Protecting homes like they're multimillion dollar businesses
Source: Igor Rabinovich, CEO of Akita
Enterprise networks and systems are constantly being scanned and pen-tested for vulnerabilities by hackers, manually and via bots. Once an opportunity is found, the attack escalates, with stolen data, spyware installation, cryptomining, or as a botnet.
Enterprises have many well-defined, thought out guidelines to secure their networks, among them PCI_3_2_2, ISO 17799, and NIST 800-48. All guidelines require Intrusion Detection and Prevention Systems (IDPS; wireless - wIDPS), which constantly monitor networks and systems for suspicious and malicious activities. Once something is detected, admins are alerted so they can start mitigation.
What does that have to do with Smart Homes?
Just like enterprise systems, smart homes are target. If you want to keep the bad guys out, you need to secure it using PCI/ISO/NIST standards-compliant, enterprise-grade protection.
Enterprise teams have clear guidelines from PCI/ISO/NIST to secure their enterprise wireless networks:
- Install a wIDPS to detect and prevent security threats and attacks
- Detect fraudulent Wi-Fi access point and/or unknown IoT devices
- Monitor wireless devices for configuration issues (default/weak credentials, WEP/WPS, and more)
- Log, analyze, and resolve every security incident to detect and prevent malware attack
Is that enough to make a whole Smart Home network secure? Nope.
According to PCI and ISO, you need complementing tools, such as a firewall and an antivirus.
Wait, aren’t wIDPS and firewalls basically the same? Nope.
Every Smart Home MUST have a firewall installed, as required by security guidelines. A firewall limits access between networks to prevent intrusion. It does NOT prevent, or even warn of, an attack from within the network. If you require inbound Internet traffic, at some point you will have to let it in through an opening in your firewall. There’s your security hole.
An IDPS watches for attacks specifically designed to be overlooked by a firewall’s filtering rules. Once a suspected intrusion takes place, the wIDPS evaluates the situation, sounds an alarm, and attempts to prevent it.
Examples of firewalls for the Smart Home: Firewalla, RatTrap, Anonabox Pro, Ubiquiti Unifi Security Gateway, Netgear ProSAFE FVS318G
Won’t that be handled by an antivirus? Nope.
Every endpoint device – PC, laptop, tablet, mobile phone – MUST have an antivirus installed.
An antivirus looks for known malicious files; an IDPS doesn’t detect specific files, but rather specific methods that can be used to get malicious files into your network. The IDPS scans the network traffic stream to find threats using known exploits and attack vectors. This allows it to protect against both known and unknown threats, well before antivirus signatures are created.
Examples of antiviruses for the Smart Home: Checkpoint, McAfee, ESET, Norton, Avast, AVG
But what about a VPN? isn’t it relevant at all? Nope.
VPN is a MUST USE tool while using public WiFi out of your Smart Home. VPN solutions are privacy tools rather than cybersecurity tools, and users should be aware of the differences. A VPN simply hides your traffic from prying eyes, but isn’t able to set up security rules or restrict data packets from entering your computer. Even If the payload is malicious, the VPN will deliver it, albeit hiding the content from your ISP or hackers sniffing your traffic.
Examples of VPNs for the Smart Home: Keezel, SureVPN
Parental controls - do they help prevent hacker attacks? Nope.
Parenting and web safety experts often suggest placing the child’s computer in the living room, rather than in their own room, so that parents can keep tabs on the child’s surfing habits. This advice is outdated, as kids today have the entire Internet in their pockets via smartphones.
To that end, parental controls are a very important, albeit not comprehensive, tool to control what your children are doing and consuming online. They DO NOT prevent hacker attacks in any way - they’re merely content filters.
Examples of parental controls for the Smart Home: KoalaSafe, Circle
Got ya! But I heard about cybersecurity (“Smart”) WiFi routers that have a firewall, parental controls, VPN and other useful built-in security modules. If I get one, is it enough to protect my network? Nope.
A good Wi-Fi router is a MUST have if you want to boost the power of your ISP router. Cybersecurity WiFi routers, with or without mesh support (according to your territory landscape) are even better – if you can afford the enterprise-grade price and enterprise-grade installation process.
Does the “Smart” Wi-Fi router replace a dedicated wIDPS device that doesn’t intercept network communication? No. wIDPS complements the “Smart” WiFi router (according to CCNA Security 640-554 Official Cert Guide security guidelines). Many security threats and attacks simply cannot be detected using a WiFi Router only.
Examples of smart routers for the Smart Home:
Cisco RV130, NETGEAR Nighthawk/Orbi Mesh, F-Secure Sense, BitDefender BOX 2, EEro (Mesh), Securifi (Mesh), Norton Core
And what about ISP companies that offer their customers a “Cyber Shield” by installing a security module on the ISP router to protect the home network and IoT devices?
This is a great solution that can save you money by converting your ISP router to a “Smart” WiFi router, obviating purchasing one. Does the ISP router that was converted to “Smart” WiFi router replace a dedicated wIDPS device? No, for the same aforementioned reasons.
OK, so what should I do?
Here are the essential things you should have:
- Antivirus on all end devices to prevent your PC/Laptop/smartphone from dragging in worms from public Wi-Fi to your Smart Home network
- Subscription to a “Cyber Shield” from the ISP provider or owning a “Smart” WiFi router. Both options should allow you minimal security options: Firewall, VPN and parental controls
- Ensure the ISP router is securely configured, preventing using weak or default credentials susceptible to brute force attacks; WEP/WPS; and more
- Weekly scans, using threat intelligence sources, to detect and fix internal and external vulnerabilities (Example: DNS Spoofing)
- Wireless IDPS, which will detect zero-day attacks according to NBA based on AI (Including DDoS attacks , cryptojacking, and rogue AP)
- Qualified help from a Managed Service Security Provider (MSSP) SoC that operates 24/7/365
- Consider purchasing personal cyber insurance. Such an insurance policy is used to hedge risks stemming from cybersecurity breaches, including information theft, identity theft, credit card/bank account breaches, and ransomware
Igor Rabinovich is CEO and founder of Akita
. Wireless IDPS by Akita (Patents backed) uses military-grade security protection to prevent botnets, DNS spoofing, cryptojacking and other IoT-based attacks against home IoT devices and their connected networks.