needs a managed solution and just diving into managed solutions for a quick second Building up on where Joshua has already shared for us a managed solution is very important because we need to be able to deploy it Update it and monitor it without having to go to every single computer So that is the the blessing or the the benefit of a managed solution is you're able to see hey what applications are Really causing like a lot of issues on machines and what I mean by that is so Sophos looks at it through the lens of endpoint protection and a lot of other What used to be traditional antivirus vendors are looking at it that way as well where Is an application taking a lot of resources on the machine? So it'll do heuristic analysis Sophos for business, which is what we use it does application control It does data loss prevention. So there are all these things that have kind of evolved in the antivirus space I'm a big fan of antivirus on the Mac because The Mac is such a big target and I think it's such a big target because Apple I would have to say is somewhat irresponsible in their official position that oh if you have a Mac you're safer And I think that was true when Mac it wasn't a very big attack surface, but nowadays it isn't a big attack surface and Two weeks ago I was doing a presentation at City University of New York's law school And that was one of the things that we talked about was how Their network is now very serious about antivirus on Macs because there's a lot of bad stuff happening on Mac Yeah, that's what I have to say Yeah, the other thing too with Apple is It has not been considered for I would say any of its lifetime that Macs are used Primarily in a business setting as well. So Apples as kids as irresponsible position, which I actually I agree with Was geared towards more consumers where You as an individual by yourself are not much of an attack Surface or a you don't have much of a reason to be attacked as an individual However, if you bring that machine into an organization, which then has organizational data and you know financials And if you're a nonprofit that does lobbying, you know, there's an extra layer there as well So if you're just a consumer, maybe you can get away with not having it But if you're in an organization and specifically if you're using organizational materials and infrastructure It's certainly something you want to consider as a as a business. So And it has been a growth market as well more companies are actually deploying Mac antivirus as well, so I'm just going to paraphrase what you guys said to summarize it as saying that basically Apple's position is Irresponsible and they their position can roughly be described as they don't care if freelance graphic designers have their systems Hack with malware. Is that is that a reasonable summation of what you guys are saying? I think it is In a cynical way So what's your biggest challenge on network security that we're going to wrap up for questions All right, so what what is your biggest challenge around? Network security benefits you could go ahead and launch that pull up. All right, is it and by the way I you know go to webinar only let you put in five options here So I'm hoping that people will mostly be putting stuff into the questions box So you can pick malware protection by our configuration, you know wireless configuration support monitoring where these are things We've talked about today but if those if none of those things are your biggest challenges and please enter into the Questions field what are your biggest challenges around network security so we can maybe talk about those a little bit and we'll We'll show you the resources. We'll talk about the next session and then we'll take it from there So we have Pete here saying monitoring and alerts and I do think that is for a lot of people a big big challenge We have destiny I think referring to shadow IT, which is human bypassing security through various means These are all really good questions. Let me go ahead and clear some of these hang on a second So we have room to see all these Good stuff. All right, then you can go ahead and close that up and Share the results so malware protection still number one interesting So biggest challenge is now protection file our configuration Wireless people seem to be pretty on top of monitoring alerts a big one and then a bunch of folks are entering stuff in The chat. Thank you everybody. This is super helpful information. So here's the resources we talked about So I think I was asked to ask the question where these are so there's links To the sample land vulnerability report for checkpoint of sample security checkup report from checkpoint So those are just PDFs of to show you what the report looks like An article called is antivirus really dead that just came out on February 3rd in response to One of Firefox's leading engineers based with saying antivirus is dead given that conspiracy is an antivirus company or malware protection company and You know Have a particular take on it. But anyway the sign up that you asked for that. That's for checkpoint I think if you Google Fortinet free security checkup or cyber, I think it's a oh, I'm sorry. I have the link right there Oh, look at that. I'm so good. Fortinet free cyber threat assessment Those are the two free ones that that I can recommend I've done work with both those organizations checkpoint and Fortinet and I like I'm comfortable with their products and their reports So I appreciate that and next session Passwords password managers two-factor authentication with guest Keith Burner of freedom house I want to thank Ken Montenegro for being with us today and thank you so much Ken and thank you Ben Gardner for Helping with the webinar today and giving us your thoughts about antivirus and and thanks for the little antivirus Free for all at the end and we'll we'll stick around for a little bit. I don't know Ken How long you can stick around for but I'll I'll be here for at least five or ten more minutes For questions and we've got a couple in here So, uh, let's see All right one question So 17 person works in a co-working space for each floor is on a specific Wi-Fi That does have a password But it's not something that they're looking for tips on how much how to maintain as much security as we can Being looped into what's essentially a semi open network So I certainly have a clear idea of how I would do that Ken you want to Answer that you want me to take that on or Ben do you want I go ahead Far away. I want to hear your answer on this one So yeah, so first of all a lot of what you can do about being secure when you're dealing with a shared wireless network, right Is first option would be to see if there's an option to have your own network, right? A lot of co-working spaces will actually sometimes let you put in your own firewall And then set up your own wireless networking for your staff So if they'll let you do that that is an option and then you're separate from that whole group So that's number one number two is probably a bit harder because it requires You know a larger organizational change and I think you said you're a 17 person organization And that would be training, you know making sure that all you know Basically all the things that we're going to talk about on the rest of these sessions, which is everybody's using two-factor authentication They're using strong passwords. They're always encrypting sensitive information before it's in transit And when it's at rest There's a lot of things that may sound like a little gobbly good because we haven't gotten through the rest of those sessions yet But all of those practices in place Would mitigate a lot of the risk of being on a shared network The other thing that you can have people do is to use a VPN So they connect to the wireless network and then immediately Fire up a VPN and then they're doing everything through the VPN. So I would say that that's probably what I would say is the Second easiest solution So number one would be if the co-working space will let you put in your own firewall and wireless and use that If they won't let you do that then have all your staff use a VPN and if they if that doesn't appeal to you then option three, which is Just all security practices being very strong But can that's my response you have anything to add or the protest about that I would I would go with the inverse But I think those are like really solid practices where I would suggest the VPN first because I think the VPN solution Also inspires a culture shift So it inspires staff, especially when we're talking about people who are co-working That means that they're working not only at a co-working space. They're working from home They're working from coffee shops. There is an informal office Where I think if the VPN solution is the primary recommended and kind of like the policy driven solution Then it helps that Practice trickle out it reinforces that practice and of course like joshua said that VPN kind of builds upon practices that are going to be discussed in the next next session, which is Secure passwords to factor authentication etc etc etc And the other reason why I would put the VPN first before the other good suggestion is because it's less stuff you have to own and kind of Be custodian of so like oh now you have to update The firmware on your router if you have a router as opposed to the beauty of a co-working space is to just roll in Fire up and you're ready to go. So yeah, so I would put fire I'm VPN first and then build your own network second And I'm and I'm going to tell you why I agree Totally with you can and I'm going to flip my I'm going to change my answer if I'm allowed to do that And I'm going to put VPN first as well Which is that Because if you if you implement that practice and your staff get used to doing that then that benefits them just as much everywhere else They go So it helps them not only when they're in the co-working space So when they're at the star box or when they're at their home or when they're at the airport or when they're in the hotel Because that practice of just booting it up connecting to Wi-Fi and opening VPNs first thing Helps them in all those different scenarios. So that's I'm going to change my answer VPN first Thank you. This is why it's good to have multiple people here all right And that appears let's see ben chin has a question For security for personal devices from home Ben do you have um, so that was actually i'm sorry that was your biggest concern In terms of your areas. Is there did you have a question around that about how to secure personal devices from home or Practice for doing that or just saying that's your biggest challenge If you're still here Otherwise, I think we have handled all the questions And I think we'll wrap up. Well, thank you so much everybody for attending. Thanks again so much to Ken. Oh wait Ben's here. Oh, biggest challenge. Okay, great. All right Thank you ken. Thank you ben gardener for being here. Thank you everybody for your questions And hopefully we'll see you back in two weeks For your passwords are broken How to fix them. All right. Thanks everybody. Bye. Bye