Note: I recently reviewed a free program for running a vulnerability assessment on your home network for free. The review is located here: https://geekzweb.com/2018/07/23/avira-home-network-security-scanner/. I saw a post today which features another free tool for running your own assessment on your home network so, I thought I would add a little color around the subject and share both tools. I will let the old article stand and focus on Bitdefender’s Home Scanner in this article.
This post serves two purposes. I want to review the Bitdefender Home Scanner and use the conversation to point out some important factors that all people should be aware of. Some might ask why it is important to understand vulnerabilities and risk on their home networks. I have covered this topic in depth before, but it should suffice to say that you have important things on your network, or around it. Recent articles have relayed security vulnerabilities and factual exploitations of those vulnerabilities in home security systems allowing hackers to speak to those in your home. You might also have financial management software or, possibly, work information on your home network. This is especially true for those who work from home. It is your responsibility to protect your assets.
The Internet, and your home, is host to a number of devices that are known as IOT, or the Internet of Things. IOT devices are those devices which might not historically have been connected to the Internet, but are becoming increasingly more connected as time passes. Devices such as light bulbs, refrigerators, and thermostats are now connected and become security risks if they are not managed properly. Many of these devices were developed without security in mind or never intended to be externally accessible over the Web. Bitdefender [Smart] Home Scanner is a free tool which will scan your network for devices and run tests to determine if they are vulnerable to known attacks.
It is important to pause here and discuss some terms that not all users are familiar with. A vulnerability is a software weakness. An exploit is some mechanism, software package, or process that uses a vulnerability to attack a system. A vulnerability could feasibly exist without any known exploits, but an exploit requires a vulnerability. It is possible for the scanner to detect a vulnerability that is either not known to have an exploit in the wild or one that might not easily be exploited. Often, vulnerabilities are published that would be almost impossible to exploit, or only exploitable under the right conditions. This is where the term risk comes in. Risk management is the understanding and handling of risks.
Here is a view of a scan I ran on my network. This scan is simply looking for devices on your network. You might be surprised to see some IP addresses or hostnames that you were not aware of. Common sights that might surprise home users are streaming devices, home security cameras, or cable boxes. I am a Dish Network subscriber and noticed that all of my cable boxes have their own IP address and show up in my scans. From some cursory research I have discovered that this scan appears to be using Nmap, along with some other technologies to run a discovery.
The discovery scan on my network came back with 33 devices. There are more than that, but some of the devices were out of the house with family members or turned off during the scan, so they were not found during my first attempts. However, there is an option to leave discovery running and it will find new devices as they enter the network. This discovery alone can be useful for those who are not skilled at using tools like Nmap, which is a CLI (command line interface) tool for scanning networks and hosts. There are some graphical front-ends for Nmap, but due to the seemingly endless features of the tool, those front-ends can be quite daunting as well.
Discovery is only part of the process for determining if there are known vulnerabilities on a network. While it is crucial to know what devices exist on a network, it is also important to scan those devices looking for known software issues which could be compromised, or exploited, to gain access to the device or your network.
After the discovery has found devices on your network, you are given the option to kick off a vulnerability scan against those devices. Only one of my 33 devices came back with a security risk. This image shows that a device recognized as a Hewlett Packard had a vulnerability within the SSH protocol that could possibly be a security risk. As I write this article, I am currently looking into the issue and I assume at this time that the version of OpenSSH running on that server/desktop is probably known to be vulnerable to some attack. I updated software on that Linux system and I am still showing the issue after a fresh vulnerability scan. The problem is likely due to the fact that I am using a software repository that has not received an update to the OpenSSH software, hence the issue is not yet resolved.
In my case, I am mitigating the risk by not allowing remote access to SSH and ensuring that the Root user is unable to login over SSH. I require users to log in to the server using certificates and then Sudo (impersonate) the Root user to make changes to the system. All that said, depending upon the vulnerability suspected, those mitigation might not be enough to protect the system as some software vulnerabilities allow hackers to take advantage of systems in such a way that normal security precautions are not enough. As this is not a business system, I am not too concerned and will continue to watch the system and my logs for any possible issues.
Times are changing for home computer users. Gone are the days when we were disconnected from the world at large. For many years now, our machines in our homes have been connected to the Internet and protected, in many cases, by sub par firewalls at best. I run an open source firewall at home on a substantial piece of hardware which provides protection against unwanted intruders and monitoring of traffic with intrusion prevention. Many consumers do not have the knowledge to provide that level of protection for their homes. It is critical that home users do their part in helping to make the Internet a friendlier place by ensuring that they are not adding to the chaos by allowing their home network devices to be used for nefarious purposes.
Protecting those inside your home from negative outside influence, ensuring your assets are not used against yourself or others, and protecting your sensitive data should all be considerations you are making on a regular basis. Software like the one mentioned above makes this an easier process for the average user and helps to educate people on the potential security risks they are exposed to in this world of IOT and always-on connections. I would like to hear your thoughts and concerns pertaining to this topic in the comments below.