Why consumer-grade equipment is less secure

Given the current state of most workers, you’re likely reading this article on a device in your house. That device may be a company-sanctioned computer or phone, but it certainly could be a personal laptop. Either way, it’s almost certainly connected to your personal WiFi network. And depending on your living situation, your spouse’s or your kids’ devices are connected to that same network.This is not meant to scare you, but attackers know this. And they aim to exploit it.Home equipment is different from office equipment, and these differences make your network more vulnerable to attacks.

Home devices are configured for easy setup by default, not for security

Nine times out of ten, consumer-grade modems and routers ship with default administration passwords that attackers can easily look up online. Once they log onto your WiFi, they’ll be able to see and possibly have access to any devices you use, including home security cameras, smart thermostats, and more. Victims have reported that attackers will change the admin account information and hold it ransom.How To Protect Yourself:

  • Make sure you’re using WPA2 or better encryption
  • Create strong passwords for your WiFi network
  • Change the default admin password on your modem and router
  • Havoc Shield’s Network Security Module can guide you through these changes

See also our related infographic with best practices for home router configuration.

Firmware is not updated as frequently or immediately as office equipment

Imagine a modem company with consumer and corporate clients. They discover an issue and need to update the firmware. Who gets their attention first?It will be corporations every time. Why? Because they spend more money on your equipment, and therefore you have more to lose if that client suffers a major attack. So while you’re solving for companies, regular consumers are left waiting.How To Protect Yourself:

  • Confirm patches on your router/modem will be automatically implemented
  • Stay aware of vulnerabilities that affect your equipment—With Threat Watch, you will be notified of relevant threats and instructions on how to resolve them.

Lack of network segmentation and insecure IOT devices

Every device on your network can see every other device. And depending on the setup, each device can talk to each other.When one device, say an insecure IOT device (and there are a tonofthem), gets hacked, that device can give hackers access to anything else on the network, like your laptop and phone.IOT devices don’t receive the same level of scrutiny as computers or enterprise-grade equipment does - they are designed to be cheap, and cheap often means insecure. Further, they’re often connected to important services, like your Amazon or Google accounts.How To Protect Yourself:

  • Research any device you connect to your network to make sure it’s protected
  • Get rid of insecure IOT devices—better yet, don’t buy them
  • Enable network segmentation on our router to create a wall between sensitive devices and less-secure IOT devices

When everyone knows your WiFi password

When’s the last time you changed your WiFi password? How many people have you shared it with? Do you know their computers are clean?Stop giving people your password—if an attacker gets hold of their device, and discovers a saved WiFi password, your network will be exposed.How To Protect Yourself:

  • Create a guest network for guests and turn it off when not in use
  • Don’t connect any IOT devices to the guest network
  • Change your WiFi password at least once a year
  • Pick a strong password (use passwordgenerator.com)

No filtering and no logging

Home equipment doesn’t automatically include filtering (A process designed to permit or deny network transmissions based upon a set of rules to protect networks from unauthorized access while permitting legitimate traffic to pass). You can use anti-virus software to start, but you will need to eventually upgrade to router-level filtering setup. This protects all the devices on your network from malicious traffic and provides you with more control. OpenDNS provides a few good services in this arena.Additionally, consumer devices have either lacking or non existent logging facilities (typically a file that contains a record of events that occurred in an application or across a network; it contains the record of user and process access calls to objects, attempts at authentication, and other activity). This leaves no good way for you or anyone else to investigate abnormalities effectively or for security systems to do so automatically.How To Protect Yourself:

  • Upgrade to a router-level filtering setup
  • Seek out devices with excellent logging facilities or stand one up yourself

What Doesn’t Matter: MAC filtering or broadcasting SSID

MAC filtering and stopping your router from broadcasting its network name do very little against even the most simple and available of hacker tools.“Wardriving” is a technique that looks at the computers that have connected to your network, and the signals they are broadcasting. Because computers “look” for networks they’ve connected to in the past, it doesn’t matter if the network is hidden. Those same computers broadcast their MAC address in plain text over the airwaves and can be easily copied by an attacker in order to bypass MAC filtering. Modern day tools allow all these things to happen as part of a fast, highly-automated system that looks for insecure networks.