Router and Firewall Security Best Practices

Unsecurity Podcast

As industry professionals, we often take our skills and knowledge for granted. There are a lot of things that are obvious to us that may not be to the non-industry professional. So, Evan and Brad do a deep dive into router and firewall security—taking a look at things like finding your router, logging into your router, changing the default password, and poking around at what might exist on your network you’re unaware of.

[00:00:00] router and firewall security: mm Welcome to the un security podcast each week. Evan and brad give an inside look at current information security news breaches, b

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Hey, welcome to episode 109 of the Unsecurity podcast. We’re glad you’ve joined us. The date is december 9th 2020 and I’m your host Evan Francen joining me is my pal and co worker Brad. Good morning brad.

[00:00:37] Brad Nigh: Good morning Evan.

[00:00:40] Evan Francen: How you been?

[00:00:41] Brad Nigh: I’m not bad. Good. Can’t go away in a minute.

[00:00:44] Evan Francen:  Well you could why would I listen?

[00:00:50] Brad Nigh: UBI would listen but you wouldn’t really pay attention or absorb it.

[00:00:55] Evan Francen: Some of that A. D. H. D. Just saying All right well it’s good to come up for air and it’s nice to hang out with you. Uh let’s let’s catch up a little bit. How you doing? What’s what’s new house? The labyrinth Itis

[00:01:11] Brad Nigh: overall Not that I sent you a video of kind of what this like a symptom of it is um friday the best comparison that I’ve heard some harmon goes. So is it like when you sit in a chair and lean back and don’t realize it’s gonna lean back that moment of like I’m gonna fall and that’s exactly just what randomly will happen. But I haven’t had that happened since friday. But then and I overdid it this weekend and monday woke up like just super dizzy like I ended up having to take um some of the medicine for the dizziness which pretty much rendered me unusable, I was able to like attend some meetings and that was about it. I just, it makes me so tired and just kind of nod off but I don’t get dizzy and I was able to at least you know attend about Right three or 4 hours of meetings so

[00:02:09] Evan Francen: Okay well it sounds like things are getting better so that’s yeah that’s good.

[00:02:14] Brad Nigh: Kind of learn to take it easy. Got another six weeks of potential stuff to go and just yeah

[00:02:25] Evan Francen: well there you go. Yes could be worse. I got back from a road trip, I took a road trip down to I wanted to be socially responsible so we didn’t fly. We took a took the car, drove down to see uh Alyssa and Tyler cape coral florida. So that was That was 1700 miles.

[00:02:47] Brad Nigh: Yeah I thought that’s a long drive.

[00:02:50] Evan Francen: It’s a super long drive but it’s good to be back man. It’s funny the anxiety you get when you step away from your computer for too long, you know I just start getting this anxiety like the more emails, more emails, more emails.

[00:03:06] Brad Nigh: Oh I mean should today I can really, because yeah when when this first happened back in november, like the first Really five days I couldn’t I wasn’t able to do anything so I was like oh what am I gonna get come back to? Right?

[00:03:22] Evan Francen: Yeah well here we are, we’re back. Uh lots of things going on. How are things that are secure with your

[00:03:31] Brad Nigh: world? Good, busy, busy, busy, um, you know, starting to plan for next year and looking at what’s coming up. I know we just sit out the uh communication last week um that if everybody gets all their work done, you know, it’s kind of like an unofficial, some downtime between christmas and New Year’s that week officially closed, but it worked on, just keep an eye on email and don’t, you don’t have to be glued to your computer or just enjoy the time with your family, so

[00:04:07] Evan Francen: yeah, yeah, that’s it. I mean, it seems like every fourth quarter gets a little bit doctor, we uh And I call this morning at 4:30 AM with Bulgaria, you know, the Bulgarian team and uh it sounds like they’re gonna get a little bit of time off around christmas, so that’s, you know, that’s good. Yeah, we used to, we used to tell people no vacations in fourth quarter sure. Which always felt just terrible. I hated that.

[00:04:36] Brad Nigh: It’s been, it’s still, you know, we’re loosening up on it, but you were just so busy. It’s hard to get vacation, but then we do things like, you know, trying to get a week off between christmas and New years just as a kind of a thank you.

[00:04:55] Evan Francen: Yeah. Uh yeah, same thing around here. Uh, you know fr secure everybody I talked to is really excited for 2021. It sounds like we’re in a really good person. Fourth quarter, you know, closed 2020 on a healthy note. You know, it was a struggle for a lot of people, you know, with Covid and all that. The, uh, first quarter, we got out of the gate, really good. You know, second quarter, everybody’s like, what the hell is happening? The world’s flipped on its head. Uh, third quarter, you know, things started to kind of open up. So you thought, all right, there’s light at the end of the tunnel, there’s hope. And then, you know, the second round of lockdowns, you’re like, oh my God, what is going on? And then, uh, in the fourth quarter, we were really hoping that fourth quarter would hold the way it usually has and you know, it has. So, and now it’s the hope of, uh, you know, vaccines coming and all that stuff. You know,

[00:06:01] Brad Nigh: I think what’s, what’s so unprecedented feat so much to the team. Just everybody who’s pitched in throughout the year is, But if we already bypassed, you bypassed our 2019 sales number and november, even with everything going on where basically the country shut down in april and may. Right. And so just the work that those guys and women, that team and everybody supporting them and the analysts of jump phone calls, everybody. It’s just, it’s awesome.

[00:06:38] Evan Francen: Yeah, that’s really cool. And everybody I talk to is, you know, positive. You know, I think 2021 I was telling Van a yesterday that, uh, you know, we’re healthier as a company today than we were going into Covid, You know, in all the chaos of 2020. So we’re really well positioned for a great year in 2021. Yeah. You know, I think so. Are immersed

[00:07:07] Brad Nigh: Ellen, what’s so cool. We brought on us. Yeah, the rennes and bunnies and john has just stepped up and we’re doing, you know what I like to call it, you know, big boy company things now and some of the maturity as we mature and do these additional things. It’s just, it’s amazing to think that I can only imagine where you’re coming from. Our john comes from, but just in the 4.5 years, I’ve been here just where the word where we’re at is it’s amazing.

[00:07:40] Evan Francen: It really is man. And you know, the doing big company stuff without bad stuff. You know, I mean, I don’t want right bureaucracy and also, which is really cool because we’ve always marched to the beat of our own drum. We just keep doing that. I like that.

[00:08:01] Brad Nigh: Yeah, no agreed. And we came up with that initiative zero. I’ll let the cat out of the bag, right? The company culture is really what what that means. And, and that’s what drives everything right? When we make a decision, it’s, does this align with who we are,

[00:08:20] Evan Francen: right, totally. Uh on the security studio side, we’re still chugging away with lots of cool things happening there. We had a bug this week last week, which uh, you know, you never liked bugs when you’re a software development company. Oh, it does happen, but it’s not a good time for a bug. And the good, the good thing is the work around it. It’s uh, it’s a bug in the processing of vulnerability, scan files, you know, from net, from nexus and uh it’s a formatting error where the processing itself is functional,

[00:09:02] Brad Nigh: export to the spreadsheet. Yeah,

[00:09:05] Evan Francen: yeah. The good thing is, is the workaround is just reprocess those files for some reason, when you re process the file, it works

[00:09:16] Brad Nigh: so weird. I didn’t take those down.

[00:09:19] Evan Francen: Yeah, well, it’s just, it’s been crazy to hunt down. You know, if you can’t reproduce people that, you know, for software developers, uh you know, the easiest bugs are the ones that you can reproduce, you know, just wants to fix this one was just a bear. So there’ll be a patch. Yeah. So we get that holiday shopping list if you saw the holiday shopping checklist that’s been well received. Hopefully, you know, people who are following, you know, some of that, I did break it down into mandatory, like these are things you must do when you do holiday shopping. These are optional things. Uh I tried not to be, you know, to security paranoid guy, you know not be too much like that.

[00:10:11] Brad Nigh: I didn’t think it was. I think it was done well in terms of like written in a way that that the normal people uh can understand it.

[00:10:26] Evan Francen: Yeah. Yeah I think so. And then we put out a uh an information security maturity model. Just a Simple five Minute Quiz. Yeah that should

[00:10:39] Brad Nigh: do it right now. See

[00:10:41] Evan Francen: Yeah it’s uh it’s meant to give people quick results because you know our assessment is very thorough, thorough means long means You know I mean the 683 I think criteria that are assessed in our full information security risk assessment. So give me something quicker or give me something that I can get by in on even before I go down the path of doing an information security risk assessment. Uh So anyway that was published and I think pretty good feedback on that. Uh Two books. That’s what I’m gonna write this year with one with you and one with Ryan. It’s funny because you know I’ve been doing the information security abc. S. Uh I think I finished h I got the right eye and possibly J this week we just tickled

[00:11:33] Brad Nigh: Evan. What’s that? We are a line.

[00:11:37] Evan Francen: Are you a model? Yeah very good. That’s probably like it please. Please be there. So we’ll land is. Yeah. Perfect.

[00:11:51] Brad Nigh: Right but there’s couple of things there’s obviously stuff you can still always be working on. So.

[00:11:58] Evan Francen: Right And being an information security consulting company. You’d hope that information security is aligned with the mission which it is. So there you go. You just did a QA for us.

[00:12:10] Brad Nigh: Thank you.

[00:12:11] Evan Francen: Their work uh books what no one book is going to be about is you and I are gonna right we’re gonna write the hand handbook for VC. So which uh which isn’t like you must you got to write it prescriptive enough to where if you don’t have these 5 to 10 things in your V. C. So program you’re not doing it right.

[00:12:34] Brad Nigh: Yeah. Well I think I’m gonna, my thought is I’m going to approach it like that. Small of the analysts or consultants are side with our methodologies. It’s think of it as a playground, right? You’re going to have the equipment we’re going to give you this spring. You’re gonna have the monkey bars, slides and swings and all the other different pieces of equipment out there. How you use those pieces of equipment. Use them the right way for you or for the client you’re working with. But still everybody is still using the same things. The same tools, the same equipment. It’s just how they interpret it or you know apply it is going to be customized because every organization is different.

[00:13:17] Evan Francen: Very true. Very true. I’m excited to get that now. We would have had a book done this last year. Had we not had covid. So I don’t think we’ll have another covid. So I’m pretty safe to say that book will be published in 2021.

[00:13:32] Brad Nigh: Hopefully it depends on how quick yeah, vaccines out to everyone. Right. Right.

[00:13:39] Evan Francen: And then the A B. CS. It’s funny. I was gonna write that somebody had mentioned, you know how this is great. Just put take this and put it into a book. And so uh yesterday I was talking to Ryan in a meeting and uh he said his theme for 2021 is going to be information security. Abc. I was like what? Well then just take some letters off my plate and right that book with me. So that’ll be cool. You know, top of everything else, you know, let’s do a couple of books. Yeah. Uh Yeah. Well than that. You know things are, I was working on some code. I was doing some javascript writing. Uh I want to be able to go to a website and vulnerability skin your network are not really vulnerability to get more of a a reconnaissance scan of your home network from a browser.

[00:14:40] Brad Nigh: Uh huh.

[00:14:42] Evan Francen: So you wouldn’t have to install anything because one of the things that we’re going to talk about that this is actually a good transition. Uh you know, information security at home today we’re gonna talk about uh you know how to how to well, first of all how to find it, how to log into it, How to change the default password. That was the one thing that we said last week. Yeah. You know, must do 1st. Then the next thing is you know, to identify the things on your home network that you need to account for. And so we’ll give it a little introduction I think today too. You know, I don’t want to get too because these are people at home, but we’ll do a command line and then we’ll show them in map if they feel comfortable using that. Uh they can always use this uh use this podcast, use the video recording, you know, to go back and follow, you know, step by step because that’s what we’re gonna do today. But I was thinking along those same lines instead of you having to download, install, run and map because you could just do a pink scam. But sometimes I don’t find it pings.

[00:15:55] Brad Nigh: No.

[00:15:57] Evan Francen: So if I could give you a web page that you could run from, they used to be an open. Uh but anyway, I was working on that too. All right. So this is where we were after last week we talked about information security at home and you and I were both in agreement. I think that the number one thing to do is to log into your router, it change the default password.

[00:16:25] Brad Nigh: Yeah. See.

[00:16:27] Evan Francen: Yeah. So let’s let’s help people now for the techies listening, you know, this is easy probably uh but you know what about the people? I don’t know and I’m not so worried about the techie people, I’m worried more about just you know, everyday user at home that doesn’t have the same skills, doesn’t do this for a living. Um Yeah. So. Mhm. Right. So uh I figured we’d walk through, take them, you know, people through one how to find your router to once you find your router, how to get to it, once you get to it log into it. And then where do I change my pastor now? I’m a century link user. What kind of what? Who’s your I. S. P. Mediacom? Okay, so that’s kind of cool, pathetic. Century Lincoln media camera too. Pretty big players. Yeah. This market.

[00:17:29] Brad Nigh: Well, so the way I have it set up, I can’t actually get to my Mhm. Media come from my work computer. I have that restricted but I can’t get to the my wife. I said I I run everything through DD WRT. I flashed my wifi some. Okay, have access to that. So I can’t really show the media time. I can look at it zero across the office.

[00:17:59] Evan Francen: It’s over there. See it?

[00:18:01] Brad Nigh: Yeah. Right

[00:18:03] Evan Francen: here, I’ll start then. Uh So the first thing we want to do if you don’t know where your router is is, you know, my guess my easiest way would be the open a command prompt and I’ll go ahead and share my command prompt. So you can see maybe. Yeah so the way the the way to get to a command prompt is you know depending on your version of Windows but you’ll want to You just click in the search bar if you’ve got Windows 10 and then just type in CCM. D. And hit enter. Now if you’ve got admin access it might be a little different or don’t have admin access that may be a little bit different. But essentially you’ll get this window. This is a problem now for some people who have never I mean some people have never been to a command prompt, you know what I mean? I have to remind after remind myself that stuff regularly because we take this stuff for granted. Yeah left. So this is the command prompt. Now I’m going to type in as I. P. Config a P C O N F I G at the command prompt and hit enter. I’m looking what I’m looking for is a default gateway right now. Unless you’ve got uh you know a network like brad’s where you’ve got things segmented and sort of all over the place. In most cases your default gateway will be the I PS. See this number here. 1921680.1 that’s called an I. P. Address. That would be the I. P. Address of my router. Right yep. So that’s what I’m looking for here. That’s it right now. So to get out of the command prompt I would just type exit make sure you either right that I. P. Address down or remember it because that’s what we’re going to use. That’s the address of the router that we’re going to get to. So just type exit get out of there. Boom. Right simple.

[00:20:19] Brad Nigh: Yeah your share one away.

[00:20:22] Evan Francen: I know because I exited out of my command prompt. I’m not sure I’m not going to share my

[00:20:26] Brad Nigh: way to go.

[00:20:30] Evan Francen: Yeah so we did that. Uh So next thing you want to do almost all these least mind does all these have uh a web interface. Right so I’m going to type in in my browser and you can see that this is insecurity because the certificate is crap but that’s okay. It’s probably crap on yours too.

[00:20:52] Brad Nigh: I’m using self signed it doesn’t trust it. Whatever.

[00:20:58] Evan Francen: Yeah exactly but you’re gonna you’re gonna type in you know the RL it’ll probably auto direct to https. Right and I’m gonna get this I might get uh some other prompts. We’re probably gonna get some sort of a log in. Um I might also get you know something telling me my certificate certificate is invalid which is what I originally had so then I had to just bypass that saying you know proceed anyway now use your name. Probably gonna be admin, your password is going to be if you don’t know the password to your router and this is where I think people if you got this far I think some people might get a little anxious you know you’ve never seen this before, you don’t want to screw things up. Don’t worry about that. I mean at this point if you’re using default user names and passwords considered already screwed up anyway. Mhm. Right so if you don’t know your password if you go get up go look at the bottom of your router or somewhere on the router there’ll be a sticker there that will have the password that Centurylink, you know set this thing up with the default password if that still doesn’t work you can call your I. S. P. Uh and get the password they could potentially be set it for you or um there’s there’s a default password that comes with. If you see this model number Zeisel there’s like six out but I don’t even know how you how you say that. If you google this C 3000 Z see what it is. I don’t want to spell this. Yes. Yeah let’s go uh you know typing default credentials so I’m just googling the model number and default credentials. See if we can find it. Yeah there it is. Right So you can always try admin 1234. Right? Oh

[00:23:04] Brad Nigh: come on.

[00:23:06] Evan Francen: Yeah so one of those has to work probably for you. Uh But anyway don’t give up eventually you’ll find it. Uh so you’re the the user name, most people don’t change their user names and if you decide to change your username here, fine. That’s that’s great. The biggest breast to change right now is password. So if we just click apply in the GUI login, I’ll see this pretty looking thing. Um which you know, modem status, if you want to click that, you can click any one of these. None of these five buttons, The modem status, quick setup, wireless setup, utilities or advanced setup. None of those are actually going to change anything in your configuration. So if you’re in you’re just poking around poke around, you know, feel free. I’m gonna go to utilities. Uh nope, that’s not what I want to go. Except dance set up. Anyway, we’ll poke around here a little bit, we’ll find the password. Yeah. And these things are so slow because I’ve got like no um memory. It’s crazy. So if you do change your wireless router, that’s probably a good thing over here. Under advanced setup, you can see on the left side you’ve got security and then you’ve got administrator password and that’s where I can change my password. So the user name, I don’t know what it would do if you disabled password. Have you ever done that?

[00:24:44] Brad Nigh: I think it just lets you straight in

[00:24:47] Evan Francen: like passing through that.

[00:24:50] Brad Nigh: That’s what this is taking.

[00:24:53] Evan Francen: Yeah. Right and then you can change the administrator username if you want to. Uh If that’s too much for right now just go and leave it. But this is where we want to change the password and make it long. Right? And if you have a password manager which you should. Yeah that’s where you’d uh you know store it there trying to see him typing. I’m talking while I’m typing a password.

[00:25:17] Brad Nigh: It doesn’t work. I had to do that where it’s like okay I have to stop talking because I have to.

[00:25:26] Evan Francen: Yeah. Right so passwords 12 ish characters here which is probably fine. Uh The biggest thing is just a change in the whole cracking the password. What you don’t want is just an attacker to be able to just guess your password. They’re going to go with that default first. Now if the ISP changed your default password to where it wasn’t 1234 in this instance it was something longer or different. You still want your password because your ice p knows the password. Right, passwords are meant to be known by you and sort of only So click apply changes

[00:26:08] Brad Nigh: and think about it from a Just an overall security perspective it took you what about 15 seconds to find the default password to something that is Internet connected.

[00:26:20] Evan Francen: Right? Somebody

[00:26:21] Brad Nigh: gets your idea dress which is available on you know you can run those on show them dot l find those those devices.

[00:26:35] Evan Francen: Exactly. It’s a piece of cake. And that’s why this is the number one thing that we recommended. Right. No so there you go I opened a command line and I did that just by clicking the in the search bar in Windows typing cmd. I got this black screen I typed in I P C O N F. I G I looked through there for something called the default gateway that gave me the iP address for my router assuming I didn’t you know, make my network complex. I put that I. P address into my browser window. I came up with a log in. I used the log in either given to me by my I. S. P. Or I used the default log in by just searching for the you know the the router model number and then from there I went into advanced setup, looked for an administrator password on the left side and just changed my password. Damn took all of you know, have you done this before? You know 15, 20 seconds maybe? Uh if you’re gonna do it your first time it may take you 5 10 20 minutes may take an hour. But this is so important for your home network security that if you haven’t done this it’s well worth the hour. Oh yep. Right. So that’s what I wanted to start with today, just give people that now your router is probably going to be somewhat similar. They’re not all that different.

[00:28:11] Brad Nigh: Yeah it’s very very similar. But the difference is I don’t go directly through three. Yeah.

[00:28:21] Evan Francen: Right. Right. And and once you get comfortable I mean now at that point you know changed your password, you know, log out. You usually don’t just want to close your browser window. If you do just close your browser windows so be it it’s not a huge but you know, log out uh go take a break, you know go ahead. Who get to grab a cup of coffee. You did something really good for your for your safety, for your family’s safety, for your privacy. You know there was a big deal. Yeah so you want I can patch on the back if I can patch on the back through a podcast. I’ve been doing that right now.

[00:29:00] Brad Nigh: You want a quick peek? It how I have it set up so that people actually know that it’s uh I’m not just. Uh huh. And I think you’ll enjoy the uh my router name. All right so this is this is what I did. I flashed it. I don’t know I don’t remember Netgear tp and something. Um But the basic setup so you can see I’m actually going through this is the internet, my internet modem cable modem. Okay so it goes through that using DNS amusing Cloudflare. DNS

[00:29:42] Evan Francen: what what are you saying? Uh What are you running D. D. D. D. R. T. On

[00:29:47] Brad Nigh: uh

[00:29:49] Evan Francen: are you running out like raspberry pi?

[00:29:51] Brad Nigh: No it’s running on a uh TP link or I don’t remember it. It’s a standard wifi router. Okay. Uh I was sitting here somewhere uh but this is the so you can see I’ve got, you know, the physical interface, uh is that broadcasting? But then I’ve got my IOT device and it’s not broadcasting that and you can see that it’s unabridged, I can’t so I’m not able to get across from that. It’s gotten that isolation in place. Each one of these has its own DNS or uh some that range. So I got a IOT, this is our guest for when people come over the mobile is from, you know, for the kids ipads or whatever they want to connect their phone. I’ve got my work wine that has his own because he’s gotten older ipad that needed some specific configurations and then the five G is just that mobile Five G and then I have my own that I connect my ipad or whatever directly to.

[00:31:01] Evan Francen: Nice, that’s

[00:31:02] Brad Nigh: all well done out and it’s got some, you know, the firewall enabled,

[00:31:09] Evan Francen: walking

[00:31:10] Brad Nigh: pains, things like that and then like yeah, I had to use this one for his older one, otherwise I as soon as he upgrades, I’m going to turn that off, it’s only enabled on his, I’m not one uh wireless but

[00:31:30] Evan Francen: very good. Well in the uh for people who haven’t, you know, who aren’t, what I don’t want people to do is get overwhelmed and not do this, you know what I don’t want people to think what’s to confusing. You saw that we were able to do it in five minutes and then eventually you can get to a point where brad, you know, where you’re very very comfortable with networking with, you know, security settings on routers and firewalls. So eventually you can go there if you want to and maybe get a job honestly.

[00:32:07] Brad Nigh: Yeah, I mean obviously break, I said I clearly are in the probably tough, less than 1% of people that have it set to this level, but I don’t know right, I enjoy doing it.

[00:32:27] Evan Francen: Well. Yeah. Well you and I both man, I mean I’ve got, yeah, I got a bunch of weird things going on. Uh I’ve got I bought another raspberry pi so I’m playing with that too. That’s what we do for a living, you know? Yeah, but but the stuff that I just did, anybody should be able to do, it doesn’t matter if you’re a plumber, a teacher, a house, uh you know, homemaker, a student. I mean that’s step one. Once you feel comfortable or once you’ve done that, then the next thing that I would recommend is try to discover or find all the things on your network is gonna be surprised that, you know, you’ve probably got stuff on your network that you don’t even, you had on your network. Yeah, you can’t secure stuff, you don’t know, you have. So that’s the next step is to do that.

[00:33:28] Brad Nigh: And what’s nice with what I like is I I said the password for the wireless on the The cable modems. I don’t even know what it is. It’s like one of those last past like 32 character random generated things. And so nobody can connect to that. Right? So all the all the traffic has to go through uh this and I can I can see who’s connected. I can see the device and all that stuff. So I know I have a good idea of, you know who’s on, I could sit in that filtering if I really wanted to get granular, but that’s just the pain in the butt.

[00:34:10] Evan Francen: Right. Well, there’s there’s when you start to get too complex, you increase your chances of making mistakes too. Right.

[00:34:20] Brad Nigh: Right. Yeah. You make you start making well and then you don’t want to it becomes too complex to manage, right? And so then it’s almost like, all right, well, um it becomes less secure because it’s too much you’re not involved in it. If you keep it simple, it’s easy to look at, you know what’s going on. It’s easy to troubleshoot.

[00:34:47] Evan Francen: Right? Yeah. Absolutely. So the next thing is uh you know, discovering all the stuff on your network. Well, you may take them through that. Do I I mean I can or you can it’s easy.

[00:35:03] Brad Nigh: I don’t know, I have all my stuff. I don’t have an app or anything like

[00:35:08] Evan Francen: I’ll do it man.

[00:35:09] Brad Nigh: Okay. Yeah I have it all on. Bm. And that takes a few minutes to boot up. You should see I should have done my I can because it’s got all the virtual right? This is from the VMS that I run

[00:35:24] Evan Francen: the same same thing. I’m just gonna walk People through how to discover the things you have you know on your network. So we have to change the password and step two figure out what’s on your network. So I’m the command prompt again. So you’re going to get used to command prompt and you get used to you know, typing things. But in again to get here in the Windows search just type in cmd. Uh And you’ll see this thing. Um And I start with I. P. Config what what what is now? You already went here? We went to their default gateway. What I’m looking for now is two things I’m looking for. This I. P. V. Four address. That’s my I. P. Address of this computer that I’m working on right now here it’s 192168.0 dot five. And the other thing I’m looking for is this thing called the sub net mask which is basically the size it’s the size of the network that I’m connected to. So in this case it’s 2 55 to 55 to 55.0. So just write those two things down right because everything if I haven’t made my network more like brad’s Then this is what I’m gonna have, I’m gonna have a single network, I’m gonna have a network with it and it’s probably gonna be 192.168. That’s something. And my sub net mask is probably going to be 255-55-550. So the write that down because that’s where I’m going to try to find everything that’s on my network. So that’s the that’s the start what you’re done with that type exit to get out of that. Yeah. Now I’m no longer sharing my screen. The next thing I’m gonna do is I’m gonna open a browser now. I prefer to use the tool called N map because it’s lightweight. It’s open source, it’s pretty well supported and it’s super flexible. So if you decide you want to do more stuff later on, you can do that with End Map. Uh You can only install it later too. Um There’s other tools that you can use. So and map isn’t the only one by any means. It’s just one that I’ve used for God, it seems like 20 years now

[00:37:41] Brad Nigh: the two biggest ones that I is in that or angry I’d Yeah, most at least that I’ve seen the most but there are others as well.

[00:37:52] Evan Francen: For sure. So if you have one that’s that’s your favorite then your this is probably to remedial for you anyway. But uh if you don’t hear that this is a map. So you can google and map or you can just go to end map dot org, find the download link, be over here on the left side, click download, it will take you to this page. And what you’re looking for is the latest stable release self installer. You don’t want to get any clear nap, you’re not going to compile your own version on Lenox Probably. But if you wanted to, here’s your Lennox stable releases, so you’re just gonna download This one and in this case it’s and map version 7.91. Yeah, you’ll see it download and then you’ll start the installation. Uh So that’s the second thing to do. Yeah. Now if you’re not running you’re if you’re not in your computer as administrator should be a good thing. Right? But we’re not we’re not even getting there yet. Right, well, just baby steps because Yeah, I agree man. We this series is going to go for a little while because I think there’s a lot of work for us to do here.

[00:39:01] Brad Nigh: Yeah, agreed.

[00:39:03] Evan Francen: Uh Alright, so and map downloads, you find where you downloaded it double click the execute herbal uh to start the install process. If you’re not on your computer. As administrator, uh you’ll have to authenticate as administrator when you do that installation and then once that’s all completed it’s a pretty straightforward installation, then go ahead and open it. And I just accidentally opened putty instead. Mhm. Just a whole different app. Not to worry not to worry. Uh Next thing you wanna do is open and in this case what which are actually opening? Is is a it’s a wrapper around and map called Zen Map. Uh The real I mean the actual end map is uh is uh come in line. Right. All right. So then I opened Zen Map and this is what I get now. Sure my screen again. Pretty yeah basic window. Now this will look so I look for in the first time you’ve ever used this you’ll have you know, all these menu options and all these, you know, you can see these command lines. If you’re running and map from a command line this would be the equivalent so that I p address that I told you to remember. Yeah we’re gonna instead of using my own I. P. Address if you remember this was my own I. P. Address. The 1921680.5. Instead I’m gonna do 0.0. So I’m just gonna take the five off And I’m gonna do this slash thing. This slash thing is not going to get too technical but this is what your sub net mask is just in a different saying in a different way to do slash 24. Right? That’s the same thing that slash 24 is the same thing as the 2 55 to to 55 to to 55 0 that I told you.

[00:41:06] Brad Nigh: And I would say for me, home users, that’s all you’ll need to know by default. That is going to be Either slash 24 or the Triple 2 55 died zero.

[00:41:18] Evan Francen: Yeah, totally. Now I you’ve got this intense scan. I typically choose the intense scan without a ping. And the reason why I do that is I don’t want the pink scan to determine which hosts get port scans and don’t get too deep on this. This is a preference for me. Uh but I choose this. Drop down and choose intense scan. No pain. Yeah, that’s what I would get if I were to run this from the command line, I’m not doing that. And then I just click scan around the top, right. Uh and it’ll take a while depending on, you know, how fast your network faster computer is. How many things are listening on your network? How many ports they have opened? This is going to take a while and this is actually where we’re going to where I’m going to stop in this uh, you know, in this in this podcast because we’ll pick it up from here next because what this will tell. So tell me a whole bunch of years. It’ll tell me a whole bunch of systems that listen to something on my network. But what it won’t tell me. and a lot of cases is what that system is. That’s where we’ll go next week. An episode 1 10 is. How do I hunt these things down? Yeah. You know, because you can see some things you know, on my screen right now that have already popped up. I’ve got 192168.0 dot 24 22 is listening there. Well, What’s 192168.0.2. What system is that? I don’t know. Maybe a map will be able to determine it. But a lot of cases you’ll have to go and hunt it down manually and again, this is really important. I don’t want people thinking, well, this is too technical for me. I don’t, you know, it’s this again took me five minutes to kick off this scan and all I’m asking you to do once you’re done with the scan is you’ll just do scan saved scam right? When it’s all done, so that we can come back next week open that scan, dig through it and try to figure out what this stuff is on the network. And the reason this is so important, if you imagine you being at home and having people in your home that you don’t know or in your home, right? Don’t you kind of want to know what’s in your home, who’s in your home computers work the same way you may have computers out talking systems on in your homework that are out talking to things on the internet, good guys and bad guys and you don’t know. Yeah, that’s why this is really, really important.

[00:43:57] Brad Nigh: Yeah. Yeah, exactly. You know, and then going back and so a lot of the IOT type things, right. Do you know what all is on the network? Yes,

[00:44:10] Evan Francen: exactly. So I can go on right, well every, every tv you by now if you just set it up by default, right? And you probably want those cool new features, you want to be able to stream stuff and netflix and you know, so you’re putting stuff on your network all the time and a lot of those things, you’ll forget that you put on your network. A lot of those things like, you know, for instance, direct tv. Uh I used T. V. And I have those boxes in each room because you have a box in in each room. Each one of those boxes connects on the interconnect. Not on the internet, but my network and talks to other boxes on my network, you would never know that. And you never know if any of those things have bugs any of those things have, you know, need to be patched. Um Yeah, so this is really important. This part two.

[00:45:03] Brad Nigh: Yeah, I totally agree.

[00:45:06] Evan Francen: Um so let that scan run if you followed along, you went to command line, you typed in, you know, again I P C O. N. F. I. G. You found your I. P. Address and it would be just noted as I. P. V. Four address. You found that and you found it your network your sub net mask Which is case like Brad said is going to be 255 period to 55 period to 55 period, zero write that stuff down, go out, download and map, install it. Open it. Type in that iP address in the in the screen where it says target Instead of 2:55 – 55 – 55.0. You can do 124 you know choose your profile. I I chose the no ping. But if you want to go with the default which is just intense scan with the ping that’s fine. Don’t worry about it and I’m not going to go into detail what ping is because I don’t want you to have to be a network expert. I want you to just do the basics understand. Yeah. And then click scam. And when that’s all done may take it may take a long time. Well that’s all done. You’re gonna go you know you’re gonna save your results so you’ll go scan, save scamp. Well let’s save it somewhere on your computer if you want to follow along for next week. Otherwise uh if you want to start hunting yourself feel free to hunt. Mhm. That’s what I wanted to get through today man. I wanted to kind of take it to that next level and I think next week you can take it from there.

[00:46:43] Brad Nigh: Okay. Yeah and I think for our normal listeners this is probably pretty, would they consider basic stuff? But this isn’t for our regular listeners listeners. This is for, hey send this to your family, your friends that don’t understand this stuff. It was a resource or for everyone else. That’s not insecurity or technically uh N. I. T.

[00:47:13] Evan Francen: Right. And and that’s the thing that if if if you’re an information security person or a technical person and this stuff is very remedial for you, ask yourself how many people you’ve talked to that aren’t like you about this, Would you rather be your parents whether it be a neighbor, whether it be you know a friend. Um And also you know maybe you can learn to try to not assume that people know stuff.

[00:47:42] Brad Nigh: Yeah

[00:47:44] Evan Francen: 99%, 90 90 90. I don’t know. Some huge percentage of people have never heard of that before.

[00:47:52] Brad Nigh: Uh Yeah I’d agree if you’re not in I. T. Or haven’t been an I. T. Yeah I guess it’s not not been known,

[00:48:03] Evan Francen: Right? Yeah. So you got anything to add man that you think that’s helpful? I

[00:48:09] Brad Nigh: sure hope so. You know I think that there definitely is a need out there for for this type of uh conversation.

[00:48:21] Evan Francen: Uh Well and ultimately your home network security even though there is some effect on me. If you have a bad to give my neighbor has a terrible network, it will affect me to some extent, but truly who suffers from that is my neighbor and they’re oblivious a lot of times to it. Yeah. Uh, especially this time of year men, I mean, people are gonna be getting all kinds of new gadgets for christmas and it could just be plugging that stuff in and be like, hey, works, we’re good. Yeah. And owned. All right. Uh Oh yeah, next week, let’s, let’s go, Oh my gosh, we got some news, uh, crazy stuff going on in our industry, which is normal. Mhm. Uh the big news that this last week came from fire I’m in and I think you had texted me something about it too.

[00:49:22] Brad Nigh: Yeah, I didn’t know, I didn’t know if you’d seen that because it just, yeah, it just broke yesterday as far as I know.

[00:49:33] Evan Francen: Yeah. Well, and so the first news item this, so fire I, you know, for people who know, fireeye is uh, people who don’t know, fire eyes, you know, kind of iconic in our industry, their, you know, long history kevin Mandia is the Ceo started with, you know, as Mandiant. And even before then it was something else, I can’t remember. Uh, but anyway, very well known, well respected information security company. Uh, there’s a lot of nation states sort of stuff does a lot of incident response for the government.

[00:50:15] Brad Nigh: I didn’t get put out some phenomenal tools, you know, the flare BM. And a lot of other things that other people use. They’ve done a lot of good things.

[00:50:27] Evan Francen: Yeah, well they were breached. So the, uh, the first article is from information or info security magazine and the title is suspected run Attackers steel fire. I read team tools. Uh, my first thought, you know is, well, yeah, I mean everybody is susceptible, nobody is hack proof. Even the best right. The best

[00:50:55] Brad Nigh: if some this just proves if somebody wants to get in, they’ll get in given enough time. It’s just it’s going to happen

[00:51:03] Evan Francen: right. Uh, you know, we don’t know the details of this particular attack. But I thought the thing that sort of torques me a little bit about fire I as the sales he approach that they take to everything now. Uh, you know, you look at the blog post that kevin Mandia posted, uh, he was yesterday, the day before. It was like

[00:51:28] Brad Nigh: right at the end of the day yesterday.

[00:51:30] Evan Francen: Okay. Uh, it’s just nevertheless out of an abundance of caution. I hate that saying by the way. Well, out of an abundance of caution. I

[00:51:43] Brad Nigh: think the part that cracks me up the most being doing ir and working with legal. I read this in the way. Okay, so it’s that the attacker was able to access some of our internal systems at this point in our investigation and this is the part that kills me. We’ve seen no evidence that the attacker Excel data from our primary system. What that’s legally used for is we can’t should prove it one way or the other. We don’t know but we haven’t seen evidence of it. So it doesn’t mean it didn’t happen. It just means they can’t they haven’t caught any proof,

[00:52:19] Evan Francen: right? Yeah. The abundance of caution and we’ve already, you know, no evidence. Are they managed to exfiltrate customer data or metadata but they definitely exfiltrate id your red team tools now.

[00:52:35] Brad Nigh: You know, I bet your aid on agree on some of the sales and stuff but I will give them credit for posting the countermeasures because they’re giving away a lot of I mean, well they’re out in the wild now anyway, but you know, how they do things. There’s a lot of interesting stuff now available for people to look at,

[00:53:00] Evan Francen: right? Yeah. It’ll be interesting to see how this thing unfolds. You know, the the initial press release or the post to us. Not impressive. You know, in in my opinion, it was it’s just it’s the same stuff everybody says when they lose something. Um Yeah, it will be interesting to see what what actually comes of it. I don’t know what else to think right now because it’s all sort of knew but it’s a hell of a target that’s for sure.

[00:53:36] Brad Nigh: Yeah. I’m guessing it’s not gonna be too long before somebody claims credit because it’s it is it’s too big of a about heist in.

[00:53:46] Evan Francen: Yeah. Yeah. Well I wonder how they were, how they were detected, you know, maybe why they weren’t detected earlier. You usually did to expel, I mean that’s hard to do because you you would think that um they’ve got uh, you know, default, deny outbound or something, you know, where it’s really probably button down, especially when you’re keeping your tools.

[00:54:14] Brad Nigh: I would I would hope so. Um there was another article I saw that they said that basically they had, let’s see the Attackers set up servers solely for the breach and to fire I calling it a sniper shot. So these people were, who

[00:54:32] Evan Francen: said that

[00:54:33] Brad Nigh: this was in a Washington post article about that cheat. So that should take so much out there that we don’t know yet.

[00:54:43] Evan Francen: Well that’s the thing. I mean everybody who says so many of these things, it’s everything that’s said at this point is kind of Bs because you don’t know, you may, you may think that they had set up servers themselves. But if they were sophisticated enough to get past fire eyes defenses, you don’t think they’re sophisticated enough to uh what’s the word I’m looking for um oh ah lead you to believe whatever the hell they want you to believe, I guess, you know, because also, you know, Fireeye in another blog post said there, they are highly trained and operational security and executed with discipline and focus. They operated clandestinely using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past maybe. Or somebody click the damn phishing link.

[00:55:38] Brad Nigh: Yeah, Well, that’ll be interesting is what was the initial, how did they get in? How long were they in? You know, I’m gonna guess that a lot of it, was that what we’re seeing the finalists malware where they’re running power shell and memory through legit windows, uh, processes. You know, we’ll see what happens

[00:56:02] Evan Francen: now. We will the in a sniper shot thing. It’s like, yeah, of course, it’s a sniper shot. I’m not gonna, well, somebody was targeting them, right, But they’ve always been a target. So I don’t know. There’s another post, uh, you know, on in the show notes, uh, from the register to which, you know, I think if you really wanted to do some investigation on this, you’d have to take all kinds of different sources and really spend a lot of time digging in on what’s being said where and

[00:56:38] Brad Nigh: and realistically it’s going to

[00:56:39] Evan Francen: be that it’s

[00:56:41] Brad Nigh: going to be probably january february before we actually get the results of everything and understand what all is going on.

[00:56:52] Evan Francen: Exactly, exactly. But the key point, I think here is, I’m sure mandy and has a good incident response plan and all that other stuff, but nobody is immune to being hacked. It was for me it doesn’t, you know, because for a Russian servers as much as it does for an american server or a Brazilian server, everything is hackable, Everything. So what this means to you listener is everything is hackable. So what things do you have in place? What things will help you understand when the bad thing happened and then what would you do when it does, what happened?

[00:57:40] Brad Nigh: Yeah, I mean, this is what we preach it, it’s not a matter of if it’s a matter of when,

[00:57:48] Evan Francen: you know, Alright, the next one I got is uh and I just put this up here quickly because um I think it’s important to not take your eye off the ball. This is from security affairs Microsoft December 2020 patch Tuesday. That’s so yesterday, was that next week? Yes.

[00:58:08] Brad Nigh: Wait, yeah, yesterday

[00:58:11] Evan Francen: yesterday 58 bugs nine of them are critical. Uh 20 to 58 vulnerabilities. 22 of them are remote code execution vulnerabilities. Ah the key here is patch, yep,

[00:58:27] Brad Nigh: basis,

[00:58:28] Evan Francen: yep. And we’ll get the patching maybe next week when we talk about home, we’ll go through some uh you know how to hunt down some of the end map results and then we can talk about patching too. That’d be kind of like the next thing probably, yeah. Uh the last or two more. These are also quick. Uh this one comes from tech crunch Uh And the title of the article is researchers say hard coated passwords in G. E. Medical device imaging devices could put patient data at risk.

[00:59:01] Brad Nigh: What hard coded passwords? What that could be your wrist?

[00:59:07] Evan Francen: I don’t know who to be more pissed off with G. E. Or the people who implement these things. Uh Yeah this is so you know in in health care where and and others I mean we’ve run into and health care so many times where you can’t change the password even if you wanted to, yep.

[00:59:29] Brad Nigh: Yeah. And this is not to pick on G. They are they are not the only ones by far, it’s very common across all medical devices.

[00:59:40] Evan Francen: Yeah, so if you’re in health care you still can secure those things, you would secure those things through network isolation. Ah Yes, you may be your primary control like extra

[00:59:53] Brad Nigh: monitoring.

[00:59:54] Evan Francen: Yeah, but that’s that which just sucks when people’s health is put at stake because of somebody somewhere at some point. I just thought well let’s just make it easy, let’s make it convenient. Let’s get it out into production as quickly as possible. Not taking security into account at the very earliest stages development. Yeah, the last one I’ve got for news is from info security magazine again in uh it’s the title is N. S. A patch vm ware bug now to stop Russian hackers so there you go, that’s all I’m gonna say on that. Well now I’ll see if the NSA is telling you to patch. You should patch Yeah. To SAN right? That’s a lot of news for one day. Uh And honestly, man, I mean, we could spend 24/7 Talking information, security news because it’s happening all the time.

[01:01:01] Brad Nigh: Yeah. Great.

[01:01:03] Evan Francen: That’s it for episode 109. Thank you to all our listeners. We do dig you. We think we think you’re pretty cool. Most of you. There’s three of three of you that we don’t think are cool.

[01:01:15] Brad Nigh: Yeah, but we’re not gonna really be guessing.

[01:01:18] Evan Francen: Yeah, but I can tell you who those people are. Thank you brad. Uh you get a shout outs. Yeah,

[01:01:25] Brad Nigh: I’ll give a shout out to victoria who we had on during the women and security podcast. She uh was able to cover on a meeting for me on monday when I was not feeling so well. And then also did a just a great job with kind of accustomed engagement and handling the customer. Uh huh. Who was freaking out due to a deadline and not understanding what we provided. Uh well again because I couldn’t get on a call. So shout out to victoria for really stepping up and helping out.

[01:01:59] Evan Francen: Awesome man. I’m going to give a shout out to Shawn Pollard. Mhm. Uh I’ve heard numerous times like become a bunch of uh Go get her. He is how you know, he just continues to take on what is going to have like 17 DC. So clients right now. I mean that’s that’s nuts. And there’s such a man of integrity to, you know, which is just awesome. So shout out to Shawn. Next week we’ll continue the info or information security at home discussion. We’ll dig in a little more on identifying items on your home network. Uh and then we’ll talk about patching. In the meantime, send us send us things by email at unsecurity@protonmail.com. Eventually we’ll go actually check that mailbox and see if we have mail. Uh if you’re the social tape socialized with us on twitter, I’m @EvanFrancen and this other guy is on twitter @BradNigh lastly be sure to follow security studio @StudioSecurity because we like to mix things up right. The name of the company is here in the studio. But the twitter handle is studio security. If that doesn’t confuse you, we’ve got some acronyms later, I am sure. And and uh FRSecure is on twitter @FRSecure and they’re always doing a bunch of cool stuff. So I would follow those as well. That’s it. We’ll talk to you again next week.

/by