Best Practices for Network Security: Balancing Protection with Convenience
With more IoT devices connected to the home network, users should enhance security by limiting unnecessary network access, processes, devices and activities, Pakedge warns in CE Pro Webinar.
When it comes to network security, the overriding principle should be: Less is more. That is to say, wherever possible, place limits on traffic, active Ethernet ports, access, processes ….
“Don’t leave unnecessary features enabled,” said Shereena Banda, technical support specialist & trainer for Pakedge, presenting during the recent CE Pro Webinar, “Best Practices for End-to-End Network Security in the IoT Era” (now available for viewing).
On router ports and services, she says, “If you don’t need them to be open, then close them.”
As for “processes that you don’t need, don’t enable them on your network,” she says. “Each accessible feature is an additional opportunity for an attacker to exploit to exploit.”
UPnP, USB file sharing, HTTPS and SSL are all services that should be considered for blocking.
And if you can’t disable certain services altogether, then consider limiting the amount of traffic for any given process to help thwart unsanctioned activity.
There are other ways to limit access and activity on the network. For example, consider constricting Wi-Fi coverage.
“You think you want the best reach,” Banda says. “As much as we love wireless and want range to be fantastic, you want to make sure range isn’t such that everyone outside the household can take advantage of it.”
Even with strong Wi-Fi encryption, why not use every precaution to keep intruders away?
Security is a matter of layers, Banda notes. Another layer of protection, she suggests, is to limit the number of devices allowed on the network.
“If you know that you shouldn’t have more than “x” amount of devices on the home network at any given time, then set limits on Wi-Fi devices allowed to connect,” Banda offers.
As an extreme precaution, she suggests users consider turning wireless radios off when not in use, “so when you’re not home, you don’t have to worry about anyone connecting to the home network.”
Naturally, with our increasingly connected IoT world, it can be painful to completely shunt Wi-Fi, but users could possibly employ MAC filtering to enable only certain devices such as thermostats, smoke detectors, alarm systems and cameras to communicate via Wi-Fi during select periods, say, family vacations (see caveat* below).
And, although Banda did not mention it in her presentation, the compelling security benefits of wired networks should provide plenty of fodder for integrators to sell structured cabling.
But even hardwired Ethernet access should be limited by disabling empty ports on routers and switches, as well as wired ports that lead directly to in-wall jacks, Banda suggests.
It goes without saying that integrators should instruct their clients to change all default passwords, use the latest encryption services when possible and keep antivirus and firewall services up-to-date.
Banda urges: “Educate clients on how they can help themselves.”
Many additional best practices for network security are covered in the webinar, but to me at least, the biggest takeaway was this: It might be convenient to enable the broadest range of services and access for a network at all times, but for the best security, users should establish limitations wherever practicable.
*Pakedge caveat on MAC filtering: If you use the MAC filtering and you have multiple WAPs in the home, make sure to allow the devices to connect to the WAPs that are in range. For example, if you have a thermostat in an area of the home where it could be detected by two adjacent WAPs, you would allow the MAC filtering on the two WAPs to allow the thermostat to connect to it. That way, if one of the WAPs is down for any reason, the other WAP can pick it up and allow the thermostat to connect to it. If you have a controller, you can set the MAC filtering in the controller and not have to do it on the individual WAPs (one of the advantages of having a controller). Not all controllers have this capability, but if you have one that does (like the Pakedge C36, it is preferable to do it from the controller). Also, in this example, if you do change thermostats for any reason, then of course, you will need to remember to update the MAC filters in the WAPs.
Pakedge highlights home network hacks.
- - - - - - - - - - - - - - - -
We're Looking for Your BEST Projects
Don’t miss your chance to enter to win a 2019 BEST Projects Award. We’ll be announcing winners at a special Gala event at CEDIA EXPO. We can’t wait to see what you’ve been up to this year! Enter your projects now.
Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson Email Julie at email@example.com
NewsProduct Briefs: New WiSA Members; Dish Fiber; Marantz, WAVE and AVAD Partner; SpeakerCraft Six-Pack
People & Places: ProSource Teams with Warfel; WiCT Host CEDIA Expo Luncheon; Parasound Adds Rep
Getting Big Sound (and Revenues) from Small Aperture Speakers
RBH Sound Acquired; Names New President/CEO
Interview: Tigerpaw President Discusses RMR Opportunities, Software Savings, More
View more News