Securing my home network, #DoIEvenBother

 

When I get back home after a long day at work, it’s dark, and my mind often wanders into thoughts of how secure (physically) my home actually is. As I unlock the front gate, then the flyscreen door, then the actual front-door (3 locks), I grin as I consider how easy it is for someone to simply break a window to get in, or jimmy the flimsy sliding door locks on the side of the house. I suppose it’s more of a deterrent than anything else. Why do I concern myself with these things? Well, I’ve had my prized possessions stolen before.  My mountain bikes mean the world to me, and the scum of the earth bike thieves took them. Absolute scum.

As I opeDoorLockn my door, it’s nice to see that my TV is still hanging on the wall, and everything is as I left it. I suspect this is a thought that goes through the minds of a lot of people. Did I remember to lock the front door? Who REALLY cares if you didn’t? (Well to start off with, without any signs of forced entry, it’s unlikely your insurance company will replace that TV!). If you were confident you left it unlocked, chances are you’d turn around, even if it meant being late to that important meeting, and lock up. Why do we give so much credence to physical security, yet the majority of us don’t even bat an eyelid in regards to our meta-physical security, our data… (which I know technically isn’t meta-physical, It just sounds so cool I had to say it…)

 “Home network security is something that we tend to overlook, and I suspect the primary reason is that we don’t value its contents to the same extent as our physical world.”

Let’s take the worst-case scenario. Assuming your home network gets 100% pwned. What will you lose? Let’s follow Doctor Angela Ziegler as an example. Doctor Ziegler is a medical scientist conducting some ground-breaking research at the state-of-the-art facilities at work. She works long hours and tends to bring work home with her on her work issue laptop. At home, she enjoys watching live gaming streams of overwatch on twitch, and the occasional episode of the (legitimately downloaded) TV-Show “Where Are My Pants?”.

At home, she has a NAS drive she purchased from her local target, containing precious photos of her colleagues (some who have passed away, others suffered a worse fate), as well as some auxiliary research papers. Connected appliances such as her cloud controlled Air-conditioner, and her Lucky-Goldstar (LG) Internet Connected refrigerator also form part of her network, along with all the latest generation gaming consoles.
Back at the office, we trust that all her research is secured by the security team, but what about back home?
Who setup the network at home? Were there any thoughts towards security during its design? Was it even designed, or did she just use the default Huawei Modem/Router supplied by her ISP?

Securing home network

What are the risks here? What does Dr. Ziegler have to lose? If your thoughts jumped to the NAS drive, with the photos and research, you would be partially correct. This is indeed the most obvious concern, if this data were to be lost, would it be replaceable? A TV at home is easy to replace, in fact, you would probably upgrade, but the photos, they are gone. What dollar value would Dr. Ziegler place on these? If you could buy your own photos that were previously lost, how much would you pay? Especially if it contains photos of friends and family who are no longer with us… Think ransomware. Apart from the personal effects, what about the auxiliary research documents? What value do they have for Dr. Ziegler, and the organisation funding her research? What if these got into the hands of a competitor? (Talon)

If you are thinking that those documents should be stored on the servers back at the office… yeah, that’s fair… in best practice. However, as humans, we are often the weakest part of any network. We are lazy, and take shortcuts when available. It’s far quicker for Dr. Ziegler to have these files locally when she works from home, rather than VPN in to the office, using that annoying 2-factor authentication the security team back at the office implemented… Where did she leave that key-fob anyway?

On that note, she doesn’t only use her work issue laptop for research either. She sometimes uses her personal desktop (gaming rig) to crunch some numbers. After all, it’s far more powerful. This is the same machine she uses to watch twitch.tv streams and browse the Internet. What security does she have on this machine? Surprisingly, the common answer here is “none”.

We have barely scraped the surface though. Remember those connected appliances? It wasn’t long ago that a vulnerability in Miele dishwashers was discovered (Article Here), allowing an attacker root access to them. So what? I hear you cry. What’s the attacker going to do? Clean my dishes?

Fair response I suppose. I guess it would be possible to control different aspects of the machine itself, but that’s not the likely goal for an attacker (although I can think of a few funny pranks to do). They could use your machine as part of a botnet, to be used for an attack on an external party (such as DDOS’ing Blizzards servers), or they could use it to move laterally through your network. I.e. once they have control of your dishwasher, they can attack your NAS drive. This same concept applies to all devices on your network.

The good news is, it’s not that hard to follow some security best practices at home. Simple things like changing the default passwords on your devices and NAS go a surprisingly long way, Setting up Wifi with a strong password and appropriate encryption, segregating work from play by not using the same machines, and ensuring that a sufficient endpoint solution (anti-virus, anti-malware etc) is present on ALL your machines.  Above all, backup your important documents! Not just on a NAS locally, but offsite too. There are many cloud-based backup solutions that could be used for Photos and Private material… BUT NOT FOR SENSITIVE WORK CONTENT!

I will address Doctor Zieglers not so unique situation in a later post, detailing a potential solution. The first step however, is identifying the risk. So the next time you return home, and follow your own unlocking routine, maybe have a think about what it is that you’re securing, and more importantly, what you’re not!

 

Ronen

Written by Ronen Meshel
You can read more about Ronen on his website: ronen.it/

All You Need to Know about Check Point Gaia R80.10

Check Point R80

Check Point has recently released Gaia R80.10 for gateway, and together with the management version released last year, it is a powerful combination you definitely want to get to know better! If you are already running Gaia R77.30 or earlier versions, you will find R80 a little different initially, although the features you love are there when you get to know your way around the SmartConsole better. In my experience, R80 is what a Next Gen Firewall OS should be. There are no longer different applications for different tasks (e.g. SmartLog, SmartView Tracker etc) as it is consolidated into SmartConsole.

Some Interesting Features of R80

With a complete rewrite of the code, R80 offers some new features to make firewall administration a smoother experience than before.

Unified Policy – an improvement on R77 and previous versions, this offers a single policy for network, users, data, and applications.

Layered Policy –A blade can have its own set of policies. You can have a Network policy, and an Application policy. They appear as two ordered policies.

Collaboration – Multiple users can be logged in simultaneously to the SmartConsole, and each work in their own sessions. Sessions can then be published for all other admins to view, before be installed.

Integration – In addition to the command line interface, you can create and run API scripts to manage configuration and operations on the Security Management Server to automate tasks. Creating address objects from the CLI becomes simple.

Consolidation – Security management and reporting from one console allows for a simpler, focused effort at keeping your network secure.

While Gaia R80 was released for only the SMS, Gaia R80.10 will be available for both SMS and gateway from March 2017. Check Point Education Services have also released the corresponding courseware for R80.10, which takes you in detail about the product and how best to deploy it in your environment.

If you have previously attended a CCSA or CCSE course for the R77.xx versions, and wondering if it’s worth attending the new version, I can assure you it is well worth your time to do so. You will find new information in the latest offering, as new chapters have been added, and others tailored for R80 (e.g. monitoring/logs). The CCSA R70.xx is a 2 day course, but the CCSA R80 is a 3 day course due to the emphasis on labs. You don’t need previous Check Point experience to attend the CCSA.

Red Education Can Help You

If you have an R80 SMS and R77.xx gateways, then we can discuss how to best manage this, and get the most out of your configuration. If both gateway and SMS are on R80.10, we can discuss the best way forward for that as well.

Red Education currently offers both versions of CCSA, and when R80.10 courseware is released, both versions of CCSE as well for some time. Red Education’s instructors were involved in courseware and exam development for the CCSE, so you are sure to get the best training experience in class from us!

If you’d like to know more about CCSA-R80 and CCSE-R80 course content, check the course outlines page on Red Education’s website

 

Sanjay

By: Sanjay Kanesamoorthy
Senior Trainer/Consultant at Red Education

A BlueKnight Perspective

Blue Knights

 

A couple of weeks ago, I had the pleasure to attend the annual “Blue Knight” conference. The conference is usually held to update Blue Knight’s with Blue Coat’s latest technology trends and innovations. After the acquisition by Symantec, Blue Coat’s product portfolio was incorporated with that of Symantec. Consequently, the update this year was on the overall portfolio.

The event was held in the Sheraton Grand Hotel Macau. It lasted for four days. During which, Symantec managed an outstanding conference with outstanding event management standards.

During the course of the conference, we as Blue Knights were encouraged to ask questions and share experiences. The sessions were very interactive and engaging, which made them fun to attend and reflect on. The level of audience participation was phenomenal.

Blue Knight

I was amazed by the level of involvement and interest that Symantec’s management took in this conference. We had top level executives and architects participating in activities and consistently answering questions. They did so very graciously and professionally. Their help and support to us are very much appreciated.

Blue Knight is a program in which Symantec partner engineers who exhibit technical excellence receive special care and attention from Symantec Corporation.

I would like to dedicate a big “Thank You” to all the ladies and gentlemen who made this event a success.

 

Wasfi Bounni's Photo

By: Wasfi Bounni
Senior Instructor/Consultant at Red Education

F5 + Blue Coat = Alpha Technology

Imagine there was a network solution amalgamating F5 and Bluecoat solutions. If such a product exists, there would be a monopoly in technology markets for a few decades. Fusing these solutions together would cover OSI Layer-2 to Layer-7 in terms of availability, delivery in addition to Security.

F5’s Big-IP solutions are the best in terms of ensuring an application is delivered on time, always available and secured. While ASM deals with a web application’s security in depth, AFM handles its Layer-4 based Denial of Service issues. APM, on the other hand, attends seamlessly to SAML-based SSO. GTM is the gatekeeper who ensures that whoever is asking for a domain’s IP, gets the IP of the most optimal service. Optimal service here means a service presented by the least loaded, best performing and nearest application server. Furthermore, AAM ensures a quicker web application user experience.

F5’s Load Balancer LTM adds to this recipe by ensuring application availability. whose role is to ensure that a site is available all the time. It also provides caching of web content. Caching is limited to RAM because the underlying kernel of all F5 modules is a Linux one. Linux doesn’t allow for optimal fetching of cached objects from the disk. The main reason behind this is the architecture of the OS which is TMOS. TMOS can deal with networking elements, security elements, and load balancing elements. When it comes to the situation where the dependency is on Hard Disks’ (I/O), TMOS behaves just like any other Linux kernel based OS. This is because TMOS has to read the file allocation tables from boot sectors and perform multiple I/Os to fetch files from the disk (a CPU utilization factor). In contrast, SGOS uses a flat non-directory based architecture wherein caching is dealt with in a way similar to indexing used in an S/W called Copernic Desktop Search. We create indexes of objects in MIME format in RAM to locate disk location.

Blue Coat offers the best of SSL visibility and forensic analysis solutions in the market.

It would be nice to see a solution combining SGOS disk caching powers with TMOS’s TCP and application based acceleration, web content security and web application security with SSO based on SAML authentication while maintaining a holistic perform
Nanda's Image

Written by Nanda Kumar Ananda
Senior Trainer at Red Education

Paessler AG – PRTG: Cloud Monitoring has never been this simple

With its incredible elasticity and complexity, cloud computing is proving to be an organizational challenge, not only on the adoption level but also from a system monitoring perspective as well.

Organizational IT today seems to be “cloud provider agnostic”. It is an enterprise commonplace to see SAAS components provided by one cloud provider and IAAS provided by another. Moreover, while shifting towards the cloud, many organizations have not relinquished their traditional data-centre infrastructure. In general, the overall organizational IT model is “Hybrid”.

In such a model, monitoring becomes a massive challenge because you need a different monitoring system for each of the model’s heterogeneous components. You need “CloudWatch” to monitor your AWS instances, “Azure Monitor” for monitoring Microsoft Azure resources besides a monitoring system for your traditional data centre systems. This is challenging because administrators will need to learn, master and monitor each of these monitoring systems separately. Wouldn’t it make more sense to amalgamate all these systems into one central and well-crafted system?

Paessler AG has catered for this need through its PRTG solution. PRTG is “spot-on” for monitoring a hybrid cloud Infrastructure. This solution is the result of nineteen years of efforts and experience in the NPMD industry. Pre-customized for many different cloud services, it brings together all your organization’s monitoring needs into one central platform. PRTG is feature rich, versatile and portable to the extent that you can install it on your smart phone. Furthermore, PRTG will notify IT admins if- and only if – a threshold value is exceeded. This means elimination of daily email notifications, which only let you know everything is OK. Unless of course if you opt for this feature.

PRTG creates a structure for modern enterprise monitoring. It brings order from amidst the chaos of today’s Hybrid IT. This awesome solution empowers you to turn your cloud monitoring process into a systematic practice.

Paessler AG – PRTG adds value to your business by helping you reap the cost benefits of your cloud strategy. This is because the main argument for many cloud services is cost savings. These savings can quickly erode without a capable monitoring solution that provides unprecedented visibility and pinpoints potential issues in no time.

Red Education has proudly become Paessler’s first official training partner in the Asia-Pacific region. With its ability to deliver courses all over this region besides its long reputation for customer-focused excellence, Red Education is pleased to announce the delivery of its first Paessler PRTG training course on Monday the 24th of October 2016. The course official name is “Paessler AG – PRTG: How to install, configure and monitor”. It is available for registration here

Wasfi Bounni's Photo

By: Wasfi Bounni
Senior Instructor/Consultant at Red Education

Happy Friday!

To ring in the weekend on this glorious Friday, here is a good way to spend 8 minutes.

Enjoy the smooth words from the Palo Alto Networks Ignite Speech for 2016.