Security information for safe digital utilization delivered by Canon MJ Cyber Security Information Bureau ESET Four points of security measures that you want to keep in your home Wi-Fi environment
Risks of using home Wi-Fi during remote work
With the spread of the new coronavirus infection after 2020, one trend is to avoid office work as a countermeasure against infectious diseases. In addition, the renewal of work styles, which originated from so-called work style reforms, can be said to be a major social topic in recent years. As a result, remote work such as remote work and telework is spreading remotely. A typical problem that tends to surface at that time is how to connect a personal computer to a network from home.
For many users, remote work work is mainly done at home. Therefore, in most cases, the network environment you use should be your home network environment. With the spread of Wi-Fi these days, many users may assume that their home network is a wireless LAN environment.
By using a wireless LAN router, you can use Wi-Fi without being too conscious of the existence of the LAN environment. Taking device connection as an example, by using simple connection settings such as WPS (Wi-Fi Protected Setup) and AOSS (AirStation One-Touch Secure System), if you operate according to the screen display, you will have almost the prerequisite knowledge. The initial setting is completed without it.
However, using an invisible access means called "wireless" also means that strangers can access it out of their own eyes. In other words, there is a risk of unauthorized access by unspecified others. In addition, files and data can be shared between users in the same network of the wireless LAN router, depending on the settings of the terminal and router. While these features are useful in nature, they can also be used to steal data if exploited by a malicious third party.
There are many users who keep their business customer information and confidential information stored on their smartphones (hereinafter referred to as smartphones) and personal computers. Be aware of the risk of information leaks by connecting these devices to your home Wi-Fi network.
Risk measures for using home Wi-Fi
There are three risk countermeasures in the home Wi-Fi environment: "Do not connect", "Do not control even if connected", and "Do not encrypt and read data".
1) Change the SSID naming and settings
Network devices within the range of the wireless LAN router are notified of the SSID of the connectable access point. I would like to avoid naming this SSID by analogy with an individual, such as "taro-yamada-home". This is because a user who knows the owner of the wireless router can guess the encryption key from the owner's personal information. Of course, the encryption key should not be a string that involves personal information, such as a birthday or phone number.
Also, depending on the model, the SSID may contain a character string related to the manufacturer or model name. In that case, I would like to immediately change the name to one that does not retain its original form. If a vulnerability in that model is discovered, it could be the target of an attack targeting that model. If a vulnerability is found in the manufacturer's wireless LAN device, a malicious third party uses a tool to find the device.
There is also a method of using the SSID stealth function so that it is not always displayed as a candidate for access destination. However, it should be noted that this method does not fundamentally eliminate the security risk, as it cannot prevent the device from being detected.
Should the SSID of the wireless LAN router be stealth? [update]2) Complicated router management ID and password
I also want to avoid using the wireless LAN router with the factory default settings. This is because there are quite a few wireless LAN routers in which the default user ID and password are set uniformly for each model. Moreover, depending on the model, the manual is published on the Internet, and even anyone can know the password. Therefore, if a malicious third party can grasp the model name, it may break into the management screen and rewrite the settings. At least the login password should be changed to something complicated and unguessable.
3) Use the latest network security standards such as WPA3
As for the Wi-Fi security method used for connection, it is desirable to use WPA3 as of 2021. WPA3 solves the vulnerability called KRACK (Key Reinstallation AttaCKs), which was a big concern in WPA2, by adopting SAE handshake technology. This technology prevents damage from attacks aimed at breaking passwords, such as brute force attacks.
WPA3 is a new security standard supported by Wi-Fi 6, and many of the latest models have adopted it. When purchasing a new router in the future, please avoid models that only support the WEP and WPA2 standards. It is not recommended to procure a used Wi-Fi router and use it for remote work because the price is too important. Note that recent iPhones may raise alerts when connecting to TKIP's WPA2 network.
Does Wi-Fi 6 provide a secure and high-speed network connection?4) Update the router firmware
For wireless LAN routers, the manufacturer of the router may update the firmware to improve functionality and security. For most models, you should be able to see the firmware version you are currently using by accessing the WiFi router settings screen. If you check the manufacturer's website, the latest firmware is registered. However, most recent routers are equipped with a function to automatically update the firmware, so enabling the automatic update function can prevent omission of updates.
It's also worth noting that the manufacturer's thinking about updates has changed recently. This is because, until now, it was common for the products of well-known major companies to be accompanied by long-term support, but since long-term support is a heavy burden and cost increase, some companies limit the support period. It's coming.
As a user, it is desirable to check the firmware update and security patch provision policy at the time of purchase before purchasing. Also, for products for companies, I would like to check the SLA (Service Level Agreement) before purchasing. Some manufacturers encourage volunteers to resolve inquiries about products whose technical support period and hardware warranty period have expired.
It is essential to protect the "network" of home Wi-Fi
With the spread of smartphones these days, most users probably connect to the Internet not by wire but by wireless. Some users don't even know the act of connecting by wire. As a result, it is easy to think that an Internet connection using a Wi-Fi router is directly connected to a communication line, just like a smartphone. However, when connecting via Wi-Fi, it is important to be aware that the connection is via the network built by the router.
If a computer or smartphone connected to the same network is infected with malware, there is a risk that the infection will spread. In order to prevent such a situation, I would like to introduce one idea to use the "guest port function".
The guest port function is a function that separates from the home network and provides a line limited to Internet connection for guests. The LAN in the house will not be accessed, and only the passage leading to the Internet will be provided separately. Sometimes called "guest Wi-Fi" or "network separation function".
For example, in the case of a wireless LAN router of a certain manufacturer, when the guest port function is turned on, a guest-specific SSID named "Guest-XXXX" is displayed. Accessing this SSID will not allow you to connect to your existing network and will only allow you to use the Internet in quarantine.
By applying this function and using the home network for business terminals and the guest port for cohabitants connecting to the Internet, the risk of the spread of infection as mentioned above will be reduced. .. If you already have a NAS on your home network, you can use the guest port only for your family and business.
Also, I would like to take measures to install comprehensive security software on a computer connected to Wi-Fi. For example, the "home network protection" function installed in ESET Internet Security, which is a comprehensive security software, allows you to check other terminals within the range of the wireless LAN router from the management screen. Now you can see if a suspicious device is connected. I would like you to protect your network appropriately while utilizing not only the virus check function as before, but also the security software that is a tool for ensuring comprehensive safety.