Computers connected to each other are in what is called a network. A network can be huge like the internet, but a small home network is a network as well.
A network uses a protocol for the communication between computers or connected devices, which are called nodes. A node, therefore, is any physical device connected to a network that has the ability to create, receive, or transmit data over the network. A node usually has its own IP address to identify the specific device source for sending and receiving data. For example, in a home network, a personal computer, smart phone, printer and internet router are all examples of nodes in the same network.
The internet as a network
The internet is, in essence, a network of networks. It connects individual networks like home, government, and company networks by allowing data to be sent through various nodes connected to the internet network. This is how data can travel all around the world in what seems like an instant.
The internet's network of networks enables the connection of network nodes to other network nodes with an aim to route data traffic from the sender through to its intended target server. No single entity controls all the nodes in the network, which makes it a so-called distributed network. This is a core element in maintaining the integrity of the internet and the data it exchanges.
In the below example, each dot represents a node, and each node can either be a routing service or an entire network. Traffic from node A to node Z will be passed through the internet via multiple nodes decided by the routing information of the nodes. The route does not need to be the same for each packet of data. Each node doesn’t need to understand the network topology, instead it only needs to know the next hop on the route towards the target.
Let's take a closer look at a network and how it connects to the internet and other nodes. See the below image for an example.
The internet is a network of networks. Your home network is just one network in the distributed network that is the internet.
A home (or local) network
When you connect to a network at home, be it via Wi-Fi or a wired network, you are in a separate network that is connected to the internet, usually through a home router. The router provides you with access to the internet and knows which devices are located within the home network and which ones are outside of it. It also knows where traffic for unknown targets should be forwarded to. Some routers also provide some kind of protection from the traffic outside of the home network. These protections depend on the make and model of the router and other potential devices you might have between your computer and the outside network. Network providers might sell services protecting your network as well.
It is important to understand that any number of the nodes your traffic goes through after it leaves your home network can potentially be monitoring or eavesdropping on your communications. We learned about the importance of securing communications in the last chapter. In this chapter, we will focus on how to make sure the network they travel through is secure as well.
Let’s zoom in closer to your home network.
Most home networks consist of just a modem/router and devices are connected to the router via a wireless connection. The modem can be a separate device from the router or they can be integrated in the same device. In this case, all devices connect to the router. Many consider the home network (or local network as it is also called) to be a trusted network. This means that most devices do not try to block any connections in that network, for example for file sharing. The router also passes the data between the devices directly connected to it without routing the traffic through the wider internet. The router can see all data passed through it if the data is not encrypted. Additionally, if you are not connecting to your router via a secured connection the wireless traffic might not be encrypted at all, and any devices close enough to capture the radio waves can eavesdrop on the unencrypted traffic.
Encrypting the local network connection
The first step you should make sure of is to use a secure connection to the Wi-Fi router. Typically, the default configuration on most routers is to use an encrypted connection but there are a few things you should be aware of:
1) Default passwords on some devices are commonly known. If the attacker identifies the make and model of your router, they can try and use the default credentials and join your network.
You should always change the default password for joining the network. Just as when you create login passwords for your online accounts, passwords to access your local network should use best practice (see chapter 2.3) to ensure they are not too easy to guess or brute force.
2) By default, anyone in your local network can access the administration interface of the router. It is usually protected by a known username and password that are easy to find on the internet.
You should also change the password used to access the administration interface of the router.
3) The router might use an older version of encryption that is easy to break. Versions of the protocol you should avoid are WEP and WPA, which are outdated.
WPA2 and the new WPA3 encryption are more secure. If your Wi-Fi router supports WPA3 you should consider switching to it. Instructions for checking this based on your type of computer are found below.
Checking your Wi-Fi security on a Mac computer
While pressing the Option (alt) key, click the Wi-Fi icon on your toolbar. The used protocol can be found under the Security header.
Checking your Wi-Fi security on a Windows 10 computer
On Windows 10, click the Wi-Fi Connection icon in the taskbar. Click Properties under your Wi-Fi connection. Look for Wi-Fi details and under that, look for Security Type.
It is important to note that securing your local network is just the first step towards network security. Even when encrypting your Wi-Fi connection (using for instance WPA2), your traffic is only encrypted from your computer to the Wi-Fi router. If you have a secure local network connection, the content of the traffic is encrypted when sent to the router but the router will decrypt it for forwarding it. If the next node in the route is using a secure connection directly to the router, the traffic is encrypted using a different key and sent to the next node. However, if the next node is on the internet, the traffic is not necessarily encrypted at all unless you’re using an encrypted protocol like SSL or TLS for the traffic. We will learn more about these protocols in the next section on the network stack.
Limiting outside access to a network
If a network, such as a home network, is connected to another network, such as the internet, the connection should be limited to only what is needed. Otherwise, all the services available in the home network are available for anyone on the internet. In a home network the modem usually acts as that filter. The functionality of this filtering is called a firewall and most operating systems (the operating software on your devices) have one integrated as well.
A firewall limits the traffic going through it depending on its rules. The simplest firewall rules just allow all traffic to go through or just drop everything. Depending on the firewall it can have a lot of features though, and it might allow for analysing of the traffic to determine if it should be allowed to pass through.
Firewalls can be either software or hardware. You generally want both kinds. A software firewall on your computer protects it from threats coming from the network you’re on. These threats include things like viruses and bugs like malware that might corrupt or take over your machine. A hardware firewall is a good tool to protect your local network from the internet. An example of this is the modem, a physical device that acts as a network boundary by screening all incoming and outgoing traffic.
Most firewalls work on a packet level (we’ll learn more on packets in the next section on the network stack). They filter packets based on their type, sender address, and port or the receiver address and port. More advanced next-generation firewalls provide more features such as encrypted traffic inspection, antivirus scanners, intrusion detection and packet inspection. Some firewalls allow for stateful inspection of the traffic.
Your home network’s router most likely includes a basic firewall that allows for (most) traffic out to the internet but rejects the traffic from the internet that isn’t initiated by you, like the reply to a request for a webpage. In most other cases, especially if you’re running a company, a simple firewall will most likely not provide adequate protection for you.
Think about using a public Wi-Fi hotspot to check your email, for example. If you aren’t downloading your email over an encrypted connection, the network can see the contents of the emails. If you are not using a trusted Wi-Fi network such as a home network, who controls the network? Can you trust that no one will read all the unencrypted communication within the local network you’re using? You might have file sharing services (AirDrop for example) enabled within your immediate network, which might now be controlled by anyone with network access.
A real-world example of Wi-Fi attacks was seen in 2015 when an expert team of hackers showed how risky using an unsecured wireless connection can be. The team demonstrated the risks by maliciously hacking three UK politicians even though the politicians knew they were taking part in the experiment.
Zero trust strategy is a term that has seen a steady increase in mentions when talking about security architecture. What the term basically means is that instead of assuming that any internal network and the devices within it can be trusted, all devices need to be assumed to be hostile. That means that all devices need to be authenticated and their security assessed before allowing them to enter the network.
Network segmentation (separating network segments with boundaries that are controlled and only allow access to each other by separately defined methods) is one often-used method of adding control to a network, at least in corporate networks. Monitoring of the devices and connections is also essential for achieving the zero trust model.
Whereas traditionally, home networks would just allow for all devices to connect and communicate within the network, with zero trust you would only allow verified devices to access the network and would require all internal communication to be authenticated as well. In practice, achieving zero trust on your home network is difficult as most devices either do not support authentication or they rely on being able to connect to and control other devices directly.
A regular smart TV, for instance, unfortunately does not care about the connections it allows, as it is designed to be used in a trusted network. While having your partner accidentally pause a movie on their phone in an adjacent room may be an annoyance, these security concerns should be taken more seriously if you are sharing your home network with an unfamiliar guest- via Airbnb hosting, for example.