The new threat to your home network
This may not be news to some but I felt a need to share a recent experience. It all started about 3 weeks ago at something like half three in the morning, as you do, now that sleep-cycles are now non-existent: I was listening to a talk on YouTube when my Internet connection suddenly dropped. I did the usual checks and concluded my ISP, PlusNet, which has hitherto been most reliable, was having an unusual glitch. It would be sorted by morning, I thought, and went to bed.
I was up by 7am to make sure The Boss was not without the Internet only to find it still disconnected. A slight panic now set in as this was most unusual.
Long story short, I called ISP and help desk reset something at their end and I was told to reboot the router. Part of the information I was also given was that my router was 6 years old! Six years!! They offered to send me a replacement at some cost but I declined the offer.
Well, after the reboot, the Internet was restored but I realised I had a serious problem: A six year old Internet router is a significant security risk to my home network. I checked the firmware on the router and the last time it was updated was 2016, four years ago! And it was no longer supported. Yikes!!
I had to do something about this, I thought. With most of the UK now working from home, our home networks are significantly more attractive to malicious actors who may be after any high value assets connected to them like company/business computers.
Accentuating the threat is the number of Internet connected devices the average household now has. I have 52 Internet connected devices in my 2 person household (Ring, temp & humidity sensors, Alexa devices, mobile phones, TVs, Smart this, Smart that). Any one of these devices, if breached, could be the launchpad for lateral movement.
Working from home is going nowhere soon so I came up with a plan to better protect and segment my home network.
I invested in an OpenWRT router, a pfSense firewall and used VLANs to segment the network: IoT and other devices can talk to the Internet but not my “secure subnet’ and I can manage the network from the secure subnet.
The layout now looks something like this:
I’ve been running the firewall for a few days now and, believe it or not, what we suspected will happen is happening already. But not from the expected or ‘usual suspects’.
Also what I see on my network is unlikely to be specific to me. My external IP address, to all intents and purposes, is ‘dead’ to external scrutiny (grc scan). So, what I see must be random scanning of subscriber IP networks looking for easy takings.
So where do these scans and potentially malicious probes come from? This is what I’ve observed so far:
Over half the malicious scans, 57%, can be attributed to nodes from the US and Russia. China is a “distant” 4th, contributing 8% of malicious traffic.
It seems like the US and Russia are the folk we need to be worried about! :)
I can only imagine these probes will get more intense with time and will probably get more clever too. No device is hack-proof and part of surviving in this “new way of life” is to take better ownership of your home network.
Checking your Internet router is up to date with firmware and software versions is a good place to start.
