When WFH Threats meet Xfinity Router Security

Stating the obvious: over the past year, we've come to meet many people who now WFH (work from home). And, many of them rely on Xfinity router security to keep them safe.  It's long overdue that we talk about that in specific terms, about what to expect -- and what not to expect -- if that description matches your situation. Equally important, it might describe many employees in your organization -- probably even employees that handle sensitive company information regularly.

For this particular post, we're going to focus mostly on malicious traffic filtering, although we have much more to say about Xfinity router security and WFH threats in future posts.

Malicious Traffic Filtering 101

Sometimes cybercriminals are able to exploit a vulnerability in your network or systems without any action on your part.  Example: exploiting a well-known CVE.  Other times, cybercriminals depend on you falling for a ruse that fools you into taking some action that gives them the advantage.  Example: staging a phishing attack.

But whatever they are doing, it often involves servers on their end, exchanging malicious traffic with laptops, devices, or other workstations on your network.  That's where malicious traffic filtering comes in.  No matter how the cybercriminal breached your security perimeter, there is a good chance that they seek to have some information relayed out to their malicious servers. Fortunately for you, that outbound network traffic that seeks to relay sensitive information to the cybercriminal, usually has one "tell" (a poker term for a hint) that the good guys can use to keep you safe.

The Tell

If the malicious traffic is headed out to the internet to get back to the cybercriminal's servers, there is a good chance the data flow back to those servers involves a domain name.  Fortunately for you, there are organizations (including Havoc Shield) that help to monitor and refine lists of domains that are known to be dangerous.

Sometimes those malicious domain names are variants of a domain name that you know and trust (that attack strategy is known as a look-a-like domain).  Other times it's a domain name that is so intricate that it doesn't involve any dictionary words at all.  But whatever it is, there is rarely a reason to want your WFH setup to allow that network traffic through.

That precise situation is how malicious traffic filtering (often implemented as DNS filtering) was born.  When you have some service or system that is handling malicious traffic filtering, every domain that your network attempts to send information to is scrutinized against a list of known-dangerous sites.  What happens next, is where you'll be able to avoid a close call with a cyberattack.

The Intercept

With malicious traffic filtering on your side, attempts to route traffic to malicious servers (well, many of them anyway) are blocked.  One of the most common techniques is to block an attempt to transform a domain name into an IP address -- a prerequisite step that allows network traffic to flow from you to the servers that host a particular domain.

In the case of Xfinity router security in specific (since we know many of you are xfinity customers), these intercepts show up in your online web portal under "Threat History" as follows:

Xfinity Router Security - Threat History

For what it's worth, the above screenshot came from the Xfinity account of a very tech savvy user.  Without naming names, this person was stunned to realize that they had somehow fallen for an attempt to get them to browse to a malicious site.  Twice.  In a week.

Raising Your Xfinity Router Security Game

So we're good, right?  Just make sure that Xfinity router security is configured to enable malicious traffic filtering, and all is well?

It's a good start.

But, if you and your team have all hopped on the WFH bandwagon, it may be time to think about something more.  The challenge that companies face in this age is coordinating their cybersecurity program across a wide variety of home networks -- whatever setup and configuration each employee happens to have.  And, getting a feedback loop going where there is a back-end ability to review malicious traffic filtering patterns, such as a situation where multiple employees end up attempting to browse to the same malicious site.  That type of pattern is a huge red flag that there may be some widespread attack against your organization.  That's where business-grade malicious traffic filtering helps -- and here is what you should look for in that type of solution:

  • Network Agnostic Capabilities:  support for malicious traffic filtering on any type of workstation, attached to any internet provider -- not specific to one specific one.
  • Companywide Malicious Domain List: the ability to add domains to the list of malicious / blocked domains, companywide.  If you find that one employee falls for a phishing attack that somehow made it through all of your other precautions, immediately add that domain to the list of malicious domains so that no one else in your company falls for it.  Phishing campaigns are often sent to more than one person in a company, so time is of the essence.
  • Back-End Aggregate Reporting:  a way to receive an aggregated report on the backend that shows companywide malicious traffic filtering incidents.
  • Workstation Health Indicators: backend dashboards that show that each of your employees do indeed have the company-required malicious traffic filtering enabled and that their workstation has been in touch with the backend reporting system within the past day.

Ready to raise your WFH security game with capabilities that include business-grade malicious traffic filtering?  Feel free to get in touch.