Home networks were relatively simple several years ago, perhaps nothing more than a wireless access point and a computer or two used to surf the Internet or play games online. However, home networks have become increasingly complex. Not only are we connecting more devices to our home networks, but we are doing more things with them. In this edition we will cover some basic steps to creating a more secure home network.
Your Wireless Network
Almost every home network starts with a wireless network (sometimes called a Wi-Fi network). This is what enables you to wirelessly connect any of your devices to the Internet, from laptops and tablets to gaming consoles and televisions. For this to happen, your wireless network needs something called a wireless access point. This is a physical device that connects to your Internet router (or may be built into your Internet router) and sends out a wireless signal that your devices connect to. Once your devices connect to the access point, they can then connect to other devices on your home network and the Internet. As a result, your wireless access point is one of the key parts of your home network. As such, we recommend the following steps to securing it:
- For most wireless access points, the default administrator login and password is well-known and often even posted on the Internet. As such, be sure to change the default administrator login and password to something that only you know. Make sure that it is a unique password and is not used for any of your other accounts.
- Another option you will need to configure is the name of your wireless network (sometimes called your SSID). This is the name your devices will see when they search for local wireless networks. Give your network name something unique so you can easily identify it, but make sure it does not contain any personal information. Also, there is little value in configuring your network as hidden (or non-broadcast). Most wireless scanning tools or any skilled attacker can easily discover the details of a hidden network.
- The next step is ensuring that only people you know and trust can connect to and use your wireless network, and that those connections are encrypted. You want to be sure that neighbors or strangers cannot connect to or monitor your network. You can easily mitigate these risks by enabling strong security on your wireless access point. Currently, the best option is to use the security mechanism WPA2. By simply enabling this, you require a password for people to connect to your home network and, once authenticated, those connections are encrypted. Be sure you do not use older, outdated security methods such as WEP, or no security at all (which is called an open network). An open network allows anyone to connect to your wireless network without any authentication.
- Make sure the password people will use to connect to your wireless network is a strong, hard-to-guess password and that it is different from the administrator password. Remember, you most likely have to enter the password only once for each of your devices, as they will each store and remember the password.
- Many wireless access points support what is called a Guest Network. A Guest Network allows visitors to connect to your wireless access point and access the Internet, but they cannot connect to any of the devices on your home network. If you add a Guest Network, be sure to enable WPA2 and a different password for this network.
- If you can’t remember the different passwords then use a password manager to securely store them.
Once you have your wireless network configured, we recommend you configure your home network to use OpenDNS as your DNS servers (or a similar service, such as Norton ConnectSafe for Home). When you type a name into your browser, DNS is how your browser knows which server on the Internet to connect to. Services such as OpenDNS identify known, infected websites and stop any device connected to your home wireless network from accidentally visiting these infected websites. In addition, these services often give you the ability to filter and block objectionable websites. What makes this approach so effective is there is no software to install on your devices, you just make a change to your wireless access point.
The next step involves knowing what is connected to your home network and making sure those devices are secure. This used to be simple, as you only had a few devices connected in the past. Nowadays, however, almost anything can connect to your home network, including TVs, gaming consoles, baby monitors, speakers, your house thermometer and even your car. Once you identify all the devices on your home network, you may be surprised by just how many you have. The best way to keep all of these devices secure is to ensure they are always running the latest version of their operating system. Be sure you have auto-update enabled when possible. If this is not an option, then review and update your devices monthly, if possible. In addition, be sure to visit your Internet service provider's website, as they may provide free tools and services to help you secure your home network.
- OpenDNS: http://www.opendns.org
- Norton ConnectSafe: http://dns.norton.com/dnsweb/dnsForHome.do
- Network Security Scanner: http://www.sophos.com/en-us/products/free-tools/network-security-scan.aspx
- Password Managers: http://www.securingthehuman.org/resources/newsletters/ouch/2013#october2013
Note: This article was prepared by Kevin Johnson, who is the CEO at Secure Ideas, runs MySecurityScanner.com and is a senior instructor with the SANS Institute. You can find more information at www.secureideas.com. It was prepared for the January 2014 issue of OUCH!, Securing Your New Tablet. OUCH! is published by SANS Securing The Human and is distributed under the Creative Commons BY-NC-ND 3.0 license. You are free to share or distribute this article as long as you do not sell or modify it. For past editions or translated versions, visit www.securingthehuman.org/ouch. Editorial Board: Bill Wyman, Walt Scrivens, Phil Hoffman, Bob Rudis
Keep up with alerts and tips from the Information Security Group by following us on Twitter at https://twitter.com/ISGatBrown and https://twitter.com/CISOatBrownU. Here's a sample of a recent tweet so you can see what you're missing:
ISG @ Brown @ISGatBrown: Do you know your #privacy IQ? 10 quick Q's to find out, brought to you by StaySafeOnline & ZeroKnowledgePrivacy.org: http://myprivacyiq.com/
Is your mobile phone number in MyAccount? Not only is a mobile phone number important for emergency notifications, but it can also be used to reset a forgotten password for your Brown username by following the Forgot Password link on most Brown login pages. Enter your mobile phone number at http://brown.edu/myaccount today, and don't forget to put a password lock on your phone to stay secure.
Maybe you’ve been meaning to make your password more secure but are afraid you’ll forget it. With this new feature, if you forget your strong password, you can always reset it yourself instead of having to visit the Computing Accounts and Passwords office in person. We recommend choosing a 10 character (or longer) password.
This video shows how the new self-service password reset works:
If you are having trouble connecting your device (computer, smartphone, etc.) to Brown-Secure wireless or would like to report a coverage issue, please stop by one of our upcoming clinics:
- Thursday 11/21, 2 pm - 4 pm, atrium of the CIT Building
- Thursday 12/5, 3:30 pm - 5 pm Stephen Robert '62 Campus Center
- Thursday 12/12, 3:30 pm - 5 pm Sci-Li (main floor)
- Thursday 12/19, 3 pm - 5 pm in the Alpert Medical School Main Lobby
- Thursday 1/23/14, 9am - 5pm, atrium of the CIT Building
- Tuesday 1/28/14, 3pm - 5pm, Digital Scholarship Lab, Rockefeller Library
- Thursday 1/30/14, 3pm - 5pm, Hecker Center, Rockefeller Library
October is National Cyber Security Awareness Month, a time set aside to heighten awareness of online threats and how to protect yourself, your computer or device, personal information, identity, bank account and/or reputation.
Each October the Information Security Group ratchets up their efforts to bring their message of computing safety to the Brown community. As part of this year's theme of Don't Get Caught, Get Cautious, ISG has planned special Brown Bags, prepared online materials that includes weekly quizzes, and is once again holding a raffle, with prizes that include an iPad mini and Samsung Galaxy Tab 3.
Visit Don't Get Caught, Get Cautious for full details on how to sign up for classes and enter the contest.
On Thursday, November 21, Brown's Shibboleth login screens are getting a new look. Though you may not know it by name, you have probably used Shibboleth to log in to many access-restricted Brown websites and services such as Canvas and Workday.
The new look brings our login screens in line with the University's web branding initiative that started with the homepage in 2010. Logging in still works the same, the only thing that changes is the visual design of the login and error screens.
The new format makes authentication (logging in) easier for Faculty, Students, and Staff. It highlights important information and helps visitors to be aware of which services have asked that they authenticate.
In addition to having a new look, the page is built with a "responsive" layout. That means it will automatically format itself to display well on your phone, tablet, or desktop browser.
A mobile-friendly login screen at Brown responds to increased demand for web content from mobile devices, and is critical to engage segments of the world's population that use only mobile devices for web access. Mobile traffic has grown ten fold from what it was three years ago, and currently accounts for nearly 25% of Brown's online visitors.
If you get a new computer over the break, remember that you'll be able to download Microsoft Office for free in 2014 through Brown - no need to buy a copy. In early January, look for more information in Morning Mail and on this site.
Google updated its look recently, changing the top menu bar. We've gotten a lot of questions about how to find some apps and features. Here's where to look:
Previously, you could access Google's apps (such as Mail, Calendar, Contacts, Drive) on the black bar across the top. Now, click the grid icon near the top right of the page and a menu of apps will appear.
Shared Mailboxes and Signing Out
Click your photo / icon on the top right to see your shared mailboxes and to sign out.
Other Suggestions for Finding Apps
Looking for your apps? Try these two suggestions to make them easier to find:
- Add your favorite apps (like Mail and Calendar) to your browser's bookmarks bar, and links will always show at the top of your browser. Every browser is different - here's information about the bookmarks bar in Chrome.
- Automatically open your favorite apps in new tabs each time you start your browser. Again, each browser is different - in Chrome, look for the "Open a specific page or set of pages" option.
Google Calendar invites sent to Google Groups will now automatically update as people are added to or removed from the group. In other words, if someone is added to the group, they will automatically be added to the event; anyone removed from the group will no longer see the event. Please note that group membership does not automatically update if more than 200 people are on the event's guest list.
Please join us for an Academic Technology Showcase Luncheon with Michael Satlow, December 13, 2013 at 12PM in 201 CIT (ETC). Professor Michael Satlow will be sharing his class on the Talmud and his use of Concept Mapping software. Lunch will be served.