At this point, we’ve done a thorough inventory of our network devices (Scan) and we’ve taken the opportunity to get rid of any devices that we no longer need or at least disabled the smart features if we don’t need them (Simplify). The next step in our process is to determine what we need to do to maximize the privacy and security of what’s left (Assess).
Before we jump in and start making changes to improve our network security, let’s take stock of where things stand, make sure we understand the scope of the problems to be fixed, and maybe take the opportunity to upgrade older hardware.
Take a look at the list of devices you created in the Scan phase. How many devices do you have? How many of them are Internet of Things (IoT) devices versus computers, smartphones or tablets? Are any of these IoT devices connected to your guest network? Get a good picture of your current situation. Maybe even draw yourself a diagram of all your devices and how they’re connected.
Now try to answer the following questions:
- What is this device actually doing? What purpose does it serve?
- What’s the worst that could happen if this device failed? Do you need a backup for the functions this device performs or for the data is keeps?
- What would happen if this device was compromised? What information could it divulge to bad actors? What other devices might it be able to get information from or even attempt to compromise?
- Are there unnecessary features you can disable? Is it sharing data that you could opt out of? You might need to dig around in the devices’ settings and configuration.
- Is the manufacturer trustworthy? Are they even still in business? Do some web searches with the manufacturer name plus “hack”, “privacy”, “security” or “breach”.
- Are there any known vulnerabilities for this make and model? Do some web searches for the make and model plus “CVE” (common vulnerability and exposures) or “KEV” (known exploited vulnerability).
- Is this device still supported? Find the manufacturer’s website and look for “support”. Search for your model number. If they have a downloadable PDF manual, maybe grab it for future reference. (This is probably also where you’ll find information about the device’s current software version – see the next section.)
- Should I move this device to my guest network? Segregating less secure devices from your important devices (computer, smartphone) is a solid security practice. See this article for more info.
If any of your devices are unsupported or have crappy security, you should take this opportunity to remove them or upgrade them. Mozilla and Consumer Reports have some nice web tools to help find better products.
Looking In from Outside
One more thing you might want to do is to scan your home network from the outside to see if there are any holes in your firewall. Sometimes, devices on an internal network need (or want) to be able to respond to requests from the broader internet. Most devices today coordinate with cloud-based servers for things like this, which technically start with requests that originate from inside the house. But some devices instead want to poke holes in your firewall so that it can listen for unsolicited requests from outside. This is bad for security. (The LastPass breach was caused by an engineer who ran a very old and vulnerable version of the Plex media server which was reachable via an open port in his firewall.)
You can scan your router’s firewall using a couple free tools. For most people, I would recommend using ShieldsUp. If you want to get super technical, you can use a powerful tool like Shodan to scan your home IP address. See this article for help.
If you find that some strange ports are open on your firewall, you will need to close them. The likely culprit is Universal Plug-n-Play (UPnP), which allows devices on your network to negotiate opening these holes without bothering you about it. See this article for help in disabling it.
Prepare for Software Updates
Once you’ve ensured that you have the most secure and privacy hardware possible, you need to make sure the software on those devices is up to date. This can be a tedious process, but it’s necessary.
- Determine running version. You need to figure out what version of software your devices are currently running. For IoT devices, this may require running a smartphone app or viewing an administrator web page similar to your router’s admin page. Some devices like printers or thermostats may have a display and buttons or a touch screen that will let you check their configuration.
- Determine latest version. Now you need to see if there is a newer version of firmware available. Some devices can check this on their own, either automatically or by clicking a button/menu to check for updates. You should also be able to find this on the manufacturer’s website under “support” for your model number.
- Determine update method. Figure out how to update the device’s software. Again, this may be done via a companion smartphone app, via a web interface running on the device itself, or possibly via a touchscreen or button interface on the device itself. You should also check to see if the device supports automatic updates, and if so, how to enable it. In some cases, you may actually have to download an update file and upload it to the device.
I would take good notes about the update process for each of your devices, especially if it was tricky. If you can, find the PDF manuals online for each of your IoT devices and save them somewhere safe. I save my digital receipts, too, so I know when and where I bought it, for warranty and support reasons. You can create a folder for each device and in that folder you can save a little digital note with important details for updating your devices, including any web links that were helpful. Of course, you could also do all of this with paper files and folders, too, if you prefer. (I should do an article on how I’ve digitized all my stuff.)
Next Up: Remediate
Okay – we’ve done most of the hard work now. The last step will be to actually update all your devices and then do some final clean up and review. We’ll cover that next time.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!