Vulnerability Management At Home

Note: I recently reviewed a free program for running a vulnerability assessment on your home network for free. The review is located here: https://geekzweb.com/2018/07/23/avira-home-network-security-scanner/. I saw a post today which features another free tool for running your own assessment on your home network so, I thought I would add a little color around the subject and share both tools. I will let the old article stand and focus on Bitdefender’s Home Scanner in this article.

This post serves two purposes. I want to review the Bitdefender Home Scanner and use the conversation to point out some important factors that all people should be aware of. Some might ask why it is important to understand vulnerabilities and risk on their home networks. I have covered this topic in depth before, but it should suffice to say that you have important things on your network, or around it. Recent articles have relayed security vulnerabilities and factual exploitations of those vulnerabilities in home security systems allowing hackers to speak to those in your home. You might also have financial management software or, possibly, work information on your home network. This is especially true for those who work from home. It is your responsibility to protect your assets.

The Internet, and your home, is host to a number of devices that are known as IOT, or the Internet of Things. IOT devices are those devices which might not historically have been connected to the Internet, but are becoming increasingly more connected as time passes. Devices such as light bulbs, refrigerators, and thermostats are now connected and become security risks if they are not managed properly. Many of these devices were developed without security in mind or never intended to be externally accessible over the Web. Bitdefender [Smart] Home Scanner is a free tool which will scan your network for devices and run tests to determine if they are vulnerable to known attacks.

It is important to pause here and discuss some terms that not all users are familiar with. A vulnerability is a software weakness. An exploit is some mechanism, software package, or process that uses a vulnerability to attack a system. A vulnerability could feasibly exist without any known exploits, but an exploit requires a vulnerability. It is possible for the scanner to detect a vulnerability that is either not known to have an exploit in the wild or one that might not easily be exploited. Often, vulnerabilities are published that would be almost impossible to exploit, or only exploitable under the right conditions. This is where the term risk comes in. Risk management is the understanding and handling of risks.

My Scan

Here is a view of a scan I ran on my network. This scan is simply looking for devices on your network. You might be surprised to see some IP addresses or hostnames that you were not aware of. Common sights that might surprise home users are streaming devices, home security cameras, or cable boxes. I am a Dish Network subscriber and noticed that all of my cable boxes have their own IP address and show up in my scans. From some cursory research I have discovered that this scan appears to be using Nmap, along with some other technologies to run a discovery.

The discovery scan on my network came back with 33 devices. There are more than that, but some of the devices were out of the house with family members or turned off during the scan, so they were not found during my first attempts. However, there is an option to leave discovery running and it will find new devices as they enter the network. This discovery alone can be useful for those who are not skilled at using tools like Nmap, which is a CLI (command line interface) tool for scanning networks and hosts. There are some graphical front-ends for Nmap, but due to the seemingly endless features of the tool, those front-ends can be quite daunting as well.

Results

Discovery is only part of the process for determining if there are known vulnerabilities on a network. While it is crucial to know what devices exist on a network, it is also important to scan those devices looking for known software issues which could be compromised, or exploited, to gain access to the device or your network.

After the discovery has found devices on your network, you are given the option to kick off a vulnerability scan against those devices. Only one of my 33 devices came back with a security risk. This image shows that a device recognized as a Hewlett Packard had a vulnerability within the SSH protocol that could possibly be a security risk. As I write this article, I am currently looking into the issue and I assume at this time that the version of OpenSSH running on that server/desktop is probably known to be vulnerable to some attack. I updated software on that Linux system and I am still showing the issue after a fresh vulnerability scan. The problem is likely due to the fact that I am using a software repository that has not received an update to the OpenSSH software, hence the issue is not yet resolved.

In my case, I am mitigating the risk by not allowing remote access to SSH and ensuring that the Root user is unable to login over SSH. I require users to log in to the server using certificates and then Sudo (impersonate) the Root user to make changes to the system. All that said, depending upon the vulnerability suspected, those mitigation might not be enough to protect the system as some software vulnerabilities allow hackers to take advantage of systems in such a way that normal security precautions are not enough. As this is not a business system, I am not too concerned and will continue to watch the system and my logs for any possible issues.

Conclusion

Times are changing for home computer users. Gone are the days when we were disconnected from the world at large. For many years now, our machines in our homes have been connected to the Internet and protected, in many cases, by sub par firewalls at best. I run an open source firewall at home on a substantial piece of hardware which provides protection against unwanted intruders and monitoring of traffic with intrusion prevention. Many consumers do not have the knowledge to provide that level of protection for their homes. It is critical that home users do their part in helping to make the Internet a friendlier place by ensuring that they are not adding to the chaos by allowing their home network devices to be used for nefarious purposes.

Protecting those inside your home from negative outside influence, ensuring your assets are not used against yourself or others, and protecting your sensitive data should all be considerations you are making on a regular basis. Software like the one mentioned above makes this an easier process for the average user and helps to educate people on the potential security risks they are exposed to in this world of IOT and always-on connections. I would like to hear your thoughts and concerns pertaining to this topic in the comments below.

Author: Phil

Phil Williams is an engineer with around 20 years of information technology industry experience with past focus areas in security, performance, and compliance monitoring and reporting. Phil is a husband, father of 6 children, and an avid geek who loves building computers, gaming, and gadgets. He has an undergraduate degree in general IT sciences and has worked with the US Government as a contractor for over 20 years. He is now in a security solutions advisory role for a large vendor supporting commercial and enterprise customers.

2 thoughts on “Vulnerability Management At Home

  1. @Phil, hope the holidays are treating you well. This was a great write up. I do have a question for you, what if you are not a Windows user, what can you use then? I saw your old write up on Avira, I have an old Android phone, I’ll load that up on that, but am curious about this and your thoughts?

    -Semper Fi
    gyrene2083

    1. Linux, or Unix variants of almost every flavor, are even easier as most of these apps are built on top of open source tools that security professionals use in large enterprises. For instance, the discovery scan is mostly relying on NMap, an open source tool that runs on a number of operating systems. There are even scanning tools built for Android that rely on NMap. For vulnerability scanning, many rely on Nessus. Nessus has changed names to Tenable. Tenable is a commercial product offering used by some of the largest enterprises for vulnerability scanning. Avira and Bitdefenderā€™s home scanning offerings are the easy button targeted at the average consumer and also used as entry points for people to learn about their paid services. These free products are actually limited compared to some of the free open source tools.

Leave a Reply

Your email address will not be published. Required fields are marked *