Securing my home network, #DoIEvenBother

Securing your home network

 

When I get back home after a long day at work, it’s dark, and my mind often wanders into thoughts of how secure (physically) my home actually is. As I unlock the front gate, then the flyscreen door, then the actual front-door (3 locks), I grin as I consider how easy it is for someone to simply break a window to get in, or jimmy the flimsy sliding door locks on the side of the house. I suppose it’s more of a deterrent than anything else. Why do I concern myself with these things? Well, I’ve had my prized possessions stolen before.  My mountain bikes mean the world to me, and the scum of the earth bike thieves took them. Absolute scum.

As I opeDoorLockn my door, it’s nice to see that my TV is still hanging on the wall, and everything is as I left it. I suspect this is a thought that goes through the minds of a lot of people. Did I remember to lock the front door? Who REALLY cares if you didn’t? (Well to start off with, without any signs of forced entry, it’s unlikely your insurance company will replace that TV!). If you were confident you left it unlocked, chances are you’d turn around, even if it meant being late to that important meeting, and lock up. Why do we give so much credence to physical security, yet the majority of us don’t even bat an eyelid in regards to our meta-physical security, our data… (which I know technically isn’t meta-physical, It just sounds so cool I had to say it…)

 “Home network security is something that we tend to overlook, and I suspect the primary reason is that we don’t value its contents to the same extent as our physical world.”

Let’s take the worst-case scenario. Assuming your home network gets 100% pwned. What will you lose? Let’s follow Doctor Angela Ziegler as an example. Doctor Ziegler is a medical scientist conducting some ground-breaking research at the state-of-the-art facilities at work. She works long hours and tends to bring work home with her on her work issue laptop. At home, she enjoys watching live gaming streams of overwatch on twitch, and the occasional episode of the (legitimately downloaded) TV-Show “Where Are My Pants?”.

At home, she has a NAS drive she purchased from her local target, containing precious photos of her colleagues (some who have passed away, others suffered a worse fate), as well as some auxiliary research papers. Connected appliances such as her cloud controlled Air-conditioner, and her Lucky-Goldstar (LG) Internet Connected refrigerator also form part of her network, along with all the latest generation gaming consoles.
Back at the office, we trust that all her research is secured by the security team, but what about back home?
Who setup the network at home? Were there any thoughts towards security during its design? Was it even designed, or did she just use the default Huawei Modem/Router supplied by her ISP?

Securing home network

What are the risks here? What does Dr. Ziegler have to lose? If your thoughts jumped to the NAS drive, with the photos and research, you would be partially correct. This is indeed the most obvious concern, if this data were to be lost, would it be replaceable? A TV at home is easy to replace, in fact, you would probably upgrade, but the photos, they are gone. What dollar value would Dr. Ziegler place on these? If you could buy your own photos that were previously lost, how much would you pay? Especially if it contains photos of friends and family who are no longer with us… Think ransomware. Apart from the personal effects, what about the auxiliary research documents? What value do they have for Dr. Ziegler, and the organisation funding her research? What if these got into the hands of a competitor? (Talon)

If you are thinking that those documents should be stored on the servers back at the office… yeah, that’s fair… in best practice. However, as humans, we are often the weakest part of any network. We are lazy, and take shortcuts when available. It’s far quicker for Dr. Ziegler to have these files locally when she works from home, rather than VPN in to the office, using that annoying 2-factor authentication the security team back at the office implemented… Where did she leave that key-fob anyway?

On that note, she doesn’t only use her work issue laptop for research either. She sometimes uses her personal desktop (gaming rig) to crunch some numbers. After all, it’s far more powerful. This is the same machine she uses to watch twitch.tv streams and browse the Internet. What security does she have on this machine? Surprisingly, the common answer here is “none”.

We have barely scraped the surface though. Remember those connected appliances? It wasn’t long ago that a vulnerability in Miele dishwashers was discovered (Article Here), allowing an attacker root access to them. So what? I hear you cry. What’s the attacker going to do? Clean my dishes?

Fair response I suppose. I guess it would be possible to control different aspects of the machine itself, but that’s not the likely goal for an attacker (although I can think of a few funny pranks to do). They could use your machine as part of a botnet, to be used for an attack on an external party (such as DDOS’ing Blizzards servers), or they could use it to move laterally through your network. I.e. once they have control of your dishwasher, they can attack your NAS drive. This same concept applies to all devices on your network.

The good news is, it’s not that hard to follow some security best practices at home. Simple things like changing the default passwords on your devices and NAS go a surprisingly long way, Setting up Wifi with a strong password and appropriate encryption, segregating work from play by not using the same machines, and ensuring that a sufficient endpoint solution (anti-virus, anti-malware etc) is present on ALL your machines.  Above all, backup your important documents! Not just on a NAS locally, but offsite too. There are many cloud-based backup solutions that could be used for Photos and Private material… BUT NOT FOR SENSITIVE WORK CONTENT!

I will address Doctor Zieglers not so unique situation in a later post, detailing a potential solution. The first step however, is identifying the risk. So the next time you return home, and follow your own unlocking routine, maybe have a think about what it is that you’re securing, and more importantly, what you’re not!

 

Ronen

Written by Ronen Meshel
You can read more about Ronen on his website: ronen.it/

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page

Network Security Training Courses Now Available for Professionals

Red Education Network Security Courses

Upskill staff with affordable training at your fingertips

SYDNEY — Oct. 24, 2017 – Australian startup WOTBOT today announced its partnership with its TeachWOT online learning product and Red Education. Together, the two companies will provide convenient online network security training programs.

“In an industry where there is so much information, so many vendors, and myriad areas of specialisation, we recognised the need for structured training to enable network professionals to keep updated with the latest technology developments,” stated Linda Wooding, Director, TeachWOT.

TeachWOT’s online portal enables course participants to complete the course at a convenient time, at a pace that suits them. All coursework and testing is facilitated online and is affordably priced.

Red Education is the leading IT professional Training provider in Asia Pacific and Japan. With its highly-regarded reputation, market penetration and long experience in this domain, the partnership with Red Education is vital for the success and reach of TeachWOT in the region.

“Increasingly, technical experts’ time is being squeezed whilst the expectation from employers is that skills are current, and both deep and broad. The TeachWOT range of online, on-demand short courses in targeted cybersecurity technologies enable an awesome way to increase skills flexibly and inexpensively.” Said Rob Howard, Managing Director at Red Education. “Whether you’re on the bus, at home, or on a break, these courses are delivered to your device, and get you the skills you need to stay on top in the fast-paced world of security and access.”

TeachWOT courses are intended for network professionals including web developers, IT operations engineers and system administrators. Upon completion of courses, participants are provided with a Certificate of Completion.

Network professionals juggle the rapid and regular introductions of new technologies, while managing a staggering rate of standards updates and compliance requirements. They often don’t have the time to proactively keep themselves up to date on all facets of networking. Courses by TeachWOT offer a convenient “train-as-you-go” portal where course participants can log in and complete their training over a 90-day period.

Courses offered include:

Network Fundamentals – Core: This course gives participants a deep understanding of the fundamentals of computer networking with a detailed description of the function, protocols and intersects between each of the seven network layers.

Application Delivery Fundamentals: This course enables network professionals to prepare to sit the Industry recognized ADN certification F5 Networks – 101 Application Delivery Fundamentals. The course covers an overview of network fundamentals with a detailed review of protocols, traffic management concepts and a focused view of Layers 4-7 of the network.

 Web Application Firewalls for DevOps: This course provides an overview of the increasing threats to web applications, the benefits of a Web Application Firewall (WAF) and the design, selection and implementation of a quality WAF solution.

“Network professionals can now keep up to date at a time and in a place that is convenient to them. We provide a simple modular portal with engaging visual and audio course material, along with supporting materials for ongoing learning. We are particularly pleased to be offering an Australian solution that is specific to our market,” remarked Linda Wooding, Director, TeachWOT.

Full list e-learning courses

About TeachWOT

TeachWOT is a subsidiary of WOTBOT, an Australian software company that designs, builds and customises innovative software solutions for web and mobile applications to help businesses grow and succeed. Our solutions facilitate the streamlining of business operations to ensure maximum efficiency and productivity. Our expertise is in simplifying business communication technologies for optimum business performance. Maximise your results by putting the simplest technology at your fingertips.

About Red Education

Red Education is the leader in IT training and professional services in Asia Pacific. Since its launch in 2005, Red Education has trained more than 50,000 IT professionals of many industries including financial services, government, telecommunications, education, healthcare and many others. The combination of extensively experienced trainers and courses that balance theoretical concepts and hands-on labs is the formula to Red Education’s class success. Red Education ensures quality class across all delivery methods; in-class, virtually or on clients’ sites.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page

Red Education wins the fifth consecutive Palo Alto Networks APAC Excellence in Training Award for 2017

APAC excellence in Training Award Trophies

 

SYDNEY — Sep. 5, 2017 — Red Education today announced receiving its fifth successive Palo Alto Networks® APAC Excellence in Training Award for the year 2017.

This award marks the fifth win after receiving the same recognition for the years 2013, 2014, 2015 and 2016. The awards were announced during the Palo Alto Networks Sales Kickoff event, which took place on 28 – 30 August 2017 in Las Vegas, Nevada.

APAC excellence in Training Award - Elite ATC Badge

Endorsing Red Education’s performance and achievements, Palo Alto Networks recognise our company as an Elite Authorised Training Centre.

During the last financial year, August 2016 – July 2017, the company delivered over 120 courses, training around 800 IT security specialists on a range of Palo Alto Networks technologies.

“We’re proud to receive the APAC Excellence in Training Award for the fifth consecutive year.” Rob Howard, Managing Director at Red Education commented. “This award is recognition by Palo Alto Networks of our outstanding training delivery and effective enablement. It is also an acknowledgement of our trainers’ capabilities and commitment to excellence. This is the result of hard work, experience and, above all, passion for enabling security experts across Asia Pac on Palo Alto Networks technologies”.

“It was a fantastic event where all partners and distributors gathered to celebrate success together.” Chris Wong, Regional Director – Asia, noted. “The theme of this year’s SKO was What We’re Made of. Such an exciting theme that comes with great content and an anticipation to witness the innovative ideas Palo Alto Networks are bringing along in FY18.”. Chris further added:”I can’t reveal more as whatever happens in Vegas stays in Vegas!”.

To learn more about Palo Alto Networks training courses or to register, please visit Red Education’s course schedules.

About Red Education

Red Education is the leader in specialist training and professional services for the IT community across Asia Pacific including Australia, New Zealand, ASEAN, Greater China, Japan, Korea and India. Since its inception in 2005, Red Education has delivered over 50,000 training seats to every major enterprise, government agency and service provider across the region. Providing vendor accredited in-class, on-site or virtual training, Red Education courses blend theoretical concepts with practical hands-on lab exercises and are delivered by instructors who have years and decades of practical experience.

###

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page

Red Education’s Sales Kick Off 2017

Red Education Team Photo

 

Red Education Pty Ltd started the 2017 financial year with the annual Sales Kick Off conference which lasted for three days in the Blue Mountains, NSW, Australia.

“I’m pleased with the great finish to 2016 that our teams achieved and with the growth Red Education gained throughout the past year in all regions across APAC.” Commented Rob Howard, Co-founder and Managing Director at Red Education. “ It’s great to see that our company has reached a level of maturity to maintain a healthy growth rate that’s proportionate to the market’s.”

Shree Karki Receiving F5's Sales Person of the Year Award
Red Education had special guests presenting during this SKO event. Martin Wooding, Director, APAC Service Sales at F5 Networks was there to walk the Sales team through the changes taking effect on F5’s courses portfolio.

Martin concluded his session with handing the F5 Sales Person trophy to Shree Karki, Account Manager – ANZ at Red Education.

 

 

 

Luke Collins receiving Symantec's Sales Person Award from Charlie Sadaka
Another master of craft from Symantec was also attending. Charlie Sadaka, Sr. Technical Education Consultant, took the team deeper into Symantec’s education offerings.

Charlie also handed the Symantec Sales Person Award to Luke Collins, Account Manager – ANZ at Red Education for closing the highest deals across all regions.

 

 

 

Red Education’s SKO concluded with the Awards Ceremony:

 

Raj Kumar receives an award for being India’s Top Salesperson

 

Stephen Lee receives Asia’s Sales Person of the Year Award

 

Luke Collins receives ANZ’s Sales Person of the Year Award


 

Shree Karki receives Sales Person of the Year Award


 

And last but definitely not least, Zach Zuravle who received the special Managing Director Award

 

And a special “Thank You” to Melissa Sharp for celebrating her 10 years work anniversary with Red Education. During these years, Mel was and still is the source of wisdom and one of the major contributors to Red Education’s Success!

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page

Red Education is officially the Best Check Point Authorised Training Partner Worldwide

Red_Education_CheckPoint_bestATC_2016

 

SYDNEY, AUSTRALIA – July 17, 2017 – Red Education receives an award from Check Point as the Best 2016 Authorised Training Centre Partner globally.

For its top performance and for providing training to the highest number of I.T. professionals, Red Education earns the Check Point Best Authorised Training Centre Partner Award for the year of 2016. Red Education provides the highest quality specialist training across the Asia Pacific region and covers the full range of Check Point training courses.

”It’s a great honour to be awarded this recognition from Check Point.” said Rob Howard, Managing Director, Red Education.

“We strive to maximize the learning objectives of our attendees with world class cyber security training from vendors like Check Point. Our trainers go the extra mile to ensure everyone gets the most from their security training at Red Education, and we are grateful for the partnership with Check Point across Asia Pacific.”

“Ensuring the best possible delivery of training and enablement programs for customers and partners is a priority to Check Point. Red Education proves yet again its ability to make Check Point’s vision become a reality. With their extensively experienced trainers, best quality labs and deep penetration of the IT training market throughout APAC, Red Education becomes the logical answer to our demands.” said Toni Ponder, Manager, Training Programs and Certification, Education Services, Check Point Software Technologies.

About Red Education

Red Education is the leader in IT training and professional services in Asia Pacific. Since its launch in 2005, Red Education has trained more than 50,000 IT professionals of many industries including financial services, government, telecommunications, education, healthcare and many others. The combination of extensively experienced trainers and courses that balance theoretical concepts and hands-on labs is the formula to Red Education’s class success. Red Education ensures quality class across all delivery methods; in-class, virtually or on clients’ sites.

About Check Point

Check Point Software Technologies Ltd., is the largest pure-play security vendor globally securing more than 100,000 businesses and millions of users worldwide.

Check Point provides industry-leading cybersecurity solutions and offers a complete security architecture defending enterprises’ networks to mobile devices, in addition to the most comprehensive and intuitive security management.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page

Red Education Announced as ForgeRock Authorised Training Partner

Red Education Signs as ForgeRock Authorised Training Partner

 

SYDNEY, AUSTRALIA – MAY 01, 2017 – Red Education has been appointed as a ForgeRock Authorised Training Partner (ATP) for Asia Pacific, offering training classes to ForgeRock’s customer base across the region.

“With the explosive growth of the Internet of Things (IoT), demand for ForgeRock Digital Identity Management solutions has never been higher. Red Education has made a concerted effort to partner with leaders in this exciting space, and it’s clear that ForgeRock is the premier vendor in terms of access and identity management, key components for securing devices and services within the IoT. We will provide ForgeRock’s extensive training and certification offerings in this space across Asia Pacific, with classes commencing shortly,” said Rob Howard, Managing Director, Red Education.

He continued, “Every large enterprise, cloud provider and Government agency that has a large customer base will be evaluating how to address the digital identity requirements posed by the IoT, and we look forward to partnering with ForgeRock to provide the skills and knowledge that the market needs to be successful in this space.”

Kevin Streater, VP, ForgeRock University said, “After an extensive review of the various leading training providers in Asia Pacific, Red Education was selected due to their technology expertise, wide geographic coverage across the whole region, and their extensive learning services experience. We are delighted to be partnering with the leading IT training provider across this high growth market.”

All ForgeRock training courses are now available through Red Education.

For course dates and details visit our ForgeRock Course Outlines

About ForgeRock

ForgeRock® is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, and things. Organizations adopt the ForgeRock Identity Platform™ as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), and leverage the internet of things. ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities worldwide. ForgeRock has offices across Europe, the USA, and Asia.

About Red Education

Red Education is the leader in IT training and professional services in Asia Pacific. Since its launch in 2005, Red Education has trained more than 50,000 IT professionals of many industries including financial services, government, telecommunications, education, healthcare and many others. The combination of extensively experienced trainers and courses that balance theoretical concepts and hands-on labs is the formula to Red Education’s class success. Red Education ensures quality class across all delivery methods; in-class, virtually or on client’s site.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestShare on StumbleUponBuffer this page