Every reader can view % of the book

Buy the book

Dedicated to my wonderful wife Ange.

You have saved my life and have shown me how to live.

Without your support, kindness and understanding I could never have written this book.

I will love you always and forever.

Email: info@stephenrichards.me

Address: Applegarth, Groes Lwyd, Abergele, Conwy, LL22 7SU

Website: https://stephenrichards.me

Please direct all enquiries to the author.

Copyright © 2020 Stephen Richards

All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without permission in writing from the publisher, except by reviewers, who may quote brief passages in a review

Introduction

Welcome to “Hack Proof Your Life and Business” – How to be Cyber Secure at Home, Work and business and thank you for taking the time and interest in your Cyber Security by reading this book.

Who is this book for?

As the sub-title suggests, it is for just about everyone, the aim is for parents to help stay safe and keep their children safe online. For employees to better understand and protect company data, because not protecting it may cost you and the business a livelihood.

For business owners, be they self-employed, in a Partnership or running an Enterprise. It is for company executives and the members of the Board of Directors, because they are the decision makers and are often faced with tasks that are outside their field of expertise.

Finally, it is for the benefit of my friends and colleagues in the IT world and the Cyber Security world, because if I can help the people above understand a little of what you have to do each day they can make life easier for you. Easier to communicate the requirements, the challenges and the opportunities surrounding the data you are tasked with processing and protecting.

The book can be read cover to cover or you can dip in to the bits you feel you need to understand better using the contents.

Some Conventions

Within this book there are links to Internet Resources, I have used Bitly to shorten these links for your convenience. This means that instead of typing a massive address in the Web Browsers address bar, you can just type a little link like this one:

https://bit.ly/2OAuxUG

The example link above will take you to https://tools.ietf.org/html/rfc2828 where you will find a very comprehensive Internet Security Glossary that you may wish to refer to when reading this book. I have tried to explain terminology in simple ways, but I know that some people may not relate to my explanations all of the time.

Chapters are broken down into sections that aim to answer some of the questions that I have been asked over the years, these questions appear as sub-headings so that you can quickly find what you want in the Table of Contents.

FINALLY, before you get started

As an Author I love the opportunity to speak about my subject area, this book contains some of the core knowledge that I have gained over more than 20 years studying, playing with, working with and selling IT Services and Cyber Security solutions.

If you have an event and would like to hire me as a speaker you can find current details of topics on my Author Website at https://stephenrichards.me (no Bitly for that one).

I want to give a special thank you to Atira for letting me interview her and include her story in this book. Not an easy thing to do I have no doubt but as always, she is a kind and considerate lady with a story to stir your emotions.

Now get reading, have fun and contact me via the website if you have any questions, I will always try to get back to you within 48 hours.

Special Thanks

Atira: Thank you for taking time away from your family to speak so openly and honestly about a really challenging part of your life. You are an amazing person, a great streamer and have a wonderful sense of humour. Stay strong and GLHF. – Steve (AoDctsnww)

SSAFA

SSAFA – the “Armed Forces charity, the Soldiers, Sailors, Airmen and Families Association”, is a UK charity that provides lifelong support to serving men and women and veterans from the British Armed Forces and their families or dependents.

SSAFA is funded by donations and is a muched loved charity close to the heart of all service men and women.

Large or small, the gifts you give do make a difference. As an organisation SSAFA can only continue to exist thanks to the compassion and consideration of the Great British public.

A percentage of the retail value of each of these books goes directly to SSAFA with the grateful thanks of the author and the Nation.

CHAPTER 1: PASSWORDS

Since humans started to put value on objects and information, they have tried to devise ways to protect it.

The first passwords were probably used by sentries to change guard and to challenge potential approaching enemies. The military still use this ancient password technique today because it is still a quick, easy and effective way to identify a friend or foe.

In 1961 at the Massachusetts Institute of Technology, a computer password was used for the first time for the Compatible Time-Sharing System (CTSS). It set the stage for and process for everything that followed.

Before we can protect our information with better passwords, we need to understand why our current passwords are probably not up to scratch.

How Hackers Crack Passwords

We have all seen the movies where the world is going to end in 60 seconds and the lead actor hacks the password with one second to spare. If it was that easy nothing in the world would be safe from an 8-year-old with laptop.

The fact is that it is not easy to hack a password quickly. You notice that my constraint was time, with time no password is safe. So, what is the point of a password?

Well, if you have some valuable data, let’s say a new design for a microprocessor, then how long do you need to protect that data for?

In an ideal world the answer would be forever, but in fact, once the processor is out in the world, someone or some company will reverse engineer it even though to do so might be illegal. So, we will come back to the time issue shortly.

In this chapter we will look at the problems and some solutions, I will share some resources that you may not know about to help you stay safe, but most of all I want you to start to think like the enemy, like the hacker. No, I’m not going to teach you to hack, but I will show you why you should change your mind set.

Brute Force

A brute force attack on a password is a lot like forcing a locked door. If everything depended on you opening that door, you might try to open it, then push harder, then pull in case the door opens a different way. Eventually you would start pushing harder and then using a battering ram, then if it still didn’t open you might use something more explosive!

A Brute Force password attack is the more brutal end of that scale, it is a case of trying every possible combination of answers to open the “door”.

So the assumption here is that we have no idea how many characters there are in out password, the length, and so a brute force attack may look something like this at the start:

a, aa, aaa, aaaa, ….

z, zz, zzz, zzzz

ZZZZ is right, you would fall asleep like Rip Van Winkle before you cracked a long password.

However, Brute Force is not the first choice of the hacker!

Dictionary Attack

As its name suggests, this attack tries all the words in a dictionary. You might be thinking Oxford English Dictionary© but in fact hackers have complete dictionaries that include billions of potential passwords in all sorts of combinations.

Hackers are smart, they will share or more likely sell information and what is more, it doesn’t cost a lot.

Dictionary attacks are the first choice for hackers in most cases. There are several types of dictionary attack and they can be combined with brute force attacks and even artificial intelligence these days to improve the results.

Hash Dictionary – Rainbow Tables

Have you ever thought about where or how your password is stored on a website?

The answer is that it will be stored in a database, but in what format? If it is saved as plain text, that is as you typed it, then a hacker only has to hack the database password to get not just your password, but every password that is stored on that database.

With some early databases, you could get them to dump their contents to a file quite easily. This was obviously a danger to the users as well as the site owners.

As a result, an encryption algorithm was designed for what is known as “Hashing” passwords.

The Hashing algorithm creates a result that is always the same length, this fact is used by computers for comparing scientific information like DNA to find an exact match because DNA samples in the real world may be of different lengths.

So, if your password is stored in the database the latest Hashing algorithms should make it much safer and less likely to be hacked.

The problem is that many databases do not use the latest Hashing algorithm and in fact used older ones such as MD5. Don’t worry about what the MD5 algorithm is, just know that there are tables of Hashed passwords out there that mean the hacker can try and trick the database directly (not using the form on the webpage) into letting it into the system.

What makes a Good Password?

Let’s start with a different question, shall we? How long would it take to crack a password?

Password vs Hacking Time

Key:

K = Thousand (1,000 or 10–3)

m = Million (1,000,000 or 10–6)

bn = Billion (1,000,000,000 or 10–9)

tn = Trillian (1,000,000,000,000 or 10–12)

qd = Quadrillion (1,000,000,000,000,000 or 10–15)

qt = Quintillion (1,000,000,000,000,000,000 or 10–18)

So, when you saw that chart you started checking out your best password, how many characters, what composition, how long to crack it didn’t you? I know you did because I have watched whole audiences do exactly that, eyes up, fingers tapping, when the chart appears in a presentation.

Here’s my killer point: Unless your password has 10 or more characters and is in the right most two columns your password is at risk!

So, a good password has length, ten characters or more, it has complexity by having special characters and it is unique, you use it once in one location only.

In June 2020, student Ata Hakçıl analyzed more than 1 billion username and password combinations that were leaked online from various corporate data breaches, revealing some alarming results:

• One billion credentials were reduced to just 168,919,919 passwords and 393,386,953 usernames

• The most common password is 123456, covering around 7 million entries per billion

• The most common 1,000 passwords cover 6.607% of all passwords

• Average password length is only 9.4822 characters long

• Only 12.04% of analysed passwords contained special characters

• 28.79% of passwords contain letters only

• 26.16% of passwords are lowercase only

• 13.37% of passwords are numbers only

• 34.41% of all passwords end with digits, but only 4.522% of all passwords start with a digits

What about Alternative Alphabets?

A little over ten years ago, you could have used simple substitution of some characters to produce a better password: a = @, e = 3, I = 1, o = 0 (zero), s = 5 or $ or £ etc, but these days the dictionaries used by hackers contain all of these substitutions.

Special Characters

We have already seen that using special characters is a great idea, but where and when you use them is also important. If your password is all letters and numbers with a special character at the end, like an afterthought, then you are playing into the hands of the hacker. So use special characters but use them wisely.

Try not to use common substitutions like the ones above, come up with your own idea or use the tips at the end of this chapter.

Languages

I have seen some users who are fluent in more than one language use words from a language not common to their country. Nice idea but remember that there are dictionaries for all languages these days. The same key concepts from our good examples in the table above are still key. More than 10 letters and use symbols letters and numbers.

How many passwords?

You know what I am going to say, but at the end of this chapter I promise I will show you how to do this.

The answer is and always will be to have one unique password for every log in area, computer/domain, website, bank account, pin number etc.

Until biometrics and the hardware associated with them become fool proof, we will just have to bite the bullet. But as I said, some tips in the conclusion to this chapter will make this easy.

How often should I change my password?

While changing your password often means having problems remembering the new one, it does mess with any hacker trying to crack your password. Even if they got close, you will have changed it by the time they crack it resulting in a big F for Fail and they would have to start again but would probably give up.

But 2 key rules are to change your password if you even think you may have been hacked and to change it if you forget it Duh!

Many businesses have a “Policy” set that passwords get changed every 28 days for example. More on that in the next section below.

Why have password Policies?

A little explanation here for those who maybe don’t know or who are interested.

Many companies have a server or many servers. A server is essentially a computer that provides a service to other computers. An easy to understand example is that when you browse the internet looking for something you go to a search engine.

That search engine is a website on a server, the webpage and the results of your search are “served” to you in your browser.

A Domain server manages a domain. The Domain Server on a company’s “domain” (a collection of connected server(s) and computer(s) used explicitly by the company) amongst other things holds all of the usernames and passwords in a special database.

In Windows that database is called “Active Directory” and it has the ability to have certain rule sets applied.

These rule sets are known as policies and one of them controls the frequency that passwords are changed, the length of passwords, the complexity of passwords (special characters etc) and also the frequency that the same password can be used by a user!

That last one is interesting because in the early days some people would be prompted to change their password, they would change it to something else, then they would reset the password back to the original one. This obviously circumvents the idea of password security.

So, password policies are used to enforce password strength and changes, prevent re-use of the same or previously used passwords and finally and most importantly they are there to protect the company data.

What is 2FA or Multifactor Authentication and why is it so important?

As we have already seen in this chapter, passwords are less secure than many people believe. Security is all about putting layers of obstacles in the path of a hacker.

Think of it in the real world. You house has a door, that door has a lock, you may have a chain on the door and a spy hole to see who is on the other side. You can carry that on with a burglar alarm, CCTV, a fence around your garden and a gate.

The more obstacles you put in the way of a burglar the less likely they are t try and break into your property or rob you on the doorstep.

In the computer world we use 2FA or 2 Factor Authentication or better still, Multi-Factor authentication.

Let’s start with 2F, pretty common these days, you want to log onto your bank account, you supply all of the essential username and password information and then the bank sends an SMS message to your mobile phone. The idea here is that you have your phone and not a criminal. True in a perfect world but phones can be cloned.

As a result of cloned phones, stolen laptops etc. some systems use Multi-Factor authentication. This checks that the device you are logging in from is one that has been registered by the system before. It may also check the geographic location of the device (Geo-Location) using the connection address of the computer known in this particular case as the Public IP address. The fact is that a cloned Phone would receive the request just like the real phone.

If all of that matches, great, the system has asked you for your user name and password, authenticated via your mobile, it has also confirmed that you are using your computer and that the location of that computer is where it should be. Multi-Factor!

Should I use Biometrics where available?

There are some ethical questions here, it’s the big brother discussion really, but if you are happy that your biometric data be stored in a system then yes, fine.

However, I have been using my fingerprint to unlock my phone for years. I like my phone; I don’t want to change it because it works well, and I am happy with it.

But the place that I use to scan my fingerprint is getting worn, the result is that sometimes it doesn’t unlock first time. The point I am making is that hardware has a life expectancy, so always have a second way of accessing the data.

Facial recognition is getting better and the conspiracy theorists are right to be concerned. Personally, I am not a fan, but the CCTV is already out there on the streets.

Finally let’s mention voice recognition; the famous line from the movie Sneakers being “My voice is my password verify me”.

Voice recognition has come a long way, but again, reliable hardware is the key, literally! The more you spend on the right hardware, the better.

I never want to see a car that starts, or emergency stops on voice command. What if you have to start the car and there are road works? You shout stop but the stress in your voice means the computer fails to recognise the command.

There are just to many variables, try asking Alexa or Google, in many of those cases the results are not important, but for data security? No thanks.

Is it ever acceptable to re-use a password?

Definitely not!

Have a look at https://bit.ly/3eKH7eR and enter one of your email addresses. The results of the search will appear below the email entry box.

If your email address has ever been used on a system that is part of a data breach the details will appear in the results. If your details appear there you should change the password on the affected system immediately if you haven’t already done so.

Now, if that password has been used in association with that email address anywhere else your data is at risk!

Should I change a default password?

The answer will be obvious to many but not all of you, yes you should. But in more places that you think as we will see in the next chapter when we speak about Routers and Firewalls.

But just have a quick look at https://bit.ly/2ZEIpUi which is one of hundreds of sites legitimately listing default passwords for devices.

What is your Mobile Phones default Bluetooth password? Four zeros’?

There are many other devices that have default passwords like photocopiers, most modern photocopiers have a hard drive that stores what they scan.

What happens to that data when your photocopier gets changed? Along comes Mr Naughty and has a good look through what was scanned breaching GDPR and many other regulations at the same time.

My pin number is safe, isn’t it?

Pin numbers and passwords on modern devices need some thinking about. Four-digit pins have 10,000 possible combinations. If you use the numbers zero to nine and numbers can be repeated

Then you have 10 choices for each of the four digits = 10x10x10x10 = 10,000.

It seems like a lot but not for a computer. If you got 100 people in a room there is probably a good chance that 2 of them have the same pin number!

With contactless cards I don’t need your pin, I can use my proximity to you to scan your card and take a fixed amount from your account without you knowing at the time. Shielding your card is critical these days.

Should I write down my password?

Many people have a password book, they record their passwords in their little book that they keep at home tucked away. In my opinion, this is not secure. If you do this, I’m not telling you that you are bad, I’m just saying I don’t believe this is secure.

People lose things all the time, not all visitors to our homes or offices are people we know. It would be easy to pick up a little notebook and walk off with it. Now not only do they have your passwords (probably with the email address you used), but YOU DON’T have the passwords!

In the conclusion to this chapter there will be resources to help you with so don’t worry.

Resetting Passwords

Finally, in this chapter some points for you and also for the designers of some 2FA systems.

Until very recently I was living in the countryside, quite remote in many ways, we had our own water system, we were off grid for gas, it was so remote that we had no mobile phone reception.

You can probably see where this is going. The 2FA systems that used SMS were a real hinderance to our household.

Designers of these systems really need to re-think their options, having only 2FA via SMS as an option for clients is not a great idea. Giving them a choice of SMS or an Authentication App like Google Authenticator (other authenticators are available), might be smarter.

Some organisations authenticate by email only, this means that if the user has had their email account hacked then the hacker has full access. Again, not the smartest of solutions.

There needs to be a rethink of password resetting choices, and there need to be a few more options tied in with Multi-Factor authentication.

Having said that, most people will not have issues and will be fine with password resets.

Conclusion and Resources for Passwords

You will have heard people say that you should never use the same password in multiple places, and that is good advice, but often not very practical if you must remember them all.

Using a password storage program, called a password manager, is a great idea and there are some fantastic ones out there. They generally break down into two categories.

The first is a program that lives on your computer and stores passwords on your computer. The second is “cloud” based and stores your passwords online. The benefits of the latter are that you can log in from anywhere, even a mobile device, to have it recall your username and password for you automatically or for you to look up yourself.

The critical things to look for in a good password program are:

— Requires a strong master password and prompts you to change it

— Can generate random passwords for you or varying length that you can choose

— Has a recovery process that uses 2FA (authentication like an email and/or SMS)

— Integrates with any web browser

Check out the following password managers Zoho, Dashlane, LastPass and Keeper in your favourite search engine.

A website that is worth mentioning again here is https://bit.ly/3eKH7eR where you can put your email address in the search bar and it will check to see if your email address appears in any records of hacked databases.

After the search just scroll down for the results. They have a “Notify Me” where you can just enter your email address and they will email you if your email address appears in data breaches.

Obviously, if your information appears in a breach you should immediately change your password.

Finally, people often ask me about how they should create a god master password. Here are some possible ideas, mix and match them for better security:

— Something about your house and belongings e.g. colour of your house door + part of your car registration number + your first school friend; BlueLHFMolly

— The first line from your favourite song e.g. I was born in a cross-fire hurrican

— One of the above but substitute a special character for a common letter so BlueLHFMolly becomes B! ue! HFMo!!y or B@ue@HFMo@@y

Those last 2 fall into the 12 million years area to brute force, by then you probably won’t care! But don’t use these example!

To-Do List

— If you haven’t already got one; get yourself a password manager

— Visit Have I Been Pwned https://bit.ly/3eKH7eR and check your email addresses to see if they have been compromised

— If any are compromised change the password

— Go through your saved browser links looking for places you log into

— Change your passwords if weak

— Save them in your password manager

— Use 2FA where possible on accounts

CHAPTER 2: ROUTERS AND FIREWALLS

Let’s start by explaining what a router and a firewall do, but as always, I will keep this as easy and as simple possible, I hate jargon as much as the next guy.

A router is a piece of electronics that connects your computer network (collection of interconnected computers) to the internet (in the majority of cases).

A firewall is a piece of electronics that uses a set of rules to allow or deny a connection from inside your local network to a computer outside of your local network.

Now, I was very specific about my simple definitions, but so that we can understand how hackers breach our security I will have to expand on that. Why? Well, we need to understand how hackers breach out systems in order to understand what the weaknesses are that they typically use so we can stop them.

What are Routers?

Let me expand on my description from the introduction so we can better understand how a router is used.

Now again we will keep it simple, so let’s take a home network with a router and a desktop computer and a laptop as a starting point.

In this situation, the desktop probably connects to the router with a network cable plugged in to a network port on the computer and into another network port on the router.

The laptop probably connects via the wireless network of the router to that router. The laptop could also use a network cable, but we will assume it is using wireless for this example.

The router will manage the connections from the desktop computer and the laptop and depending on how things have been set on the computers, it may allow them to share information by passing data between them.

Simple Home Network

It is important to know that the information will be “routed” by the router, that is to say that the router “tells” the two machines how to connect to each other.

In our diagram you can see the connections that we just described, the router is controlling the connections and routing the information on our Local Area Network (LAN) wired and wi-fi.The router is also acting as the Dynamic Host Configuration Protocol (DHCP) controller, I know, tyhis sounds complicated, butall it is doing isproviding the Internet Protocol assignments to devices that are connected to the router. In the simplest terms the router translates the computer name to a number and that number back to a name when devices are trying to connect to each other. Usually we don’t need to worry about thissort of thing, but it is worthknowing.

To apply this to an office, just add in as many computers, network printers, network photocopiers and other devices as required. It is the same principle.

But doesn’t the router connect us to the internet as well I hear you ask?

Yes, it does, but let me add in here that it could be connecting to any other network, private or public instead. It is just down to how the router has been set up and what your requirements are.

Hacking our local network

To hack this network, as it stands in our diagram, would require the hacker to either hack the wireless network or to gain physical access to the network.

As a result of this setup, the wireless encryption key type and the password for the wireless network are all that stands between our data and a data breach.

If we look at the physical hacking side, then it is our computer passwords that prevent an easy data breach, but there are other ways as we will see in later chapters.

What is a Wide Area Network?

A Wide Area Network or WAN is a network external to our own with many other connections, for us in our home network example, it is the Internet.

How do we get to the Internet?

Your router has another connection that I purposely withheld from our diagram above. Let’s add it in now.

Home Network with Internet Connection

So, let’s take a simplified example of how you find an internet page (just looking from our view of the diagram above). You may need to go over this a couple of times to understand it fully. Try drawing it for yourself as a diagram.

You open your web browser and type https://www.google.co.uk in the address bar.

Your computer knows that this is an address but doesn’t know where to go to get the web page

Just a little thought!

It sends your request to the router and providing you have an internet connection; the router will have been set up with a couple of addresses to special servers that store the addresses of websites on the internet.

The router sends the request to these servers that come back with an actual connection address and the router sends your request for the webpage to the Google Web Server(s).

They return the information you requested via the router and the router remembers that you asked for that information on your computer so it sends that data directly to your computer that then rebuilds the webpage in your browser.

Why did I explain all of that?

There are a few easy Hacks that can drastically change what you see in your browser when you go to certain pages, particularly your home page.

Some items of software that you download are malicious in their intent, sometimes that malicious part of the application is a separate little program that is downloaded with the software, at other times the malicious part gets downloaded later.

It changes the settings in your browser or in a file on your computer and when you click on your homepage icon in your browser it takes you to a site that is not your preferred homepage, but a page that the software creator wants you to use.

This used to be very common, but newer browsers and operating systems will usually prevent your homepage from being changed by a piece of software.

The other point to note is that your router sends the connection information out to the internet and remembers which computer to send the returned information back to.

If a Hacker can gain access to the router, then they can capture and control all of the data that you request and have complete access to your computer remotely.

Router Firewalls

In my original definition of a router I said it was an electronic device, in fact, it has a dedicated microprocessor and some memory as part of that electronics. Routers typically have a firewall built into their software.

These firewalls in the router have default settings that allow connections that are commonly used, like internet connections, email connections, connections to certain specific game servers and so on.

The bad news for us is that all the most common connections are turned on by default. Hackers are aware of this and so will use these connection types to launch their attacks.

This is as true for businesses as it is for home users and their routers. So, what can we do to prevent these attacks?

Which Router is Best, ISP’s or Your Own?

Your Internet Service Provider or ISP will typically provide you with a router that has been pre-configured to allow you to connect to the internet via their servers.

ISP’s tend to provide their own routers for a couple of reasons, but the main reason is because they don’t expect the typical customer to be an expert on router configuration.

Buying your own high-quality router is definitely a great idea for a business user because of the added functionality that many of them have built in. For most home users the cost may be a big negative point but if you want a much higher level of data then it may be worth taking advice from your local computer guy.

No matter which solution you choose, there may well be an immediate security problem to address.

Router Passwords

Routers are often shipped with a default password. This can lead to security issues. Although it happens less these days, there are still ISP’s that send out routers with default passwords.

Have a look at https://bit.ly/30nSjZP or just search for “default router passwords” to see how many sites list this information.

If is good practice to change the default router password to a complex password of your own. If you are using a password management tool, then this information can be saved in that password manager for safe keeping and reference.

How can you Harden your Router?

Hardening your router doesn’t mean putting it in a concrete bunker, but it does mean making it harder to hack.

Here are some things that you can do, they may need you to speak with your local IT guy if you are not confident in trying these things, but they are really worth doing. Remember that your router is the guardian of your network.

— Change the Administrator password to a complex password

— Change your SSID, this is the Wi-Fi network name. It will typically identify the type of router of your ISP, which in turn identifies the type of router. Change it to something unique that does not identify you or your location.

— Enable the latest available encryption standard on your router, at the time of writing that would be WPA3 wireless encryption, but your router may have WPA2 if it is older.

— Set up a password protected Guest Wi-Fi network, visitors can use that network without access to your systems. If you have smart IoT devices, then connect these to the Guest Network as they typically have really poor security.

— Turn on automatic firmware updates if that is available on your router. This will fix vulnerabilities that have been discovered. If your router doesn’t offer automatic updates of firmware, then perform the updates manually.

— Disable remote administration of the router and also remote Wi-Fi administration.

— If your router offers 5GHz Wi-Fi, then see if it works for all of your devices, can they connect (not all devices maybe able to use 5GHz Wi-Fi). If you can use it then please do. The range of the 5GHz service is much less than the standard 2.4GHz Wi-Fi network. Although this may seem to be a negative, it does mean that you are less susceptible to someone sitting outside in a car hacking your Wi-Fi.

— Change your routers Domain Name System (DNS) settings from your ISP’s servers to ones managed by Google or Open DNS.

— Googles DNS Server addresses are 8.8.8.8 and 8.8.4.4 whilst Open DNS settings are 208.67. 222.222 and 208.67. 220.220

What does a Firewall do?

As we saw in the router section, routers have firewalls built in the software, but they are basic at best.

A dedicated firewall has a set of rules that can be customised for almost any type of connection. The better ones are updated on the fly by the manufacturer servers. This is a way of applying the latest fixes for attacks as soon as they become available.

So, from what we have learnt in the previous two paragraphs alone, a dedicated firewall is a great option if you are serious about protecting your data.

It should be positioned inside your network between the router and your network.

Departmental Firewalls

I deliberately chose the name Departmental Firewalls to simplify the way we look at using internal firewalls to protect data.

It is good practice to separate certain pieces of information within a company so that only those that need access can get it.

Imagine that all of your company’s data was on one disk drive on one computer. There are several security concerns that immediately pop into my head:

— What happens if the drive fails?

— Is the drive encrypted?

— Is the data backed up?

— Can everyone get access to all of the folders and documents?

— What happens if a document is deleted by accident?

Those are just for starters; I can think of another 7 or 8 and I don’t want to write a massive list here because you have already got the point.

Let’s just pick on “Can everyone get access to all of the folders and documents?”. If you wanted to protect the company accounts from prying eyes what could you do?

There are ways to prevent this, you can set security access rights to the folder so that only certain users can get access. You could password protect documents. You can do both.

However, as the company grows this becomes less manageable and the number of passwords for documents becomes a nightmare of epic proportions.

At this point, putting accounts on a different Local Area Network and putting a firewall between accounts and the rest of the company becomes a really great solution. Now other users in the company can automatically be blocked from accounts.

The $40 Million Credit Card Theft

Between November 27th and December 15th, 2013 around $40 million worth of credit card data was stolen from Target in the USA.

This well documented cyber-attack was first reported by Brian Krebs and details of the attack made people really sit up and think.

Fazio Mechanical Services a HVAC company who remotely monitored the Heating and Ventilation systems for Target were the subjects of a Phishing attack that resulted in their systems being hacked.

The hackers used this access to infiltrate Targets head office computer systems. Surprisingly in a company of that size there were no firewalls between departments.

This meant that once the hackers obtained access to a user account, they could get into the accounting data including the credit card details of customers.

Now I am not saying that if there was a firewall in place that they would never have gained access to the accounts data, but I am definitely saying that this could have stopped them or raised the alarm if the firewall was correctly managed.

The cost of a good firewall will vary depending on your requirements, but they start at just a few hundred GBP and I wouldn’t be without one.

How can I protect my Wireless Network?

We have already touched on several of the simplest ways to protect a wireless network including:

— Changing the SSID Name

— Choosing an appropriate Frequency Range to reduce distance

— Wi-Fi Passwords

— Encryption (WPA2 & WPA3)

There are Wireless standards documentation for which can be obtained on the IEEE website, but the important parts are in the table below:

The parts to note in particular are the Transmission Range, these are not guaranteed ranges as many things will affect this, and the IEEE Standard.

Wireless Standards

Notice that although the 802.11 is always there, there are letters that follow (a, b, g, n). Your routers wireless type will be shown on the outside of the box and in its manual.

Range Extenders

When wireless networks can’t supply the required coverage, range extenders, sometimes called repeaters, are a good solution, but again take care with all the same hardening considerations that we went through for routers. Less of the list will apply, but things like SSID, remote management etc. are still on the list.

What about Power Line Adaptors?

Power Line Adaptors allow you to connect your LAN to a plug in device to a mains power socket and providing the subsequent Power Line Adaptors and on the same Mains circuitry you can run a able from those other devices to network devices.

This is an interesting solution to the range issue and removes the need for long network cables to be installed.

This may be a great solution for faster internet connectivity in a single household property, but keep in mind the fact that unless your Power Line Adaptor has built in security features, then most makes of adaptor will allow connection to an existing network.

Your lodger could be getting free internet usage and even stalking a member of the household!

What is the USB Port in my Router for?

There are two possible uses for a USB port in a standard modern router. The first is temperature monitoring and the second is as a network failover.

Temperature monitoring is easy to understand, but what is network failover?

You may already know that you can visit most mobile phone stores and purchase a small USB dongle that can be plugged into a computer to allow access to the internet over the mobile phone network (for a price).

Some modern routers have the failover USB socket for just such a use. The idea being that if you have a problem with your phone line or your internet access goes down then you can still get to the internet using your USB dongle.

With 4G and 5G internet speeds, this may allow a few people in the company to get critical internet access until normal service is resumed.

What are Switches and Managed Switches

A Switch (sometimes called a hub) in computer networking terms is a piece of hardware that allows you to connect multiple network cables to it but that only has one connection to the main network.

A managed switch is one that allows the system administration team to allocate a specific network address to a connection (called a port).

You have read free % of the book. Please buy it to finish!

Buy the book