9. The Application of Cybersecurity: Principles and Practices 247 9.2.4 Secure Networks Cyberspace is synonymous with computer networks and the Internet. Therefore, network security is a primary concern of cybersecurity. This section briefly covers some basic network security measures. 9.2.4.1 Use a Network Firewall Network firewalls perform the same function as system firewalls except that they can protect multiple computers because they act as a chokepoint for all traffic entering and leaving the network. Most home networks use a router provided by their Internet service provider (ISP). These routers likely have firewall features that the homeowner can configure. Wireless network routers that users purchase and add to their home networks typically also have a built-in firewall. Firewalls can be configured with blacklists or whitelists on a per device basis (see Section 8.2.4). Network firewalls, like system firewalls, can prevent unsolicited connections from coming into the network and malicious connections from being made to outside servers. Firewalls can also log network activity so it can be determined who did what when on the network. Firewalls also include features to limit the amount of time a device can be online and the amount of data that a device can use, and they can set time windows for when devices are able to access the Internet. Advanced firewall rules can be created to allow applications to only access certain computers on the network. Routers can also be configured to provide firewall-like functionality through a service called DNS filtering. DNS filtering prevents access to blacklisted websites and is enabled by pointing a router’s DNS servers to a DNS filtering service (see Section 2.4.3 for more info on DNS). When computers on the network request the IP address of a blacklisted site, the DNS server will not respond with the correct IP address. Therefore, the computer cannot initiate the connection to the website because it is unable to determine what “number to dial.” It is as-if the website does not exist. DNS filtering is a free service provided by third parties, and it is a cheap and easy way to perform content filtering on a home network. DNS filters are helpful for blocking known malicious websites and offensive content such as pornography, but they are not perfect systems. Some sites that should be blocked may not be, and determined users can find workarounds to access forbidden websites. 9.2.4.2 Secure Wireless Networks The SSID (service set identifier) of a wireless network is the network name seen by users when they scan for available wireless networks. Wireless routers come with a default SSID that typically includes the device manufacturer’s name. The default SSID should be changed to something unique, but one that does not reveal any personally identifiable or sensitive information such as an address or name. Many wireless routers allow users to create separate SSIDs for guests and this is a best practice. It creates a barrier between the wireless network that guests use and the devices in the home. Both the home and
RkJQdWJsaXNoZXIy MTM4ODY=