When we talk about computer security and pirate attacks, we often think of large companies or state entities (such as the Lazio Region recently) that are attacked by professional hackers who generally manage to infect internal systems, making files unreadable unless you pay a ransom in cryptocurrency.
In reality, the danger is now constant and lurking everywhere, even in domestic environments. Attacking a private computer, no matter how "familiar" it is, means often find the codes to access the bank or other sensitive systems, or find a way to exploit the data of an unsuspecting user to make purchases via the Internet. Hard drives are now the deposit of documents, codes and sensitive data, in the mistaken belief that as long as they are on the home computer they will not be stolen.
In reality, there are many vulnerabilities in a PC at home: the wifi network can be cracked by reaching the PC as if you were in front of the monitor and even the accessories of the so-called Internet of Things (commands for home automation, voice assistants, etc. etc.), so popular recently, can be an entry point for malicious incursions. In fact everything is connected: the PC is connected to the internet via Wifi, as well as Alexa or Google Home or a smart thermostat for the boiler. Everything can be exploited as entry point, and often after the first barrier there is nothing "behind" that can stop any bad guys. Having the codes of a Wifi network means, at the very least, being able to use it freely, thus limiting the bandwidth and speed of the victim being attacked.
Use secure passwords
According to a study carried out by CyberArk Labs, finding the passwords of the Wifi you meet on the street is not that difficult. For the technicalities we refer to the article, but it is enough to know that CyberArk Labs going around with a "sniffer" (a computer equipped to analyze data from wireless networks) on the streets of Tel Aviv was then able to crack 70% of passwords captured. In fact, the Wifi passwords for network and peripheral operation are often transmitted over the air, even if in encrypted form. By feeding the computer the encrypted codes and using attacks based on dictionaries and name filters, if the password is not particularly complex, it is easy to find the access key.
It would seem trivial and anachronistic to talk about passwords and yet the experience of CyberArk has shown just how much little care is taken in creating your own passwords: many of the keywords found, for example, were nothing more than the homeowner's cell phone numbers, numbers that can be discovered quite easily by "cracking" programs by making thousands of attempts excluding the least possible combinations for a cell phone (all the repeating numbers, etc.).
The first mandatory rule for your own safety is: always create a “strong” password, that is complex enough to resist the attacks of any hackers. So words that are too easily remembered should not be used, no personal names or birthday dates: the ideal are words of at least 14 characters, with numbers, symbols, upper and lower case inside them. Even better if they are invented words, which the cracking programs cannot find by comparing them with online dictionaries. Even better if yes adds some space, even a sentence with 2-3 words, as long as it doesn't make sense (and therefore cannot be compared with online texts), is still very safe. Passwords should be remembered in mind, but we all tend to forget them and write them down somewhere: apart from the obvious do not write them next to the computer or on the mobile phone under the heading "password", it is good to invent an encoding to be used on the fly when writing down a secret code. For example, write the password by changing its letters with those that come before or after in the alphabet, perhaps alternating yes and no and so on. In general it is good practice to "invent" a personal algorithm (eg alternating upper and lower case, starting and ending with a number, etc.) with which you can choose to create or write down your passwords.
Protecting your router means protecting your home
Il router (or modem-router) is the device with which our home network connects to the internet. All data traffic passes through the router, the devices that use Wifi (mobile phone, tablet, TV, home automation accessories, voice assistants, etc.) connect to the router and from this to the internet. The router is then the main entrance to defend to safeguard the home network. The internet operator with whom we have made the contract usually supplies a poor quality router, difficult to program and with limited access. If you are at least familiar with what you are doing, it is advisable to replace the router given by the operator with a more performing one that is programmable. In this way it will be possible better Wifi network management and also configure its security to the best. Below we give a series of technical advice for which a little skill is required and which can be used or not depending on the router owned.
Passwords, WPA, WPS
The router is equipped with an interface that allows it to be configured. To access the interface there is a username and password provided by default, usually they are intuitive passwords or even disabled. The first thing to do is to change these two access values with strong username and password. In general, you have to change all the default credentials, which are too insecure.
The router communicates with WiFi devices using a security protocol called WAP or WEP: over the years standards have evolved to increase security, today WEP is considered insecure while WAP has evolved into WAP2 and WAP3. If available, use the maximum protection protocol to avoid sniffing dangers.
Other router issues
Many other technical characteristics of the router allow great flexibility of the device but can constitute a source of danger, so it is better to disable everything that is rarely used. The system WPS allows you to quickly connect a peripheral to your router with just the push of a button to pair devices - better disable by default this function and enable it only when you use it.
Many routers allow you to access your home PC over the Internet when you are away from home: it is very convenient but also very dangerous to check that this access is disabled or subjected to a username and password (not the default ones). If you want to use remote access from the internet you need to be sure that the PC "behind" the router is protected by a username and password, even if it is your home PC. If there are several PCs and connected peripherals in the house, it is better that each one has a username and password, the shared folders they must also be accessed with a password.
Beware of the IoT
As already mentioned, the peripherals of the are now very numerous IoT (Internet of Things) that we can connect to the internet thanks to the home network: light switches, voice assistants, food processors, video games, tablets and the list goes on. Hackers are beginning to exploit the vulnerabilities of these often low-quality devices, using them as Trojan horses to be able to infiltrate the home network.
For those who are familiar with router programming, the advice is to create one parallel Wifi network only for IoT devices. In practice, a guest network can be created where all the home automation peripherals will be connected, in this way any access will remain limited and will not be able to reach the home PC. This is also a more efficient way to take advantage of home Wifi.
Many gadgets that can be connected to the home network use the protocol UPnP (Universal Plug and Play), created to simplify communication between devices: also in this case if the router keeps it active by default it is better to disable it.
Finally, a tip for every device: always update the firmware (the operating software), to the latest version made available by the manufacturer, usually the updates concern precisely the security problems.
How to check the security of your network
A usually very effective method to see the vulnerabilities of your network is to connect to the site Shields UP, created by Steve Gibson of Gibson Research Corporation, who has been active in computer security for years. It's a site that uses an online scanner to test all the ports on your home network, revealing any holes or points of attack and recommending what to do. Extremely easy to use, it is a very technical tool which however also allows beginners to immediately run for cover in the simplest cases, such as activating the firewall: for those with more technical knowledge, it is very useful for configuring your router in the best possible way.
