Security points to be aware of to safely use Wi-Fi at home during remote work
Risk of using home Wi-Fi during remote work
In response to the expansion of the new colon virus infection after 2020, one trend is to avoid office work as a countermeasure against infectious diseases.The renewal of work style, which is the source of so -called work style reform, is a major social topic in recent years.Due to this, it is a remotely remoted business, such as remote work and telework.At that time, a representative of the problem that is easy to surface is a way to connect a computer to a network from home.
For many users, remote work tasks are mainly done at home.Therefore, in most cases, the network environment you use should be a network environment at home.Recently, Wi-Fi has become widespread, so many users may have a wireless LAN environment.
By using a wireless LAN router, Wi-Fi can be used without much awareness of the existence of the LAN environment.As an example, the connection of the device is given, and using a simple connection settings such as WPS (Wi-Fi Protected Setup) and AOSS (AirStation One-Touch Secure System), it is almost prerequisite knowledge according to the screen display.The initial settings are completed without anything.
However, the use of "wireless" visualized access means means that people who do not know where their own eyes are out of sight can access.In other words, there is a risk of unauthorized access by an unspecified person.Further, users in the same network of wireless LAN routers can also share files and data depending on the terminal and router settings.Such functions are originally useful, but if they are abused by malicious third parties, data may be stolen.
Many users should keep business customer information and confidential information on smartphones (hereinafter referred to as smartphones) and personal computers.I would like to firmly recognize the risk that connecting these devices to the Wi-Fi network at home may cause information leakage.
Risk measures for using home Wi-Fi
There are three risk countermeasures in the home Wi-Fi environment: "do not connect", "do not control even if connected", and "encrypt and do not read data."
1) Change the naming / setting of SSID
The network device within the wireless LAN router is notified of the SSID of the connected access point.I want to avoid naming this SSID, such as "TARO-YAMADA-HOME", that can be an individual.If you know the owner of the wireless router, you can guess the encryption key from the owner's personal information.Of course, the encryption key should not be a string involving personal information, such as birthdays and telephone numbers.
In addition, depending on the model, SSID may contain character strings related to the name of the manufacturer or model.In that case, I want to change the name immediately to the name that does not stop the original.If the vulnerability of the model is discovered, it may be a target of an attack aimed at the model.If a vulnerability is found in the manufacturer's wireless LAN device, malicious third parties use tools to find the device.
There is also a method of using the SSID stealth function to prevent it from always displaying it as a candidate for access destinations.Note, however, that this method does not fundamentally resolve the terminal because the terminal cannot be detected.
■ Is it better to use stealth SSID of wireless LAN router?[Update] >> Click here for details
2) Complicate router management IDs and passwords
I want to avoid using a wireless LAN router with the initial settings at the time of the factory.This is because some of the wireless LAN routers have initial configuration user IDs and passwords set uniformly for each model.Moreover, depending on the model, the manual is published on the Internet, and even anyone can know the password.Therefore, if a malicious third party can grasp the model name, there is a possibility that the settings will enter into the management screen and rewrite the settings.At least a login password should be changed to a complicated and unpredictable thing.
3) Use the latest network security standards such as WPA3
It is desirable to use WPA3 as of 2021 for the Wi-Fi security method used for connection.WPA3 has resolved the vulnerability called KRACK (Key Reinstallation ATTACKS), which was a major concern in WPA2, by adopting the SAE hand shake technology.This technology prevents damage to attacks aimed at breaking through the password such as the Blue Force attack.
WPA3 is a new security standard compatible with Wi-Fi6, and has adopted many recent models.If you want to buy a new router in the future, avoid models that only support WEP and WPA2 standards.It is not recommended to procure used Wi-Fi routers and use it for remote work because of the emphasis on price.In recent iPhone, the alert may rise when connecting to the TKIP WPA2 network.
■ Does Wi-Fi6 achieve safe and fast network connections?>>> Click here for details
4) Update the firmware of the router
The wireless LAN router may update the firmware for the router manufacturer to improve function and security.For most models, if you access the wireless LAN router setting screen, you should be able to check the current firmware version.If you check the manufacturer's website, the latest firmware is registered.However, in recent routers, many models have a function to automatically update firmware, so the update can be prevented by enabling the automatic update function.
It is also important to note that the concept of the manufacturer in the update has recently changed.Until now, long -term support products from well -renowned major companies have been commonly supported, but long -term support will be a heavy burden and cost, so some companies will limit the support period.It is coming.
As a user, it is desirable to check the firmware update and the policy of providing security patches before purchasing.In addition, I would like to purchase SLA (Service Level AgreeMent) for corporate products before purchasing.Inquiries about products that have expired the technical support period and the hardware warranty period are some manufacturers that promote solutions by volunteers.
Protection of "network" called home Wi-Fi is essential
Due to the spread of smartphones these days, most users are not wired but wirelessly connected.Some users do not know the act of connecting with a wired.As a result, Internet connections using a Wi-Fi router tend to be considered directly connected to the communication line, just like smartphones.However, in the case of Wi-Fi connection, it should be carefully recognized that the router is via the network built.
If a computer or smartphone connected to the same network is infected with malware, there is a risk of spreading.To prevent this, I would like to introduce the use of the "guest port function" as one idea.
The guest port function is a function that separates from a home network and provides an Internet connection limited line for guests.We do not access LANs in the house, but only provide only aisle that only connects to the Internet.It is sometimes called "Wi-Fi for guests" or "network separation function".
For example, in the case of a wireless LAN router from a manufacturer, when the guest port function is turned on, a guest-only SSID named "Guest-XXXX" is displayed.Accessing this SSID will allow you to connect to existing networks and only use the Internet in isolated.
By applying this function, using a home network for business terminals, and using a home network, if the cohabitants connect to the Internet, the risk of expansion of infection will be reduced by properly.。If you already have NAS or the like on the home network, it may be a way for your family to use a home network or only for business.
We also want to take measures to install comprehensive security software on a PC connected to Wi-Fi.For example, the "home network protection" function equipped with ESET Internet security, which is a comprehensive security software, allows other terminals within the wireless LAN router from the management screen.Now you can see if the suspicious device is not connected.I hope that not only the virus check function like the past, but also the security software that is a tool to ensure comprehensive safety, to protect the network appropriately.
※本記事はキヤノンマーケティングジャパンのオウンドメディア「サイバーセキュリティ情報局」から提供を受けております。著作権は同社に帰属します。
Forefront of security
サイバー攻撃の最新動向とセキュリティ対策についてまとめたカテゴリです。[PR] Provided by Canon Marketing Japan