Back in 2015, we published an article about the third party risks that are introduced into a home network. Now, eight years later, it is a good time to revisit the landscape of the home network. If we think about the technology in most homes in 2015, it was fairly sparse, consisting only of a router with an internet connection. The speed of most home internet connections was well below 100Mbps.
It was surprising to realize that even in those early days, there were more connected devices than most people could reasonably manage. Most home tech support consisted of a technician who would come into the house, connect the router to the wires from the street, and then be off to the next appointment. If a problem arose, the way to fix it was to call the provider, or, solicit the help of a tech savvy friend or family member.
Now, most households have at least 10 known internet connected devices, and most are unmanaged, meaning that they were set up, and never revisited again unless a problem arose. Fortunately, support is a bit easier to obtain, but that still doesn’t address many of the vulnerabilities that remain with all of the devices that occupy a home.
An asset inventory can reveal some interesting discoveries, and can increase the security of these often neglected devices. Of course, the best way to account for all of these wayward devices is with a handy spreadsheet. A reasonable guess at the typical home inventory would probably fit on this sample sheet:
This sheet, once completed, should be printed and placed in a safe location in your house. Do not keep an electronic copy on your computer, as that opens up a new vulnerability into your environment. The sheet is arranged in alphabetical order, and you may want to add some information about some of the apps that control various parts of your smart life, such as your automobile remote start information, which is a very important asset to consider. Other important passwords for some of your phone apps should also be included, as it is very frustrating when you lose track of an infrequently used app password. Even if you use a password manager, that will not give you the immediate visual representation of the full inventory of your environment.
It is surprising how many people do not know the administrative passwords of their equipment, nor do they know how to connect to those assets. This makes it difficult to do anything if there is a problem. Most devices have the password written on the bottom, but that is usually changed upon initial installation. By writing all the information on a spreadsheet, it makes it easier to troubleshoot, even if you need to call a tech support person to help you. Every minute that is not spent guessing the access is a minute closer to a solution.
The Public ID of each device is also important, especially if you surrounded by a bunch of cleverly named devices that are intended to mask their function. Similarly, most devices have a public connection name, such as the Wi-Fi connection name, which will differ from the name used for administrative access. Both should be noted on the spreadsheet. Perhaps the most overlooked connection in most houses is the wireless printer, which is probably broadcasting with no masking at all. This should be noted as well.
It is important to remember that any device that is broadcasting throughout your home is probably connected to the router that communicates to the internet, creating an entry point if the device is not protected, or updated. A simple search of all of the devices broadcasting in one small neighborhood illustrates the density of these devices. One could take a short walk from a hair salon, then to the medical clinic, and grab a snack at the Taco Bell, or a slice of pizza just by following these broadcast footprints:
An additional column that you may want to add to your spreadsheet is one that indicates the last time a device was checked for new firmware or security patches. Newer devices may display notifications that new patches are available, but many do not, and most devices will not automatically update. It is important that you keep track, apply the necessary updates as soon as possible, and notate them.
As our reliance on internet-connected devices grows, it is vital that we keep track of the expanding inventory of these assets, not only to keep our digital lives safe, but also to have better control and visibility into everything in our humble abodes.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire
