Part 2 | Beginner’s Guide to Firewalls for Small Networks | Network Design

A firewall word cloud

Introduction

Two months ago I published Part 1 of this Beginner’s Guide to Firewalls series. Part 1 was called ‘What Hacker’s Don’t Want You to Know About Firewalls.’ It serves as an introduction to what became a quite large body of information which I’ve struggled to organize and publish in a way that my readers could best utilize.

My main goal for this entire series is to provide important and current safety information to regular people…people who aren’t tech inclined and who have no desire to spend their days thinking about technology.

The first time I ever heard the term Firewall used in relation to computer networks was at the tail end of a 2 year ordeal my family experienced when a Botnet had taken over our home computer network. As we were in the last stage of banishing the Botnet permanently we were discussing ways to prevent this from ever happening again. My husband who’s a businessman operating his own small company, had recently installed a firewall for his business computer network. I was intrigued and the more I learned the more I realized that a firewall was the one strategic move we could take that would assure this would never happen again.

Below: Part 1 of The Beginner’s Guide to Small Network Firewalls

Part 1 of my Beginner's Guide to Firewalls

Goals for This Beginners’ Guide to Hardware Firewalls

It may be a bit of an understatement to say that the average American just doesn’t seem to get very excited when discussing the latest advances in network technology. I’ve personally witnessed this on many occasions myself when my husband’s eyes begin to glaze over as I’m excitedly telling him about some cool discovery I made. Depending upon the time of day, his breathing may slow down just enough for me to know that unless something changes quickly he’ll most certainly doze off. Life experiences have shown me that the vast majority of people find network conversations to be repugnant and something to be avoided at all costs! That’s why I’ve tried really hard to keep this series both extremely relevant for my specific audience (households and small businesses that need reliable and consistent networks) as well as relevant regarding the technology and hardware I present for discussion. By keeping focused on presenting only the latest, the greatest, and the broadest use types of hardware on the market currently, while at the same time presenting all of the information readers need to understand about hardware Firewalls and how they function within networks.

This Part 2 strives to advance that goal by explaining how Firewalls fit into small networks and to introduce the one factor beyond the obvious safety features which should receive the heaviest weight when making hardware selection decisions. Last I discuss some additional factors to consider when deciding what type will be most appropriate in any given environment.

Firewall’s in a Historical Context & Today’s Present Forms

It used to be that large companies were the only entities that installed hardware firewalls. Today’s world has changed drastically in that regard. Our daily news is often flooded with stories about new security vulnerabilities that impact almost everyone. Those along with new forms of attacks by hackers can have harmful or even devastating impact upon even the one most common form of technology used almost universally by people all around the world, so much so in fact that they’ve come to be considered one of life’s basic necessities. I’m talking about our cell phones. They, alongside the common targets like computers and IoT devices are now the primary vehicles for attack. Thankfully, there are many more forward thinking individuals who, although geographically strewn across the globe, have been quietly working towards the same common goal…addressing these new threats to our personal security long before many of the threats themselves have even emerged!

Office computer network center

Many of these individuals have been working on fulfilling their life’s goals…protecting people and their families from cyber threats…for many years. The challenges they face must be incredible, because oftentimes their plans to bring their devices to the market have been delayed by years. You can tell this by Googling something like ‘Home Firewall Appliances.’ You’ll find complete and professionally polished websites which show off new devices that sound amazing… but there’s no obvious means for someone to actually purchase the device shown. Nor can you even find launch dates for many of these new products. It was only after I spent hours and hours of research time that I was able to determine what the likely product life cycle was and when many of these new devices were hoping to launch.

Happily it looks to me like most of the new devices that I found highly intriguing are actually finally launching now, or did launch in the very recent past or will do so in the near future, most likely while we are still in the year 2017. Evidence of my excitement about these new launches can be ascertained by the fact that I recently purchased a device I’ve been watching for a few years shortly after it launched in August. Even further evidence is that I did so despite the fact that our family’s network is protected by an enterprise grade firewall…Sonicwall’s TX600 (I’d also recently purchased our current model when I upgraded our slower Firewall in March at a cost of $2500 + the Labor costs to setup and install it.)

The new device I just bought is called a Fingbox. It cost $139 and I was able to set it up myself! I love it and will discuss it greater detail in several future parts of this series as well as in a stand-alone post I’m currently working on. But if you’re really interested you can read what I wrote about it the day that I discovered that it was finally available for purchase.

Fingbox is a brand new device that will protect against Krack Attacks

Fingbox is a brand new device that will protect against Krack Attacks

To wrap up this introduction I’ll also touch upon how firewall appliances go about their job of protecting the small network they are installed in…but in a very general way in Part 2 of my series. I’ll delve much deeper into that subject in future sections and will also discuss a number of newer advances and twists Firewalls have undergone to engage directly in combatting the plethora of online dangers which seemingly are lurking at every turn threatening to destroy the generally pretty good levels of Internet safety that we’ve reached as a whole despite the continual bombardment of negative indicators. These circumstances point to the eventual and inevitable adoption by greater numbers of a host of new high level kinds of technology that are rapidly appearing on the market.

Network 101 | Basic Network Design

If you read Part 1 of this Firewall Series, you’re probably wondering how exactly firewalls go about providing the extra protection to networks that they

do…and perhaps you’re even interested in learning more about how they really work. I’ll try to explain as much as I understand, but truthfully, firewall technology is so incredibly complex and powerful that the intricate details regarding firewall’s inner-workings usually tend to go above my head. There’s a good reason most network engineers have had years of specialized training in their field!

An easy way to understand the role that firewalls play is to look at how they are incorporated into the actual configuration of a network. Typical small networks use a modem to receive a signal from their internet provider which supplies them with the ability to use the internet. Usually modems just have one port in and one port out, so that modem is then connected to a router which divides the signal, making it available to more than one device.

The router may have several LAN ports for computers or other devices to plug into for a wired connection. This is the best and fastest connection that you’ll get on any network. But the router also usually creates a wireless network too, by

broadcasting radio signals that any wireless devices can find and connect too.

While these are great and they are what’s driven the whole mobile technology industry to become one of the fastest growing industries around today, (along with cellular networks of course)wireless networks just can’t approach the speed that their wired counterparts do.

Throughput Should Probably Be Your Most Important Consideration When Purchasing A New Firewall Appliance

While these speed considerations are getting off the track for purposes of my firewall example…they are nice to know about. But I’ve mentioned them for another, more important reason too.

There can be a downside to using a firewall that needs to be factored into the equation when someone is considering getting one. The main downside is the firewall’s impact upon your networks’ speed.

Generally internet service provider alternatives are differentiated by one main factor, which is usually referred to as bandwidth in recent years. Bandwidth is most often quoted in ‘megabits per second‘ or ‘Mbps.’ Most internet service providers (isps) offer several speed options…typical ones today may be 15, 50, 100 or 300 Mbps down and a smaller # (or if synchronous an equal #) like 5-15 up. That scenario holds true for most of the United States…unless you’re really lucky and live somewhere where gigabit speeds are available…usually via Google or fiber optic technology…then your bandwidth speed may be measured in gigabits instead of megabits.)It’s this number and the speed of service it represents that can and usually does take a significant ‘hit’ from the addition of a firewall.

How much of a hit has been the subject of lengthy discussions, but the main takeaway is that there is a way firewall makers designate their devices impact upon this bandwidth, which is referred to as throughput.

Throughput’s definition is essentially the bandwidth speed you should expect to be available to you once all firewall services you’ll be utilizing have been factored into the equation.

Your final throughput number may be ascertained once the specific sets of tasks your firewall may perform is determined. Most often these overall throughput numbers for any given individual situation are usually derived by a network engineer. They can usually calculate it using a base number provided by the firewall manufacturer’s specifications for any of their model’s when all of their standard security services are turned on at the same time. From this number they then subtract any services their specific client won’t be utilizing. Figuring this part out isn’t easy, nor is it set in stone because networks aren’t static…they’re dynamic…meaning they’re constantly changing…so this number in practice will constantly fluctuate too. The aim then tends to be more of a range than it is a single number.

While this final throughput number may be hard to figure out it’s really important to ascertain before you make your final decision regarding which firewall you should purchase (or if you have it narrowed down to one brand…which particular model within their lineup.) Ideally a firewall maker should be able to give you a rough estimate of what their product’s overall throughput will be in your unique environment.

The reason this is so important to ascertain beforehand is because whatever number (or range) it ends up being, this throughput calculation is then used to determine what your overall network bandwidth will be after its subtracted from that bandwidth number your isp promise you. The remainder from that equation will become the actual bandwidth speed that your network will operate at after the firewall appliance is incorporated into your network.

Believe me, I wish someone had told us all this the first time we added a traditional firewall appliance into our home network. Sadly, many firewall manufacturers still don’t volunteer throughput data. Oftentimes home buyers will only get that information if you specifically ask for it.

Where do Firewalls Get Placed in Most Network Configurations?

At some point along the way when someone is making the decision to purchase their first hardware firewall they’ll begin to wonder where exactly their hardware firewall will fall in their own network’s configuration.

Firewalls are almost always situated in front of the router in a network’s design…meaning that they are as close to the main source that’s providing the entire network technology as is possible. In most cases with home networks that very first network device is a modem…or a combination modem and router.

It’s most likely that a new hardware firewall will plug into and occupy the one and only outgoing port found on the network’s modem, taking the usual position of your router. The reason for doing this is so that the firewall acts as a sort of clearing house of all web data for any and all devices within a network. All data coming into or going out of that network, must first go through the firewall.

If you’re wondering  what happens to the router then, there are 2 likely scenarios. Either the firewall itself has routing functionality built into it and it takes the place of the router completely or the router plugs into the firewall and becomes the 3rd device in the network’s chain…because unlike modems, firewall appliances usually have several outgoing ports.

A botnet master oversees botnet activity

A botnet master oversees botnet activity

Other Important Factors to Consider When Purchasing a Firewall Appliance for Home and Small Business Networks

IoT Device Considerations

In some cases a firewall has enough ports to serve all of the network’s needs for LAN connected devices. But as more kinds of equipment are being built with internet connectivity, especially the kinds of things collectively known to as the ‘Internet of Things’(or IoT devices for short)these also need ways to connect to the network.

What kind of devices are included under the IoT moniker? Examples of some common IoT devices are those which people use to create ‘smart home’s’ which can encompass many different small devices like light bulbs, smart outlets and switches and thermostats, and also much larger ones such as refrigerators, furnaces, cars and even entire security systems.

Security Cameras | A Unique Group of IoT Devices Pose a Conundrum

Security systems often employ the use of cameras. The cameras themselves fall into one of 2 categories. They can be IP cameras which are an older technology but still the most widely used because IP cameras are relatively inexpensive. They are usually sold in multi-packs so they can protect larger areas than the newer entries in the market which are commonly called standalone or single wireless cameras. If you do a Google search for security cameras, probably 95% of what you’ll find are IP cameras…which may also be referred to as CATV or internet cameras. IP cameras are complete systems which require the use of some kind of receiving DVR for recording the captured video streams. IP cameras come in many different forms too. The most popular of these are bullet and dome styles.

Standalone wireless cameras emerged from the smart home industry. These cameras don’t require much setup or a DVR for recording, so they’ve become popular for DIY’er’s. Some popular models in this category currently include ones by Nest, Canary and Netgear’s Arlo cameras. PC magazine recently reviewed some of the best in this category in this article.

In this article by Safewise security cameras are categorized by indoor versus outdoor usage. The indoor cameras they include are all of the newer stand-alone variety…but their categorization is somewhat skewed because there are good stand-alone outdoor cameras too. The outdoor cameras they talk about all fall into the IP category, but again their categorization isn’t entirely correct because IP cameras are also the ones most commonly used in indoor settings too. The reason I’ve included their article is because, despite the slightly misleading categorization, the article does a good job describing the kinds of features found on both types of cameras.

How IoT Compounds Networks’ Security Problems

In general these many different new types of devices don’t use very much of the network’s one main resource…which is generally referred to as bandwidth. But they do contribute to increasing the overall complexity of a network in 2 important ways.

First of all, these Iot devices, when added to the regular communications and computing devices which are more typical in a small network (computers, tablets and cellphones)can drastically increase the physical size of the network. Each device needs either a port to plug into the network or a wireless receiver built into the IoT hardware to receive the router’s wireless broadcast signal.

Brief Look at How Smart Light Bulbs Work

Oftentimes really small devices like light bulbs use an extra piece of hardware strictly for purposes of communicating with the network…this additional hardware which is commonly called a bridge, may or may not be included bundled with the IoT device itself when it’s purchased. So if anyone is thinking about buying smart light bulbs, it’s important to know that you may be required to buy this bridge separately too…which is something I didn’t know myself at first.

Incorporating smart light bulbs into a network then means that the bridge device plugs into the network and it broadcasts a Bluetooth signal out (which is just a very short-range kind of wireless signal) for the lightbulbs to find and connect to.

The net effect of adding even a few smart light bulbs is that the network size is increased…it has more devices connected to it.This alone doesn’t really have any negative consequence beyond just making the overall network diagram appear more complex and because of its size there are increased difficulties managing it.

The 2nd way that all these devices impact a network is that they create more opportunities or targets for hackers to attack. Because the IoT industry is an emerging industry, a large portion of these devices don’t have very good security measures built into them. What’s worse is that there is usually no way that users can alter the security of these devices. Any built-in security measures would usually reside in the device’s firmware and user’s don’t have any means of accessing it. Inherent to these kind of devices’ simplicity is the fact that it’s close to impossible for their makers’ to send out firmware updates…because there isn’t any good way to install updates. So, while they are cool, fun to use and helpful in many ways, they can also act as an open invitation to hackers. Here’s a link to one of the most recent attacks on IP cameras which ironically are most often used for security systems.

One way to keep safe from botnets

One way to keep safe from botnets

What Attracts Hackers Today

You’d think that something as insignificant as a light bulb wouldn’t interest hackers…but they do. They’re attractive because when you take a whole lot of those little devices and combine them together you gain something that’s a desirable commodity in the hacking community…armies of zombie devices that will do their bidding.

Some of my readers may remember the post I wrote about how my family’s network was taken over and made part of a Botnet. While that seemed an unlikely scenario then, we know that Botnets are still a huge problem even now. Hackers find IoT devices so attractive today because there are so many of them and most lack even basic security. There are a quite a few of these massive Botnets that are used to commit cyber crimes against corporations, and even against individuals like my favorite security news source Brian Krebs.

I was really surprised recently to discover that many of my friends weren’t entirely sure of what a Botnet really is. Here are a few quick YouTube videos which explain Botnets, how they are formed and how they function.

ESET Botnet Video

What is a Botnet? by the InfoSecurity Academy

What is a DDOS Attack by a Botnet

Hacker’s Are Businessmen and Botnets Offer Big Business Profits

In today’s world hackers are usually businessmen, (although recent focus on this topic at the widely popular SXSW Conference in Austin Texas seemed to indicate this might be changing, and that a new breed of teenage hackers might soon disrupt this reality.)

In recent times however, hacker’s haven’t hacked into things for the fun of it. They hack for profit. Botnets’ are one lucrative avenue towards that goal. The most successful Botnets are leased out to other hackers who need them to carry out attacks against corporate computers or servers that provide large-scale computing services to some of the biggest companies in the world. It’s often these servers,which most regular people have never heard of, that are the main targets of hackers.

By employing the combined power of thousands of IoT devices the main attacks aimed at these service providers are a type of attack known as a DDoS attacks. In a typical DDoS attack, a company’s computers are barraged with thousands, upon thousands of requests that ultimately overwhelm them so much that they simply come to a grinding halt and are unable to function in any meaningful way. When servers are hit they may also take down all of the clients they are serving…raising the victim rate exponentially. That’s exactly what occurred in a recent attack against a company no one’s ever heard of called Dyn.

On October 21, 2016 Dyn was attacked by a huge Botnet known as Mirai, which controls thousands of IoT devices like printers, baby monitors, IP security cameras and smart home controllers.

Mirai Botnet

Mirai Botnet

The attacks lasted for an entire day. Dyn is a service company that provides DNS services which help to map domains so that end users can reach their desired website. When Dyn was attacked this mapping service was disrupted and at least 70 well known companies were affected. Companies like the Wall Street Journal, Twitter, Airbnb, Amazon, Netflix, Comcast, HBO, Fox News, Reddit, Etsy, Walgreens, Zillow, Pinterest, PayPal and many more. As the day progressed one news source after another proclaimed that more than 1/2 of the Internet was completely shut down.

The numbers of Botnets created to harm other systems is rising, as discussed in this recent MIT Technology Review article.They will continue to do so until manufacturers begin adding serious security measures into these devices.

These types of attacks are one of the key reasons that every home and business user should consider protecting their network with a firewall.

MIT Technology Review Article on Botnets Growth

MIT  Technology Review Article on Botnets Growth

But What can we as individuals do about this? If you like all of the benefits that IoT devices offer, and you plan on turning your home or office into a modern smart environment by using many different IoT devices to address many different functions, then installing a hardware firewall at the front end of your network may prove to be your best defense. If you were to install one of the all-encompassing traditional firewalls, they too can be configured to provide coverage for IoT devices. But as we’ve recently learned, there are a few newer, less expensive firewalls which are designed specifically to protect IoT devices. This emerging market promises much better solutions for individuals and families who use small networks they’ve setup themselves. Parts 3 and 4 in this Beginner’s Guide to Firewalls will cover several of these newer device types and discuss the varying, unique, and sometimes brilliant approaches their developers have utilized to make inexpensive hardware perform incredibly complex tasks.

Learn How to Secure Your Home Network’s Modem Here 

Comments

You can leave comments by scrolling further down the page and looking for the small reply box.

Posted in Tech Tips | Tagged , | Leave a comment

Brand New Device Secures Networks & Protects Against KRACK Attacks

Pictured below:  Fingbox
  An amazing new network tool anyone can afford and easily use to keep their network safe and secure.

img_2457

Update 1 week later:  I ordered Fingbox the day I wrote this. You can read about my experience setting up and using it.

Perhaps the Biggest Data Security Threat in History was Revealed Last Week

The Threat is Known As Krack Attack

I first learned of this new security threat in an email my Dad sent me. We were traveling at the time so I couldn’t really research it until we arrived home. The Chicago Tribune’s headline and article shown below was one of many I read in the days following the initial news that our WiFi networks were no longer safe.

The more I read the more I struggled with how to share this news with my readers. The news was bad, to be certain. Frankly, no one wants to be the continual bearer of bad news. Unfortunately, at least initially, I didn’t have any good advice to share with my readers. The only advice I had was the same advice as that of all the experts.


Best Advice to Follow to Prevent Krack Attacks

Make sure that you keep all your devices up to date with security patches and general updates.

Because the advice that’s given in literally every source I found didn’t seem to offer much in terms of really useful information, and because I didn’t feel I had anything new to add to the equation…I ended up not saying anything at all.


I Began Educating Myself so That I Really Understood the Threat

As I continued reading and learning I finally began to understand the crux of the problem much more concretely. Ultimately that learning process has been very worthwhile…so worthwhile in fact that I want to share one resource. This article was extremely helpful for improving my understanding of the problem. In it the author describes what an ‘Evil Twin Access Point Is.

The ‘evil twin AP’ concept lies at the heart of the Krack Attack threat…so while the author describes this in the context of public Wifi’s…it pertains to private, or home Wifi’s too. I think the author has done an amazing job of explaining a really complex concept in a way that’s easy to understand!

What led me to the ‘Evil Twin’ article was an email I received today about the development of a product I’ve been monitoring for a long time now. I was really excited to discover that not only was this long awaited product now available…it’s a network scanning device for everyday people…but it may be the answer to mine and many other people’s prayers to address the problem of how to stay safe following the Krack Attack news.

Therefore I finally feel as if I have some good, if not great advice to share in addressing this scary sounding situation. But before a get into the details of that, there were a few more realizations I’d arrived at which put the Krack Attack news into better perspective. So first, here are a couple of general observations which mitigate the significance of the overall threat quite a bit. Most of these were taken from this Krebs on Security article.

The likelihood of an individual of family’s network to be attacked using Krack Attack is very small.

The reason for this is because an attack can’t be done remotely…the attacker needs to be in close proximity to the network he/she is attacking. Therefore in the case of residences…there’s a good chance that you’d notice any strangers hanging around your home. Especially if they were there long enough to employ their nefarious tactics and then wait around  even longer to take advantage of them and capture people’s data while you’re engaged in online activity. Because it’s a real time situation they would need to be present  the whole time.

When the Threat was Announced There Were Already Some Solutions Immediately Available

That’s because the researchers who discovered the vulnerability first took their information to the tech world…so that equipment manufacturers could begin working on fixing their hardware immediately to prevent this vulnerability from gaining too much ground in harming users. Therefore many users had already received the patches prior to even hearing the first reports of the very bad news.

This holds true primarily for Windows users…although I don’t know all the specifics, I’d guess that it’s probably Windows 10 users who are safest. Another huge hardware provider, Apple, said they would be releasing this fix very soon.

Once a devices software is updated with a fix, there’s no longer a vulnerability for that device.

There’s No Evidence Pointing to Any Actual Exploitation Using the Vulnerability

Since this vulnerability was discovered by good guys who immediately took the correct actions to address it’s very broad reach, no one has any knowledge of actual hacking incidents which may have taken advantage of the vulnerability to date. That’s probably one significant reason why the guys that found it brought it to the attention of those responsible for correcting situations in which the exploit could occur first. Even before announcing it to the general public. So that when the hacking community did learn of it, there would already be fixes well underway.

But There Still Remains a Larger Problem…Updating Network Devices

Things like routers and access points for sure need to be patched too. But patching those via updating their firmware isn’t necessarily an easy task. Each manufacturer has different procedures for this. Simply finding their information may not be easy and the actual firmware update can be even more challenging…yet, it needs to be done! I suspect that firmware updates for things like routers are orchestrated in a manner very similar to how I describe the process of securing your network’s router or modem in this post.

If Only There Were a Way to Tell if a Krack Attack was Actively Being Employed on a Network

In light of what I learned…this threat isn’t nearly as concerning as I’d once believed it to be. But it’s still present and will continue until network hardware makers release fixes for their products. That’s why I was really excited when I received an email today from a company I’d been watching with interest for several years as they worked on developing a new breed of hardware device that can aid greatly in administering smaller networks like those used in most home throughout the United States.

Fingbox and the ios app

The Product I’ve Been Keeping Tabs on the Development of is Called Fingbox

I was watching it for so long because of the promise it held it for keeping our home network secure and managing our problematic bandwidth issues. I believed that if the Fingbox team could make the Fingbox a reality, and do it such a way that we could afford it (without monthly subscription fees) that would be the answer I’d been searching for. It turns out that’s exactly what they did! Moreover, the timing for Fingbox could not have been better!

How I Discovered Fingbox

I first heard about Fingbox when I took an action that I almost never take…I signed up to receive email updates from an app developer. The app was called Fing. I never sign up for email updates because I’m already overwhelmed with too many emails. The thought of receiving one more was far from appealing. But in the case of Fing….I was so intrigued that I broke my own rule.

Once I’d finally regained control of our network following an almost 2 year battle with a botnet, I wanted to keep very close tabs on all of our network traffic. I discovered Fing in that pursuit. While Fing didn’t let me do a lot of the things I longed for…it did let me do one thing very, very well. Fing let me see who or what was on my network at any given moment in time…just by using my iPhone or iPad!

img_2432

The Fing App

In the early years following our botnet attack, we relied completely upon one device to help us feel secure…a hardware firewall…which had been installed and was maintained by a network consulting firm we hired. The firewall device was much too complicated for us to manage on our own. Even its management reporting features seemed far beyond our skill level. Sometimes they even seemed to be beyond our consultant’s level! Because it turns out that…

Networks are über complicated…and so are the firewall devices used to protect them.

Which is precisely why I was beyond thrilled when I discovered Fing! Apparently I wasn’t alone. Back then Fing was only available on ios…today it’s available on many different devices. I wasn’t even surprised to just learn that Fing has over 20 million users!

That’s because Fing does it’s one task exceedingly well. In fact, it really does a bit more than that too…it gives users tools to save their network and device information so that once a network is scan is completed, you can immediately spot the new devices on it. Those you’d scanned previously allow you to begin storing a bit of a history regarding their network usage.

I’m fairly certain that there is another key element that explains Fings overwhelming popularity. It’s the fact that Fing was and continues to remain a free app. I also think this says a lot about Fing’s developers. It would have been so easy to convert Fing into a paid app once it’s popularity grew. I have no doubt that even under that scenario Fing’s popularity would have continued to grow.

I can’t over emphasize the importance of the ‘peace of mind’ I gained by always knowing exactly what devices were on my network. But it wasn’t just me who was impressed. As we worked with various network consultants over the years, I found that almost all of them were equally impressed with Fing. Our expensive firewall appliance simply couldn’t provide us with that information in a quick and easy manner.

How Fingbox was Conceived

While I don’t know the exact answer to this…I do know that it was several years ago. I know this because I’d been following the company for that long. I watched as the Fingbox Team grew, the Fingbox device grew smarter and more robust, while it gradually went from concept to a finished reliable device. Early on the company seemed to struggle a little bit in coming up with the right form for their product…they tested out a subscription based service. Luckily they abandoned that concept and developed Fingbox instead. Fingbox is, at its core, a network scanner…but it’s unlike any network scanner I’ve ever seen.

The difference is that typically network scanners are employed by people who work with networks a lot and they understand all of the intricate details of networks. But this scanner is for everybody else. It’s strength is that it takes all this complex data and makes it super simple to understand and use.

What Does Fingbox Do?

The device itself is super easy to install by anyone…no network knowledge is required. Once Fingbox is connected to your network these are some of the safety features it provides you:

Fingbox Features

  • Internet Speed Tests and Historical Data
  • WiFi Speed and Streaming Quality Analysis in Real Time
  • Bandwidth Analysis and Isolation of Bandwidth Hogs
  • Gives Users the Ability to Block Devices from Accessing Their Network
  • Temporarily Pause Internet Usage on Kid’s Devices
  • Setup Digital Presences to Monitor Network Usage by Individuals or Groups
  • Setup and Receive Alerts for Various Events Such as When a New Device Joins Your Network
  • Logs Recent Events for Future Analysis
  • Internet Connection Security Check that Checks for Open Ports & Network Weaknesses
  • Monitor and Control Network Usage in Several Different Ways
  • See Virtually Everything Happening on Your Network
  • A Digital Fence Feature Displays WiFi Devices that are Within Range of Your Network, Even if they Haven’t Joined Your Network.
  • Alerts When ‘Evil Twin AP’s’ are Present

It’s those last 2 features that compelled me to order one today and to write this post. Whether or not firmware updates are made available for our network hardware, with Fingbox’es continual monitoring I won’t worry about Krack Attack Exploits.you can read more about how Fingbox accomplishes this in this article.

Watch This Video Demonstration of How Fingbox Digital Fence Detects a Malicious AP

Additional Information About Krack Attack & Some Important Fingbox Links

Fingbox was created to monitor entire small networks like those found in most homes. There’s no practical upper limit to the number of devices contained within a network although I did see mention of the number 256…so it’s quite possible that 256 devices is the maximum threshold for one Fingbox. But even if that’s true, it’s not really a concern for me. We have more devices than is the norm and last time I checked it, we were at 37 devices.Our network is quite complex because we have a hardware firewall, a mesh Wifi network and we use a gigabit switch. None of those factors will preclude us from using Fingbox, although in their literature they suggest tweaking some of the firewall’s settings to allow the Fingbox to,operate at its full potential. Further digging did reveal that there are some routers that don’t function well with Fingbox. You can read about those here.

When you arrive at the webpage in the link above you should see something like this:

If you don’t see all of the subcategories under the compatibility menu item, you just need to click or tap on it to expand the submenu.

Fingbox is really, really new. It was funded with an Indiegogo campaign that raised over 1.6 million and its backers just received their Fingboxes in August of this year. That means that the Fingbox team will continue to enhance and improve the device as greater numbers of user reviews start rolling in. You can read and see what Fingboxes initial backers had to say about it here. If you’d like you can also see what the Indiegogo campaign was all about.

How to Get Fingbox

One of the things I find most astonishing about Fingbox is how inexpensive it is…primarily because of how powerful the device is. I’ve spent a lot of time researching network hardware and the features Fingbox offers for the really low price nad low learning curve involved is truly hard to believe! Which is why I ordered one within hours of receiving that email I mentioned.

If you’re interested in getting your own FingBox, there are 2 different ways you can do so. In both cases the price is the same and free shipping is included. The first alternative is to order it from Amazon. I became an Amazon Associate a few months ago, so if you’d like to support my website by ordering it this way I’d recieve a small commission and I’d be really grateful too :-) The second method is to order it directly from Fing. Regardless of the method you use, Fingbox is covered by a generous 2 year warranty and is guaranteed to never require subscription fees.

Order Fingbox from Amazon

Order Fingbox from Fing

Comments

Please leave any comments way down towards the bottom of the page in the little comments box.

Posted in Computer & network security, Digital security, Network Tools | Tagged , , , , , , | Leave a comment

How to Create a New Page & Link to It In Weebly

Introduction

Recent upgrades at Weebly have rendered methods my Dad previously used for posting new content using Weebly ineffective. His old methods appear to be broken and trying to figure out a new methodology has proven challenging for him because Weebly has added so many new features that it’s hard to find some of their most basic procedures amidst the fray.

So I’ve written this guide for him to describe a simple step-by-step method he can use to publish a new Page. I know there are a lot of other ways to post things on Weebly but this is what he needs so it’s what my guide is focusing on. The one aspect I have not addressed that he may also need is adding images. But I suspect once he understands the steps here that will be an easy matter for him as well.

A Little More About My Dad

My Dad is 91 3/4 years old!  I mention that fact only because I’m really amazed by it. I’m also amazed that he still works on his website almost daily. It’s a huge part of his life!! I mention the 3/4’s part because when you’re in his age range…3/4’s of a year can make a big difference…heck even a 1/4 of a year can make a significant difference in managing virtually every aspect of life.

My Dad is the reason why I even have my own websites and YouTube channel. I write tips for everyday people to help them in using technology and also in learning how to stay safe online. Many years ago, when Dad retired from the corporate world, after consulting for a few years, then he really retired. That’s when he began to record important aspects of his life for his kids by writing about them.

My post about why I love my Dad's website

The kinds of things he wrote about initially were things like when he first arrived in the USA following a long cruise on a ship which sailed from Germany…he was around 6 years old then. About 20 years later he served as a Marine in the Korean War. Roughly 35 years after that Dad wrote about the culmination of his corporate career and the years leading up to it. He also searched high and low for some favorite German children’s stories and translated them for us when he found them. These were all self-published into a series of ‘essays‘ if you will, that he hand-bound and distributed. By the time he’d accomplished those things he’d been bitten by the  ‘writing bug.’ That’s when he decided to try his hand at fiction.

Shortly after Dad completed his first fiction compilation is when home computer use began to become fairly mainstream. Dad came up with the idea of publishing his work on a little website for his family. This would prove to be a much better means for him to  distribute his work. It’s also what ignited a hidden passion in some other family members to do the same :-)

His Pioneering Work as a Blogger

Little did Dad or really did any of us know at the time, but Dad had created what essentially was a blog! Below is a screenshot of his website today.

Dad's website today

I’m convinced that Dad was one of the first bloggers in existence!

Fast forward many years later and Dad is still writing his blog today.  He even has a healthy if not surprising number of weekly visitors (on average around 200)!   But the technical challenges aren’t as fun for him to tackle as they once were. Which is why I decided to try and help out a little by writing this guide. If you’d like to visit Dad’s website you can do so here. I should warn you however that Dad is a fairly prolific writer, and while it may not look it…he has a lot of content at his site!!!

If you’d like to read more of a ‘quick overview ‘of his site…(here ‘quick’ is a relative term!)…you can read the blog post I wrote in 2015 about why  I love my Dad’s website and how it inspired me to create my own :-)  In it I tried to provide a good overview of the kinds of things he writes about and how his site is organized.

A Little Background About Weebly

Weebly is a free (or it can be a paid) platform for regular people who have no coding background to use to build,their own websites. The site you’re reading this on, which is WordPress.com is similar. The way in which they differ is that WordPress relies more upon standard website creation tools whereas Weebly has come up with an ingenious ‘drag and drop’ type of engine to make website creation possible for someone with absolutely no technical background whatsoever.

When Dad began using Weebly it was very different from what it is today. I doubt that the Weebly staff even recognizes who Dad is or how unique he is in their universe of users. But Weebly needs to keep up with the times just like any good company that wants to survive should, and as they’ve added new features and tools the basics of web building have necessarily changed some. I recently learned that Dad wasn’t really utilizing the true ‘drag and drop’ nature of Weebly but had developed his own methods for publishing his work. He’d use Microsoft Word to write with and then copy/paste or drag his finished work into Weebly…with all the formatting and everything in finished form. Knowing how websites are constructed a little tells me that shouldn’t have worked…yet it did!

Dad’s methods survived for many years and it was only recently that they finally stopped working. So he needs a bit of a refresher course on how Weebly is supposed to work in order to keep writing and publishing.  Therefore my guide will start with a few basic concepts and then go on to demonstrate how to use Weebly to publish a web page.

Anatomy of a Webpage in Weebly

In Weebly webpages are built using what I like to think of as page building blocks. While there are many different kinds of blocks (Weebly calls these blocks…elements) there are only 2 that you really need to concern yourself with right now.

The Title Element and the  Text Element

Before you can add any content to your Page…you first need to add the proper container for it. I could be wrong, but I think the reason for this is that by placing content into containers, this ends up coding that content correctly for Weebly to render it properly onto a webpage.

Adding any kind of element is done in the same way…you just drag it from the tools menu to the editor.

Adding a new building block

A Little More Information About Pages

Adding Pages in Weebly is straightforward and easy. Pages are also one of the main organizational units in Weebly…and a page is equivalent to an actual webpage, in that pages become the webpages for your website.

Adding pages in Weebly

Organizing pages is pretty easy too.

Organizing pages

The only tricky thing about Pages is finding the URL or link to them after creation.

Brief Weebly Tutorial on Pages and How You Organize Them in a Website

Since everything on Dad’s website is centered around pages, I thought this Weebly video guide on managing your pages might be helpful too.

The Steps to Publish a New Webpage

If you follow this set of steps each and every time you publish new content, the whole process should be easy for you. After you’ve done it a few times, these steps will become second nature to you.

  • Step 1 Add a New Page for Your New Content

When you open Weebly’s editor for the first time you’ll land at your homepage. Dad’s homepage looks like this.

img_1997-2

To begin publishing a new page, you need to leave your homepage and go to the location in the editor where all of your pages are displayed.

To do this, click on the menu item ‘Pages‘ using the top horizontal menu, shown in the screenshot above. The screenshot below shows what you should see and do next.

Tap on the + sign at the top of the left side menu to add a brand new page. This is shown in the screenshot above.

Select Standard Page next.

If you’ve done this correctly, you’ll arrive at something which should look like the screenshot below.  You may see your own theme’s default Header Image here which you’ll probably want to remove.

If you do want to remove this header image, the next thing you’ll do is click on the down pointing arrow next to ‘Tall Header‘ on the left menu.  

When you do this several different types of page layouts will be displayed. You should select the option that says ‘NO Header.’

Several page layouts should display

Now you’ll have a new blank page that’s all ready for you to add your new content too.

  • Step 2 Add a Title

Adding a title is probably the easiest step. Just find and drag the Title element box from the left side menu onto you new document.

After the Title is complete you’re ready to move on to adding the most important part…the new content itself.

  • Step 3 Add the Text for the new page

There are a couple of ways you can go about adding your new content. You could just start typing it in right here…that’s what I do if I’m just adding something short. Or, you could have first created your new page somewhere else. In Dad’s case he was using Microsoft Word…but recently that ended up causing some problems for him so he’s been advised by Weebly staff to use something like Notepad in Windows or Apple Notes on Mac because those apps don’t let you add a lot of formatting.

So, I’ll assume that you have something already written in another app that you now want to import into your new page on Weebly. You can add it in one of 2 ways. You can either just drag it in or you can use copy/paste to add it into Weebly’s editor. In both instances it might help if you have 2 windows open on your desktop. I like to always keep the window that I’m copying from on the left and the window I’m copying to on the right…because I’m right-handed. Dragging something from left to right is easier for someone who’s right handed…if you’re left-handed you might want to do things the opposite of the way I do.

But Wait!!!

Before you drag or paste anything, remember that you need to add your container first! So, in this case, you need to add a new Text element to the page first. It will act as the ‘holding cell‘ for the text you’re about to add.

Below is an example of my container right after I added new text to it. In my example, rather than dragging or pasting some text, I’m just typed it directly into Weebly’s editor.

So, you need to find the Text box in the left-hand Menu, then drag it into your Document editor towards the right. Then either copy and paste your content into that text box, or drag it from your other open app. See my example:

(You may notice that when you begin dragging the Text element it’s a blue box…but as soon as you let go of it sort of morphs into the white text box shown below.)

Beginning to drag the textbox from The lefthand menu

  • Step 4 Make any Formatting Changes

You may have noticed that the title I entered already has some formatting. The word Will is in red and the word Title is bold. These are two of several different formatting changes you can make here.

Formatting Text in Weebly’s Editor

Formatting in Weebly is really straightforward. You just select the block of text that needs to be formatted and then use the toolbar that appears to make changes.

The only aspect that may prove slightly confusing is knowing what the various icons in the text formatting toolbar refer to. So I copied something from Weebly’s support Pages that describes what each menu item refers to.

Weebly's formatting toolbar explained

Weebly’s formatting toolbar explained

Dad is especially interested in how text is justified.  The menu icon for that is in the middle of the toolbar with 3 horizontal lines and a down arrow next to it.

Changing the color of fonts.

Adding color to fonts

Step 5 Publish the Webpage 

Once your page looks just the way you want it to click on Publish in the upper right hand corner. I believe that Weebly auto-saves your work while you’ve working on it…I know WordPress, my regular editor does. But if it doesn’t or if you often experience problems while posting something, you can do periodic ‘Publishes’ as you’re working …think of it as  ‘interim saves.’

So, the purpose of the final Publish is to allow Weebly a chance to create an internal link for it. Basically so that,you’ll have something to link to in the next task…adding a link to a menu or table of contents.

The Final Steps Are Hard To Illustrate with Screenshots So I Made a Video Demonstration

Below are the last steps which I cover in the video.

Step 6 Go to Your Table of Contents & Add the New Title

Step 7 Convert the New Title Into a Link

Step 8 Publish Your Table of Contents Page

Step 9  Thank Your Lucky Stars You Have a Daughter Who’s Happy to Write Up a Step-by-Step Guide for You

Video Demonstration | How to Create a Link in a Different Location to Your New Page

Or You Can Find my YouTube Video Demonstration by Clicking Here .

Initially I couldn’t get WordPress to embed this video, which is why I had the link to it…because really, the video has over half of the most important information in this post within it. Finally towards the end of the day imposed this I was finally able to embed it! Yay! Btw, embedding it means that it runs right within my tutorial instead of having to use a link to go watch it at YouTube.

 Below:   My YouTube Video

167AEAF5-4735-4F11-8235-E47F133D9D3A


Comments

Please feel free too leave me any comments by scrolling further down the page and looking for the little comments box.

Posted in Websites, Websites I Love, Weebly | Tagged , , , , | Leave a comment

Learn to Protect Your Network From Botnets with 1 Simple Safety Measure

Update October 2017

I Decided to Repost This Because it’s Really Important, Really Timely & Because October is National Cyber Security Month 

Homeland Security's Announcement of National Cyber Security Month

Friends and family members have helped me to understand how utterly boring this entire topic is to the vast majority of people. Even to my followers who tend on average, to be much more knowledgeable about these kinds of things. Despite that, I implore you all to read this post through one time. It’s information that everyone really needs to know and understand enough about to follow the easy steps I describe towards the end.

This post was originally written about 6 months ago. In it I describe some simple measures everyone should take to insure that the networks they use the most, their home or small business ones, are secure and protected from hackers. As I already mentioned, the information I discuss is extremely important because it helps to ensure the security of your personal data and devices. Everything from cellphones to computers.

There have been several huge new data breaches, which makes these measures even more important, and that’s why I decided to repost this. I’ve also added a lot of new information to it. And, it’s this is a great lead-in for the next post in my Firewall Series. While  6 or 7 months doesn’t appear to be a very long period of time in the real world, in terms of the internet world, it’s a very long time indeed.

Office computer network center

Why This Post Is So Important

Everyone who uses the internet requires a network to do so. For most people this means that they have their own networks that they maintain in their homes and if they run their own business it’s quite likely they maintain a separate network for that. Any network needs a gateway device that brings the internet service you use and  probably pay for from your ISP (internet service provider,) into your home for use. It’s the security of this gateway device that’s so critical.

For some inexplicable reason there’s a huge disconnect in people’s understanding of the security of these gateway devices. The type of device in question may be a standalone modem or it might be a combined modem and router, or possibly even a 3-in-1 type of device that also creates a WiFi network. Regardless if the type of device it is, when you first set it up there’s one crucial step that needs to be taken to assure that your network remains secure. That step is to remove the default credentials that come installed on it and replace them with your own.

Most times the default credentials are something like admin for the username and admin for the password. Every brand of hardware uses their own default credentials. It’s relatively easy to discover what the default credentials are for any given brand because the manufacturers of the devices expect that users will change the defaults as a part of the install process. That’s where the disconnect comes into play. Most people don’t know that these defaults even exist and that they need to be changed to something secure.

An Arris Surfboard Modem

The main reason most people don’t know about this is because the devices have become very easy to install. They can generally just be plugged in and then need to be activated by calling your ISP. ISP’s fail to mention to users that after the activation users should secure them, and most people never even use the default credentials to log onto the device because there’s no reason to. But, even though you don’t log onto it, trust me, hackers can and will if the situation arises. Why would they do that? Because that device provides easy access to all of the devices that are using the network in question. Once a hacker has access to your network, hacking into individual devices is relatively easy.

But if you change the username and password of your gateway device (i.e. Your router or modem) to something that only you know, hackers will never have that opportunity. There’s one unintuitive aspect to logging onto these network devices.  But once you understand that you’ll see that changing these credentials is easy. The aspect that tends to confuse people is that to change the credentials you need to logon to the router using a web browser like Safari or Chrome. Using the same address bar that you would typically enter your Google search in, instead you enter the IP address for your device. The manufacturer should provide the IP address for you. If you can’t find it Google the model number of your device along with something like, ‘how to login to a net gear router model # XXXXXX’ and look for the manufacturers support page that provides this information.

Oftentimes the IP address will be something like 192.168.0.1. After you enter the IP address hit ‘Enter’ and you should arrive at a screen that looks something like this:

534984C0-F085-4180-A0FA-976DBE32E86E

Once you’ve arrived at the login screen simply enter the manufacturers default username and password and you will be taken to the router’s settings. From here look for a menu item that lets you change the default to something else. That’s all there is to it to making your network much safer and more secure. Further down in the post I show you more detailed instructions for accomplishing this, as well as some other settings you might want to consider changing as well.

Why a Standalone Modem is a Good Idea

The reason it suddenly dawned on me that I should repost these instructions is because we’re in the market for a new network modem. We recently upgraded our internet speed to 300 Mbps and our old modem couldn’t provide adequate throughput…so we switched to one offered by our ISP, Spectrum. But that one seems to have problems and I think it’s because it’s not just a simple modem but an ‘all-in-one‘ which also functions as a router and creates a WiFi network too…but we don’t use those features. After a lot of research I’ve learned that using these multi-function devices when you don’t need the additional functions they offer at best, isn’t an ideal situation, and at worst, can cause latency and signal dropping problems. Since these are some of the problems we’re experiencing, I decided we need to replace our modem.

Once I’ve decided upon the new modem I may write a post about that process…because it’s taking much longer than I would have thought it should take! But in the meantime…I ran across this handy chart that Spectrum (formerly)  Time Warner Cable provides for accessing the credentials of all of the modems they supply customers with. Since it can take readers some time and effort to find out this information on their own…and because it’s precisely what the topic of this post is all about, I decided to update this post and include this handy chart.

Below: Spectrum’s Handy Chart for all of their Modem credentials as well as their own step-by-step guide for changing the default credentials on their provided modems.

Spectrum's modem credential chart

Spectrum, as well as most internet providers have the tools available to their customers…usually online, to help them take the measures they need to protect their home networks. But they never tell the customers about them! This is so extremely important yet I never even knew that Spectrum provided this webpage for all their customers…and it took calling their tech support, which you know is a pain, to find it!

Introduction

I’m writing what’s ending up to become a very long series of articles on Hardware Firewalls. My initial goal was to introduce home users to this type of device and to show how they can be used in the quest for keeping computer networks safe. I wanted to tackle this subject because there isn’t a lot of information out there for home owners yet. But more importantly because there’s an emerging market of devices designed specifically for that purpose. I didn’t really realize however how complicated the topic would become.

Mainly because this is a new and rapidly expanding range of device types that’s exploding onto the marketplace which are focused upon serving this formerly ignored, but very real need. So the situation is this. With my Hardware Firewall article I’m trying to introduce home users to an already vast array of very new products, while concurrently giving adequate coverage to the many more that are planned to launch in 2017.

It seems like within this new niche there are almost as many different approaches for addressing this need as there are new devices. The product group as a whole is still too new to have any sort of order. Confusion will dictate until people have had enough time to try them all out and decide which approaches really work the best. So, my firewall article has ended up becoming a huge undertaking…one that I hadn’t anticipated. I’ve been struggling with how to simply represent all the new devices well in written form, much less try to compare and contrast them in an evaluative manner.

While working on that it suddenly dawned on me that people should know how to secure what they already have too. So this post began as yet another section that I was adding to an already far too long and complicated article. Ultimately I realized that this section could and should, stand on its own. It’s a separate and important enough topic in its own right and my unfinished firewall article is already way too long!

Websites like Norse and Fire Eye show you computer attacks around the world in real time.

Websites like Norse and Fire Eye show you computer attacks around the world in real time. Go to Fire Eye’s Cyber Threat Map

Why You Should Secure Your Network

Every computer network has one device that acts as the gateway to the internet. That device may connect to other network components that together compose the architecture of your network. Regardless of whether or not that network is large and complicated or it simply consists of one device…it all relies upon one key gateway device. This network serves every internet device within your home or office. Every single device from servers, computers and printers on down to smart light bulbs rely upon this network’s proper functioning.

If the network is hacked or stops working…then none of these devices will work. If your network is taken over by a Botnet for example, which is something  I speak from personal experience about, then it’s quite possible, and in fact likely that your network won’t always be available for your own use. Sometimes it may work, but other times it won’t. This inconsistent pattern of fluctuating up and downtime is one key indicator of a possible Botnet.

For sure it was our own Botnet experience that led to my becoming slightly obsessed with making sure our own network is always secure. This happened in the early days of networks. Our network had been secured, up until the point when one of our teenagers decided our aging router needed an upgrade. He installed some open source firmware on it (called DD-WRT) which was actually really great but he inadvertently removed the encrypted password needed to access our WiFi in the process. He also enabled remote access, and opened a port for port forwarding. He only thought to mention the upgrade to me, keeper of the network, after the fact, although he had run the concept by and garnered the necessary permission from his Dad beforehand. Truth be told neither of us really had a clue about the importance of our router back then…so when he did tell us about it we weren’t really concerned.

Photo credit: portalgda via Visualhunt.com / CC BY-NC-SA

How to Tell if Your Network is Part of a Botnet

Within a few months time we began having network outages as well as other annoying computer problems which started cropping up on a fairly regular basis. Slowly, over time our problems increased to a point where our network was rarely usable and most of the computers in our home seemed really virus prone and exhibited other aberrant behavior too. Our problems went way beyond the typical ones of the era…things like constant online popups, many spammy emails and occasional virus alerts were just the tip of the iceberg. At its worst point we’d watch while our computer’s would wake themselves up or change screens or applications right before our eyes. More and more it seemed like something or someone was controlling our computers much of the time.

If your network begins to exhibit this kind of behavior, it could be due to several factors. One of the network device’s might be malfunctioning, other unauthorized users could be using your network, or it could be that a Botnet has taken it over too. Most Bot Master’s (they are the hacker’s who manage the Botnet) will allow their victims to keep using their devices and their networks because they want to prevent them from growing suspicious which could lead them to take the necessary steps to oust the Botnet. Many more Botnets today are formed without involving computers at all. Their targets are networks with a lot of smart home or IoT (Internet of Things) devices. That kind of Botnet may never really register any obvious signs to their victims, which is one of many factors that makes this type of Botnet more attractive to the hacking community.

What Do Botnets Do?

If you’re wondering what hacker’s use these Botnets for, the short answer is that they are able to combine the ‘computing’ resources of all those small processors into one large, more powerful computing weapon that ultimately is used for the rather mundane activities most business-focused hackers provide as services to their clients. Crimes aimed at the general public which  are things like massive spam email campaigns that send out Trojans or virus-laden emails designed to entrap even more Botnet victims, or phishing campaigns designed to steal and then resell user identities or simply just acquire lots of user credentials for future theft involving financial transactions. Crimes aimed at the corporate world are generally designed to harm companies by attacking the computers that they depend upon to run their businesses.

You’ve probably heard of and wondered what DDoS attacks are. DDoS attacks are the main type of attack that Botnets are used for. They are very simple attacks which just rely upon lots of devices sending requests to the same computer at the same time. The sheer volume of the requests overwhelm the computer so much that it can’t do anything else like perform the tasks the business needs it too, to operate. The attacks can end up causing not just huge software problems but also hardware problems. So, while these may sound like confusing, highly technical concepts that are difficult to understand, in fact they are really just pretty ordinary ones that are performed using pretty low level functions. Most IoT devices have cpu’s in them which are tiny, but when they are all combined together they can be quite powerful and easily capable of performing these low level attacks.

Which explains exactly why securing your home modem is so effective. It’s really just a pretty simple action that you can take but it ends up keeping your router’s credentials private and under only your control. The sheer magnitude of protection that this one simple step affords is well worth the effort. Because in the larger picture, it’s your entire network of devices that you’re protecting…it benefits every single device within your home that can interact with other devices.

In any event, preventing these kinds of malicious attacks from occurring is much, much easier than it is to fix the kind of problems that will arise after an attack occurs. That’s why it’s so important to secure your network now.

If you’re not convinced yet, take a look at this 6 minute video which does a great job illustrating some of these concepts.

Photo credit: portalgda via VisualHunt / CC BY-NC-SA
IMG_0293

A New Wave of Botnet’s Has Recently Appeared as Another Major Threat

I didn’t include this in my original discussion of botnets, because it wasn’t really something that was considered an imminent threat back when I first wrote this in March. But now, everything has changed. Botnets are back big time now and the need for family’s and individuals has never been greater for you to take a few minutes to secure your home network with the steps I describe in this post.

This new wave of Botnets is very different from the kind of botnet that took over my family’s network. Their primary purpose is to mine bitcoins. The whole topic of bitcoins is itself an extremely complex one and I don’t pretend to understand all that much of it myself. What I do understand is this. Bitcoins are a popular form of currency that are ‘created‘ by being ‘mined.’ This mining activity uses a huge volume of computing resources. The computers required to successfully mine  bitcoins would be very expensive to assemble and maintain…just the energy alone required to run one 24/7 is costly. What then are potential bitcoin miners without the proper resources to do? The answer is use other people’s computers without their knowledge. That’s exactly what a bitcoin mining botnet is…a network of innocent people’s computers that have been commandeered in working for a bot master to mine for them.

You might think to yourself, well, at least if my machine is taken over by this kind of a botnet I don’t need to worry that it’s going to go around hurting others…so I won’t worry about it too much…but that would be the wrong assumption to make. Because if a hacker can break down your security and enter your machine, every single bit of data contained with in it or that even simply passes through it on its way to the internet, is now accessible to that hacker. It’s only a matter of time before your credit cards and bank accounts are hacked too.

I truly don’t want to frighten readers…that’s the last thing in the world that I want to do. But we lived through all the horrors of having our network hacked. It was perhaps the worst ordeal of my life (despite that I almost died once!) and probably of all my family members too…even our kids. From start to finish the whole ‘awful period’ was about a year and a half long. It took that long for us to finally regain control of our network. We spent thousands of dollars hiring network consultants and replacing devices that simple wiping and reformatting didn’t fix. There were a few computers that were replaced multiple times. We couldn’t safely go online at all…and most of the time couldn’t even get online unsafely…because the botnet was using all of our bandwidth. It’s not an experience I want to ever see another person or family have to go through. 

That’s why, when I read about this new wave of mining Botnets I understood what a huge threat this poses to everyone…it’s a huge security concern for every single computer user today. It’s not a new kind of botnet…there have been bitcoin mining botnets before…but the economics of bitcoins have made the concept very popular amongst hackers once again. Even more worrisome is the fact that it appears this newish type of botnet is rapidly growing and gaining in popularity amongst even novice, or noncriminal hackers…it has a very broad appeal because it’s pretty easy to orchestrate for a hacker. This provides even more compelling reasons for you to make sure that you take the proper measures to protect all the computers and devices within your network right now!

Which Device Really Needs to Be Secured?

My firewall article will go into much greater detail about device protection…so this post is simply about securing what you already have in place for your network.

In 2017 almost everyone refers to their main network device as a router…but many cable and telephone providers actually provide their customer’s with combination units which include the modem function too. The difference is that a true modem just receives and re-transmits the provider’s signal into your home while also converting it from requiring either the telephone line cable or coaxial cable it enters the building with…to allow it to be used with an ethernet cable instead. So, users’ just need to stick to using one kind of cable, an ethernet cable, within their homes. Modems differ from routers because while modems bring the signal in, routers take that signal and divide it up for users to better access. Oftentimes the signal is split into a LAN (a wired Ethernet network) and a WLAN (a WiFi network.) But oftentimes routers also include several more LAN ports on back so several devices can connect to the LAN (also called the hard wired network) too. If your main network gateway device is indeed a router, than the modem (the hardware that’s necessary to receive the signal coming into your home or building and make it useable for all your devices) is actually built right into it.

So, overtime the terms ‘router’ or ‘modem’ came to be used interchangeably. The way that they are used however can vary somewhat…one type of device may be a combination or an ‘all-in-one’ device. It’s really easy to misidentify what your main device is too, because routers and modems today can look almost identical. So much so in fact, that I myself didn’t even realize until very recently that what I thought was just our modem was really a 3-in-1 combination unit. To complicate matters a little furtherthere are plenty of other network hardware devices that can also serve these functions too…like the traditional firewall devices that I discuss in my longer Firewall Series of articles. So firewalls can also act as a routers, as can wireless network devices…so it can get really confusing.

More Information About Some of the Newest Types of Network Hardware

Some of the newest network security devices are much more sophisticated routers with built-in security features. And then there’s another new class of routers which provide newer, more complex WiFi networking capabilities like cloud-based mesh ones which give you much faster, less problem-prone WiFi’s capable of handling gigabyte speeds. I don’t think there’s ever been a time in which there was such a vast range of network devices available to home owner’s. Gone are the days of the $75 router…the newer ones can get really pricey…like $400+ for high end versions.

Therefore, to alleviate any confusion I’ll try to stick to calling the device which is the subject of this post, the network gateway device. It’s the first device in your network, and it’s the one that’s connected directly to your internet service provider’s incoming signal.

It’s what you do to this device that’s the important part…not what you call it…

All network gateway device’s have settings that can be changed. The settings that are most vital for you to change are the device login credentials. Yet most people aren’t even aware of the fact that these settings exist! But there are also some additional ones that I suggest you should think about changing too…especially since you will have gone to all the trouble of figuring out what the default login is and then actually used it to log onto your device already.

Truth be told, I’m really puzzled why this information isn’t more public. It’s something that should be handed to every new customer buying a computer, subscribing to a network or buying any piece of network hardware. But, because no one talks about this people never learn that they can and should visit their main network device’s settings online to tweak a few things that could make themselves a lot less vulnerable to outside attacks. This in my mind is more important than using strong passwords, changing them often or, best…using a password manager. It’s more important even than understanding all the dangers of emails…because once a hacker has access to your network, they have access to every single device on it too. That’s also why it’s so hard to rid yourself of this problem after it occurs. Because it can cost you a lot of money and more often than  it you’ll end up having to dispose of many of your devices and getting new ones to replace them.

There are no simple fixes after the fact.

So, rather than my going into long explanations for each tweak I describe below (and risk boring you to the point of falling asleep,) I’m just telling you what needs to be changed and how it should be changed. You can Google more information about the why’s of it, if you really want to know more about each individual setting.

Since your router or modem is the gateway to your entire network…securing it isn’t just a good idea, it’s mandatory and nonnegotiable. It’s something you MUST do if you want to keep you, your personal data and your devices safe.

Our network

Our network

Because this is so important Homeland Security has created a webpage telling you what things should be secured and why.

Here’s a link to Homeland Security’s great information about securing the device that provides the internet gateway to you network.

Here’s another excellent and very detailed article about the many different ways a modem or router can be made most secure…but it’s also a bit techie.

If you don’t really understand technology and networks very well, I’ve written what I hope will be the most basic steps (for what is really a pretty complex topic) for you to follow to secure your network below.

Homeland Security's Webpage Warning Users to Change their Default Router Credentials

Homeland Security’s Webpage Warning Users to Change their Default Router Credentials

When Should You Do This?

Um..now? Please? ASAP would make sense, really. But if you’re wondering if you need to do this if you’re renting a modem or router from your isp, the answer is a resounding YES! It’s your network! Don’t think twice…they expect that you will do this!

Who Shouldn’t Do This?

No one! Everyone who has a network…literally everyone…needs to do this!

Unless you’re a kid! Then talk to your parents and help them to do it if they are unsure. But don’t do it all on your own…because one tiny mistake could cause huge problems you had no idea about. Even though your parents don’t know as much as you do about all this tech stuff, trust me when I say, they do possess certain knowledge and skills that you just don’t have yet. So, your combined wisdom should be used if they can’t manage this on their own!

Parents…read my article about how our network was invaded by a Botnet if you want to understand why you should do this with your kid rather than leaving it up to them to do alone!

Steps to take to Secure Your Network Gateway Device

Step 1 to Secure Your Network:

This is by and large the most important change to make. If you do nothing else but just make this one change you will have gone a very long way towards protecting you and your family from the dangers of the internet and hackers!

Change the device’s login name and password.
FYI, my router’s login name was: admin & the password was also admin

I changed both so that hacker’s couldn’t get into my gateway device’s settings and essentially take control of it, (which, by the way, is exactly how our network was taken over by a Botnet many years ago.)

Here are 2 links that explain how to login to your router:

Link 1: CNET’s article on defending your outer.

This is the easiest and fastest method. But sometimes it doesn’t work because you can’t figure out what your brand of router is using for its IP address or it’s been changed. If that’s the case, then use the 2nd link’s steps to connect to it. If you’re a Spectrum customer refer to the screenshot I added towards the top of the post, which provides logins for all their current devices as well as step-by-step instructions.

FYI, oftentimes this is written on a sticker that’s on the bottom or the back side of the device, but if there’s no sticker the 3 most common IP addresses are:

  • 192.168.1.1
  • 192.168.0.1
  • 192.168.100.1

Link 2: If following the steps in Link 1 doesn’t work for you then follow the steps described in this Link 2.

Step 2 to Secure Your Network:

Make sure your wireless network requires a password to join it and that the password uses strong encryption. Currently the best encryption for this is WPA2 Personal.

Here’s a link to linksys showing how to do this on many of their routers, but the Homeland Security site above also gives good advice for this.

Step 3 to Secure Your Network:

Disable any features you’re not using which make your router vulnerable to outside attacks.

Disable all of these settings

• Remote access or remote management
• UPnP (Universal Plug and Play)
• WPS (WiFi Protected Setup)
• Telenet
• SSH
• HNAP
• Port forwarding

These should all be turned off.

If you’re unsure about turning any of these off and are worried that doing so might hurt something else that you’re using….then just think about it like this instead.

If you didn’t turn these services on..who did? Some, like UPnP may have been turned on by default by the maker of your device. But if you’re not using those services, you shouldn’t leave secret doors for hackers to use to gain access to your network. Just turn them all off and write down what you changed.

If turning them off causes any unforeseen problems, you can go back and just turn them on again. If you think that this may happen because other people also help in maintaining your network…maybe a spouse, a teen, or your internet provider service people…then write in a note to yourself about exactly what changes you made so it’s easier to change back again…although I highly doubt you’ll need to do that.

Step 4 to Secure Your Network:

Write down the new login name and password and tape it to the bottom of the device. Maybe even include the IP address that worked for you.

While you don’t want this information to get lost…don’t worry too much about it. If it does get lost you can just reset the device, bringing it back to its defaults. In fact, under Step 1 above, the 2nd link step’s tell you exactly how to do that.

Congratulations!

If you’ve successfully made it all the way through this guide…congratulations, you’ve just taken some really huge steps to secure your network! Steps, which the majority of people don’t take because either they don’t know that the risks exist, or they think that doing this will be too confusing or complicated. But really it’s not, if you just know what to do, right?

If you want to learn more about ways to keep your network safe and secure you can subscribe to receive an email whenever I write a new post. The subscribe form should be somewhere below this on the bottom right side of the screen.

Comments

I really love getting feedback from my readers! Therefore I try to make it as easy as possible for readers by not requiring you to add your email address, unlike most comment sections you’ll encounter on blogs. I’ve gone a step further though because you don’t even need to include your real name. You do need a name of some kind…but that can be whatever you want it to be. You’ll find the place to leave comments by scrolling down past the end of this post and looking for the little comments box.

Posted in Tech Tips | Leave a comment