cbyer secu
Compare yours with other classmates' policies and discuss why one policy may not be appropriate for another home network.
My home security plan has been under development process, changing as I learn new skills. The policy is written and that is something that continues to improve, although I am the only person/ user that makes any changes.
To start I will explain the endpoint security that I currently have. Currently, I am using McAfee total protection on all my devices, I also use Malwarebytes to scan my devices monthly. I like to segment my network because I have IoT devices in my home and I do not allow them to communicate with other devices at home. I do not have any devices provided by my ISP, they often have hard-coded remote support credentials that users can't change and patches for their customized firmware versions lag patches for the same flaws released by router manufacturers. (Constantin, 2016).
The high-level architecture consists of the following: A modem that receives the internet, an internet facing FW that protects all my devices behind that, then a router (VPN/FW) segmenting my network (lab, Computer/devices, IoT, as well as the guest).
I have learned that WiFi routers can be vulnerable even when password protected. I have taken extra steps to harden my own router by disabling WPS, a serious vulnerability was found in many vendor implementations of WPS a few years ago that allows hackers to break into networks. (Constantin, 2016). WPS is based on an 8 numeric code that can be brute forced by hackers and then gain access to your device. I also change the Internal IPs to my devices to start at a different range than normal networks. All default user name and passwords have also been changed, and passwords get changed every 3 months (stay in sync with work rotations). All my computers have LAN access as I have a switch and ports everywhere there is a workstation, and mac filtering is enabled as well. The IoT network is for all Alexa and Google connected devices that currently do not provide strong security features.
Some user policies are:
· Never give away WiFi password that is why we have a guest network.
· Never provide the WiFi name (I have broadcasting disabled)
· Never connect to unsecured networks use hotspot when possible, and if you must use our VPN service (Currently PIA)
I have several items to work on such as configure and deploy my Checkpoint FW, Develop and maintain a Policy Plan for my home network, and improve upon my SSP previously created.
Constantin, L (2016). How to secure your router and home network. PC World. Retrieved from https://www.pcworld.com/article/3093362/how-to-secure-your-router-and-home-network.html