An example of a secure setting of the home LAN. How to set up a home router to make a secure network
Wireless security
Almost every house has a wireless network (or so-called wi-Fi network). This network allows you to connect any device to the Internet, such as a laptop, a tablet or a gaming console. Most wireless networks are managed by a router - a device installed by your Internet provider to provide Internet access. But in some cases, your network can be monitored by individual systems, the so-called access points that are connected to the router. Regardless of which system, your devices are connected to the Internet, the principle of operation of these systems is the same: transmission of radio signals. Various devices can be connected to the Internet and to other devices of your network. This means that the safety of your home network is one of the main components of the protection of your home. We advise you to fulfill the following rules to ensure the security of your home network:- Change the administrator password installed by the manufacturer of the Internet router or access point. An administrator account allows you to make changes to network settings. The problem is that many routers are supplied with standard, well-known passwords and easy to find them on the Internet. Therefore, you should change the factory password to the unique and strong password, which you will know only you.
- Change the name of the network installed by the manufacturer (it is also called SSID). This name your devices see when searching for home wireless network. Give your home network a unique name that is easy to find out, but it should not contain personal information. Network configuration as an "invisible" - a low-efficient form of protection. Most wireless network scanning programs and any experienced hacker can easily detect the "invisible" networks.
- Make sure that only people you trust are connected to your network, and that this connection is encrypted. This will help increase security. Currently the most safe connection is WPA2. When using it, the password is requested when connected to the network, and encryption is used. Make sure you do not use an outdated method, for example, WEP, or do not use an open network (which does not provide protection). The open network allows you to absolutely connect to your wireless network without authentication.
- Make sure that you use a strong password to connect to your network, which does not match the administrator password. Remember that you need to enter a password for each device used only once, this password of the device can be memorable and stored.
- Most wireless networks support the so-called guest network (Guest Network). This allows guests to enter the Internet, but home network In this case, protected, since guests can not connect with the home devices of your network. If you add a guest network, make sure that you use WPA2, and it is protected with a unique and strong password.
- Disconnect Wi-Fi Protected Setup or other configuration that allows you to connect new devices without entering the password and other configuration options.
- If you find it difficult to remember all passwords, we strongly recommend using password manager for storage.
Security of your devices
Next step It is clarifying the list of all devices connected to the network and ensure their safety. It was easy to do before when it was connected to the network a small amount of devices. But in the modern world, almost all devices can be "constantly connected" to the network, including televisions, game consoles, children's cameras, speakers, heaters, or even cars. One of simple ways Detect the connected devices is to use a network scanner, for example, fing. This application once mounted on a computer allows you to detect absolutely all devices connected to the network. After you find all devices, you should take care of their safety. The best way to secure is to regularly update their operating systems / firmware. If possible, configure automatic update Systems. If you can use a password to each device, use only strong and reliable password. And finally, visit the Web Web Website of the Provider to obtain information about free way Protection of your network.about the author
Cheryl Konley heads the training department for information security in the company Lockheed Martin. It uses The I Compaign TM branded technique for the training of 100,000 employees of the company. The technique actively uses focus groups within the company and coordinates the global program.Today, almost every apartment has a home network to which stationary computers, laptops, data warehouses (NAS), media players, smart TVs, as well as smartphones, tablets and other wearable devices are connected. Either wired (Ethernet) or wireless (Wi-Fi) connections and TCP / IP protocols are used. With the development of Internet technologies of things in the network, household appliances - refrigerators, coffee makers, air conditioners, and even electrical installation equipment have been released. Thanks to solutions " Smart House»We can control the brightness of lighting, remotely configure the microclimate in the rooms, turn on and off various devices - it makes it great easier for life, but can create the owner of advanced solutions. Sultuous problems.
Unfortunately, the developers of such devices will not care about the safety of their products, and the number of vulnerabilities found in them grows as mushrooms after the rain. There are often cases when, after entering the market, the device ceases to be supported - in our TV, for example, the 2016 firmware is installed, based on Android 4, and the manufacturer is not going to update it. Add problems and guests: to refuse them in access to Wi-Fi is inconvenient, but also to put into their cozy network who did not want to go to their cozy network. Who knows what viruses can settle in strangers mobile phones? All this leads us to the need to divide the home network into several isolated segments. Let's try to figure out how to do it, as it is called, with low blood and with the least financial costs.
Isolating Wi-Fi network
IN corporate networks The problem is solved simply - there are controlled switches with support for virtual local networks (VLAN), a variety of routers, firewall and points wireless access - It is possible to build the desired amount of isolated segments in a couple of hours. Using the Traffic Inspector Next Generation (Ting) device, for example, the task is solved literally in several clicks. It is enough to connect the network of the guest segment in a separate Ethernet port and create firewall rules. For the house, this option is not suitable due to the high cost of the equipment - most often the network is controlled by one device that combines the functions of the router, switch, the wireless access point and God knows what else.
Fortunately, modern domestic routers (although they are more correctly called online centers) also became very smart and almost in all of them, except if there are absolutely budget, there is an opportunity to create an isolated Wi-Fi guest network. The reliability of this isolation itself is a question for a separate article, today we will not explore the firmware of household devices of different manufacturers. As an example, take ZyXEL KEENETIC EXTRA II. Now this line has just become known as Keenetic, but our hands got the device, released still under the ZyXEL brand.
Setup via the web interface will not cause difficulties even at beginners - a few clicks, and we have a separate wireless network with your SSID, WPA2 protection and password for access. It can be used in it, as well as include televisions and players from a long time not updated firmware or other customers that you do not particularly trust. In most of the devices of other manufacturers, this function, repeat, is also present and is included in the same way. So, for example, the task is solved in firmware d-Link routers Using the setup wizard.
You can add a guest network when the device is already configured and running.
Screenshot from the manufacturer's site
Screenshot from the manufacturer's site
Insulating Ethernet network
In addition to connecting to a wireless client network, we can crash with a wired interface. The connoisseurs will say that the so-called VLAN are used to create isolated Ethernet segments - virtual local networks. Some household routers support this functionality, but here the task is complicated. I would not like to make a separate segment, we need to combine ports for wired connection With a wireless guest network on one router. This is not all kinds of teeth: a surface analysis shows that in addition to the Keenetic Internet centers, add Ethernet ports to a single Wi-Fi network, the guest segment is able to still models the Mikrotik line, but the process of their settings is no longer so obvious. If we talk about comparable at household routers, solve the task for a couple of clicks in the web interface can only Keenetic.
As you can see, the experimentally coped with the problem, and here it is worth paying attention to another one interesting function - You can also isolate wireless guest customers from each other. It is very helpful: the smartphone infected by the malfunction of your friend will be released on the Internet, but it will not be able to attack other devices even in the guest network. If there is a similar function in your router, it is necessary to turn it on, although it will limit the ability to interact customers - say, make friends with a TV with a media player via Wi-Fi no longer work, you will have to use a wired connection. At this stage, our home network looks more protected.
What is the result?
The amount of security threats from year to year is growing, and manufacturers smart devices Not always pay enough attention to the timely issue of updates. In such a situation, we have only one way out - differentiation of customer customers and the creation of isolated segments for them. To do this, you do not need to buy equipment for tens of thousand rubles, with a task may well cope with a relatively inexpensive household Internet center. Here I would like to warn readers from buying devices of budget brands. Iron Now almost all manufacturers are more or less identical, but the quality of the built-in software is very different. As well as the duration of the support cycle of released models. Even with a fairly simple task of combining in an isolated wired and wireless network segment, not every household router can cope, and you may have more complex. Sometimes you need to configure additional segments or DNS filtering to access only safe hosts, in large rooms you have to connect Wi-Fi clients to the guest network via external access points, etc. etc. In addition to security issues, there are other problems: in public networks it is necessary to register clients in accordance with the requirements of Federal Law No. 97 "On Information, Information Technologies and Information Protection". Inexpensive devices are able to solve such tasks, but not all - the functionality of the built-in software they will repeat, very different.
With the distribution of broadband Internet access and pocket gadgets, wireless routers (routers) were extremely popular. Such devices are able to distribute a Wi-Fi signal as stationary computers and on mobile devices - smartphones and tablets, - at the same time bandwidth The channel is enough to simultaneously connect multiple consumers.
Today, the wireless router is almost in any house where broadband Internet has been held. However, not all owners of such devices are thinking about the fact that when default settings, they are extremely vulnerable to intruders. And if you think that you do not do anything on the Internet that you could damage, think about the fact that intercepting the signal of the local wireless network, the hackers can access not only your personal correspondence, but also to a bank account, service documents and Any other files.
Hackers may not limit the study of the memory of exclusively your own devices - their contents can tell the keys to the networks of your company, your loved ones and acquaintances, to the data of all kinds of commercial and state information systems. Moreover, through your network and on your behalf, attackers can carry out mass attacks, hacking, illegally distribute media files and software and engage in other criminal punishable activities.
Meanwhile, to protect themselves from such threats, it is worth following several simple rules that are understandable and accessible to even those who have no special knowledge in the field of computer networks. We invite you to familiarize yourself with these rules.
1. Change the default administrator data
To access the settings of your router, you need to go to his web interface. To do this, you need to know his IP address in local network (LAN), as well as the username and password of the administrator.
The internal IP address of the router by default, as a rule, has the form 192.168.0.1, 192.168.1.1, 192.168.100.1 or, for example, 192.168.123.254 - it is always specified in the documentation for the equipment. Default login and password are usually also communicated in the documentation, or you can learn from the manufacturer of the router or your service provider.
Enter the IP address of the router to the browser address bar, and in the window that appears, enter the login and password. We will open the web interface of the router with the most diverse settings.
The key security element of the home network is the ability to change the settings, so it is necessary to change all the default administrator data, because they can be used in tens of thousands of instances of the same routers as yours. We find the appropriate item and enter new data.
In some cases, the possibility of arbitrary changes in the administrator data is locked by the service provider, and then you will have to seek help.
2. Install or change passwords to access the local network.
You will laugh, but still there are cases when the generous owner wireless router Organizes an open access point to which each can connect. Much more often for the home network is selected pseudoparol type "1234" or some banal words specified when installing the network. To minimize the likelihood that someone can get into your network with ease, you need to come up with a real long password from letters, numbers and characters, and set the signal encryption level - preferably WPA2.
3. Disconnect wps.
WPS technology (Wi-Fi Protected Setup) allows you to quickly establish protected wireless communication between compatible devices without detailed settings, but only by pressing the corresponding buttons on the router and the gadget or input the digital code.
Meanwhile, this convenient system, usually included by default, has one weak point: Since WPS does not take into account the number of attempts to enter an incorrect code, it can be hacked by the "coarse force" by simple busting using the simplest utilities. It will take from a few minutes to several hours to penetrate your network through the WPS code, after which it will not be much difficult to calculate and network password.
Therefore, we find in the "admin" corresponding item and turn off the WPS. Unfortunately, making changes to the settings will not always really turn off WPS, and some manufacturers do not provide for such an opportunity.
4. Change the name SSID
The SSID identifier (Service Set Identifier) \u200b\u200bis the name of your wireless network. It is his "recall" various devices that, when recognizing the name and availability of the necessary passwords, try to connect to the local network. Therefore, if you save the standard name installed, for example, by your provider, that is, the likelihood that your devices will try to connect to a variety of nearest networks with the same name.
Moreover, a router translating the standard SSID is more vulnerable to hackers who will approximately know its model and ordinary settings, and will be able to strike into specific weak points of such a configuration. Therefore, choose as a unique name as possible, nothing speaks about the service provider, nor about the equipment manufacturer.
At the same time, the frequently encountered tip hide the broadcast of the SSID, and such an option is standard for the overwhelming majority of routers is actually untenable. The fact is that all devices trying to connect to your network in any case will be sorting out the nearest access points, and can connect to networks specifically "placed" by intruders. In other words, hiding SSID, you complicate life only yourself.
5. Change the iP router
To further impact unauthorized access to the web interface of the router and its settings, change the default internal IP address (LAN) in them.
6. Disable remote administration
For the convenience of technical support (mainly) in many household routers a function has been implemented remote administrationWith which the router settings are becoming available via the Internet. Therefore, if we do not want to penetrate the outside, it is better to disable this feature.
At the same time, however, it is possible to go to the web interface via Wi-Fi if the attacker is in the action field of your network and knows the username and password. Some routers have a function to limit access to the panel only if there is a wired connection, however, unfortunately, this option is quite rare.
7. Update the firmware
Each self-respecting and clients manufacturer of routers constantly improves the software of its equipment and regularly releases updated firmware versions ("firmware"). IN fresh versions First of all, detected vulnerabilities are corrected, as well as errors affecting the stability of work.
Please note that after the update, all the settings you make can be reset to factory, so it makes sense to make them backup - Also via the web interface.
8. Go to 5 GHz
The basic range of Wi-Fi networks is 2.4 GHz. It provides a confident reception by most of the existing devices at a distance of about 60 meters indoors and up to 400 meters outdoors. The transition to the 5 GHz range will reduce the range of two or three times, limiting for extraneous ability to penetrate your wireless network. Due to the smaller employment of the range, you can also notice the increased data transfer rate and connection stability.
The minus of this solution is only one - not all devices work C Wi-Fi standard IEEE 802.11ac in the 5 GHz band.
9. Disconnect the functions Ping, Telnet, SSH, UPNP and HNAP
If you do not know that it is hidden behind these abbreviations, and we are not sure that these functions will need to be required, find them in the router settings and disconnect. If there is such an opportunity, instead of closing ports, select hidden mode (Stealth), which, when trying to enter them from the outside will make these ports "invisible", ignoring requests and pings.
10. Turn on the router firewall
If your router has a built-in firewall, then we recommend that it is included. Of course, this is not an absolute protection bastion, but in a complex with software (even with a firewall embedded in Windows) it is capable of resisting attacks quite adequately.
11. Disconnect filtering by MAC addresses
Although at first glance it seems that the ability to connect to the network only devices with specific MAC addresses fully guarantees security, in reality it is not so. Moreover, it makes the network open even for not too ingenious hackers. If the attacker can track the incoming packages, it will quickly receive a list of active MAC addresses, because in the data stream, they are transmitted in unencrypted form. And to replace the MAC address is not a problem even for non-professional.
12. Go to another DNS server
Instead of using the DNS server of your provider, you can go to alternative, such as Google Public DNS or OpenDNS. On the one hand, it can accelerate the issuance of Internet pages, and on the other, improve safety. For example, OpenDns blocks viruses, botnets and phishing requests for any port, protocol and annex, and thanks to special large data based algorithms are capable of predicting and preventing a variety of threats and attacks. At the same time, Google Public DNS is just a high-speed DNS server without additional functions.
13. Install an alternative "firmware"
And finally, a radical step for one who understands what does is the installation of a firmware written by not the manufacturer of your router, but enthusiasts. As a rule, such "firmware" not only expand the functionality of the device (the support of professional functions like QoS, the mode of the bridge, SNMP, etc. is usually added, but also make it more resistant to vulnerabilities - including at the expense of non-standardity.
Among the popular Open-Source "Firmware" can be called Linux based
When I looked through the statistics search engine Yandex, then noticed that the request: "home network security" - is requested for a lispody 45 times a month, which, let's say straight, rather regrettable.
To not be unfounded, I want to tell one entertaining story from my life. Some time ago, a neighbor came to me, who decided to join modern life and acquired a laptop, a router, well, it was concerned to connect to the Internet.
Router Neighbor bought the D-Link DIR-300-NRU brands, and this model has such a feature. By default, as a wireless network (SSID), it uses the brand name. Those. The list of available networks detects a network named DLink. The fact is that most of the manufacturers are "sewn" in the settings of the network name in the form of a brand and model (for example, Trendnet-Tew432, etc.).
So, I saw in the list of DLINK networks and immediately connected it. Immediately make a reservation that any router (except Wi-Spots and other exotic, which has no network wired interfaces RJ-45) Be sure to configure, connecting to it on the wire. In practice, I can say that you can configure on Wi-Fi, but not to reflash, - reflash only on the wire, and otherwise there is a chance to seriously damage him. Although if I was setting up the router on the wire, this would not happen and would not have happened and would not be this story.
I connect to the DLink network, I start to customize - I change the SSID, I ask the encryption key, I define the address range, broadcasting channel, etc., restart the router and only here it comes to me that it is painfully some kind of uncertain reception, although the router is near worth it.
Yes, really, I connected to someone else's open Router and set it up, as it should. Naturally, I immediately returned all the settings to the original, so that the owners of the router are not upset and already configured the target router, as it should. But, with everything, at the same time, I can say that this router is still so the unencrypted and anyone can be attached to it. So, to avoid such situations, set up a wireless router and read on about security of home network.
Let's consider which items both hardware and software are advocates of the network, and which are potential bars, including, by the way, and human factor. But first things first.
We will not consider how the Internet comes to you into the house - we have enough understanding of what he comes.
And the question - comes where? On computer? On the router? On a wireless access point?
We will not consider how the Internet comes to you into the house - we have enough understanding of what he comes. And meanwhile, this question is very and very important and that is why. Each of the above devices has its own degree of protection against various hacker attacks and unauthorized access.
The first place in the level of protection against network attacks can be safely given to such a device as a router (it is sometimes called "Router" - this is the same, only in English - Router - router). Hardware protection "break" is much more difficult, although it is impossible to say that it is impossible. But about this later. There is such a folk wisdom that says: "What the device is easier - the more reliable". Because The router is a much simpler device and more narrowly specialized, then it is certainly reliable.
In second place in terms of protection against network attacks - a computer equipped with various protective software (firewalls, which are also called Firewall - literal translation - fiery wall. In Windows XP, and later this service is called firewall). The functionality is approximately the same, but the possibility of implementing two functions, which is most often impossible to make the router tools, namely, tracking visits by users of sites and restricting access to certain resources. Of course, at home this functionality is most often not required or is easily implemented using free Services, for example, Yandex.DNS, if you need to protect your child from bad content. Of course, on a computer-gateway, sometimes there is such a pleasant functionality as a "flowing" antivirus, which can analyze passing traffic, but it is not a reason to abandon antivirus on client computers, because The virus just in case can fly in the file-archive with a password, and there is no way to get there until you open it.
The wireless access point is transparent in both sides by a gateway through which anything can fly, so it makes sense to use access points only on networks protected by hardware or software firewall (router or computer with installed specialized software).
Most often in the home network used wireless routersthat are equipped with four ports for connecting computers over a wire and a radio module that performs the feature of the access point. In this case, the network has the following form:
Here we visually see that the chief defender of our network from hacker attacks is a router, but this does not mean that you can feel in absolute security.
The function of the file router is that it broadcasts your Internet queries and returns the answer to you. At the same time, if the information is nobody in the network, including your computer, was not requested, then the firewall such data filters, protecting your peace.
What methods can you get into your network protected by firewall?
Most often these are Trojan viruses that penetrate your network along with infected scripts or downloaded infected programs. Often, viruses are distributed in the form of investments in emails or references contained in the telephone body (postal worms). In particular, the virus worm is distributed, which encrypts all the information on hard disks Your computer, and then extorts money for decoding.
What else is able to make a virus settled on your computer?
The activity of the virus may be the most diverse - from the "zombie" of the computer or theft of data to the extortion of the money is injected through windows lock or encryption of all user data.
I have familiar, claiming that they did not meet a more useless program than antivirus and perfectly cost without it. If you think the same, it should warn that the virus does not always give itself immediately and gives out at all. Sometimes his activity is to take part in DDOS Attack any node on the Internet. It does not threaten you in addition to you that you can block the provider and make it seek viruses. Therefore, even if there are no important data on your computer, antivirus, at least free, it is better to put.
If the Troyan penetrates your computer - it can open the port, organize a tunnel and provide your creator full power over your computer.
Many viruses can spread over the network, so if the virus hit one computer on the network, there is a chance to penetrate on other computers of your home network
How to protect yourself from viruses?
First of all, you need to install an update antivirus on each computer. Ideally commercial, but if you can use tight with money free Antivirus, like Avast, Avira, Avg, Microsoft Security Essentials. etc. This, of course, is not such effective protection, like a paid antivirus, but it is better so that at all without antivirus.
Important: between the appearance of a new virus and adding its description in anti-virus base There is some "gap", long from 3 days to 2 weeks (sometimes longer). So, at this time, your computer can potentially threatened with a virus infection, even with a renewing antivirus. Therefore, we turn to the next stage, namely the instructions that you can protect yourself from infection.
In fact, pick the virus to pick up the virus even on a favorite news resource through all sorts of copaders or various tips and other advertising on the site. To prevent it - it is necessary that you have a renewing antivirus. You can follow these points for our part:
1. Never open attachments in the letter and do not follow the links from these letters if the addressee is unknown to you. If the addressee is known to you, but the letter has a pronounced promotional character or from the category - "Look at these pictures - you are naked here," then, of course, it should not be transferred by any links. The only thing you can make useful in this case is to inform the person that he caught the virus. This can be both an email and a message in Skype, ICQ, Mail.Ru-Agent and other systems.
2. Sometimes you may come a message from the "Collector Agency" or from the "Moscow City Court" that you have some troubles - I know that encrypter viruses are distributed, so in no case should you move on the links and open the attachments.
3. Be sure to pay attention to how messages about the antivirus viruses discovered. Remember their appearance, because Often, when you navigate the Internet, a message arises that the virus is discovered, immediately download the antivirus from the site and check. If you remember how the antivirus messages window looks like, you can always understand - the antivirus warns you or this is "cheating". Yes, and the antivirus will never demand a download from this site some addition is the first sign of the virus. Do not come, otherwise you will have to call a specialist to treat a computer from the extortioner virus.
4. You downloaded a archive with some kind of program or something else, but when you open the file, you need to send SMS and get the code - in no case do not do this, no matter how convincing the arguments shown in the window. You will send 3 SMS, which costs 300 rubles each and inside see the instructions for downloading files from torrents.
6. If you use Wi-Fi wireless network - you need to set the network encryption key. If you have an open network, then everyone can connect to it. The danger consists not that someone, besides you, will use your Internet, but that he falls into your home network, in which some kind of use shared resourceswho undesirable to exhibit on the universal review. About creating a network using wi-Fi technology You can also read the article.
Instead of summing up
Now we know that whatever expensive and high-quality is our protector - a router, if you do not make certain measures, you can infect your computer with a virus, and simultaneously create a threat to the entire network. Well, and, of course, we must not forget that the key of encrypting your wireless network is also a very important factor.
PNST301-2018 / ISO / IEC 24767-1: 2008
Preliminary National Standard of the Russian Federation
Information Technology
Security of home network
Safety requirements
Information Technology. Home Network Security. Part 1.Security Requirements
OX 35.110, 35.200,35.240.99
Total with 2019-02-01
Preface
Preface
1Inmed by federal state budgetary educational institution of higher education "Russian Economic Enterprise I.G.V.Plekhanov" (FGBOU VEU NAMI I.G.V. Plakhanova) The equanka of its own translation into Russian, the English version of the International Standard specified in paragraph 4
2The Technical Committee on Standardization TC 22 "Information Technologies"
3Added and enacted by order of the Federal Agency Funny Regulation and Metrology of September 4, 2018 N38-PNST
The 4-present standard is identical to the international ISO / IEC24767-1: 2008 * "Information technology. Information technology. Safety of the home news. Part 1. Security Requirements" (ISO / IEC 24767-1: 2008, "Information Technology - Home Network Security - Part 1: SecurityRequirements" IDT)
________________
* Access to international and overseas documents mentioned here by idalee in the text, you can get by clicking on the link to the site. - Note making database.
The rules of applying the standard and monitoring is established inGOST R 1.16-2011 (Sections 5 and 6).
The Federal Agent Agency Technical Regulation and Metrology collects information to the Optotic Application of this Standard. These information, attack notice and suggestions for the content of the standard can be possible no later than 4 mes before the expiration of the deadline for the developer of this Standard at: 117997Moscow, Strong Pereulok, D.36, FGBOU VEUi.G.V. Plakhanova"and to the federal agency for sweetened regulation and metrology at: 109074Moscow, Kitchensky passage, D.7, P.1.
In case of canceling the standard, the relevant information will be published by a monthly information indicator "National Standards" as it will be posted on the official website of the Federal Agency Directorate and Metrology on the Internet (www.gost.ru.)
Introduction
ISO (International Organization for Standardization) and IEC (International Elektrotechnical Commission) form a specialized system-based standardization. State bodies that are ISO or IEC, participate in the development of international reporters through technical committees. Participation in the development standard in a particular area can accept any interested partner, which is a member of ISO or IEC. Other international campaigns, government and non-governmental, contacting ISO and IEC, also take part in the work.
In area information technologies ISO and IEC established the United Nations ISO / IEC Stax Committee 1. Projects of International Standards prepared by the Joint Technical Committee are sent to the National Committees to Vote. The publication of the Account of International Standard requires an approval of at least 55% of national committees participating in the voting.
Official decisions of or formulation of IEC and ISO technical issues Express how much it is possible, an internationally agreed opinion on related to attitudes, as each technical committee has representatives from all interested National Committees, the MEC and ISO.
The Publications of IEC, ISO IISO / IEC, have the form of recommendations for international use, are hosted by national committees - members of IEC and Iso, it is the internal understanding. Despite all the efforts to ensure the technical content of the Publications of IEC, ISO and ISO / IEC, Nekili ISO is not responsible for how they are used or for their incorrect interpretation by the end user.
Interesting international unification (unified system) National Committees of IEC and ISO undertake to ensure maximum exploration of the application of international standards IEC, IISO / IEC, as far as state and regional conditions of this country are allowed. Any discrepancy between the publications of ISO / MAKI relevant national or regional standards can be clearly designated in the latter.
ISO and IEC are inconsistening to the labeling procedures and are not responsible for love equipment, stated for compliance with one of the standards / IEC.
All users must have to use the last edition of the present.
IEC or ISO, Irudovement, employees, employees or representatives, including reader experts and members of their technical committees, as well as the National Committees of IEC or ISO are not responsible for accidents, material damage or other damage, direct or indirect, or for costs (including judicial Costs) incurred in connection with the publication or due to the use of ISO / IEC / IEC or other publication of IEC, Icio Iliso / IEC.
Special attention is paid to the required documentation quoted in this publication. Using reference documents is necessary to correctly enter this publication.
NATO's attention is drawn that some elements of this international standard generation to be subject to patent rights. ISO and IEC is not irrelevant for determining any or all such patent management.
International Standardo / IEC 24767-1 was developed by the Subcommittee of 25 "Interconnecting Equipment Information Technologies" of the Joint Technical Code of ISO / IEC 1 "Information Technologies".
A list of all available time of the ISO / IEC 24767 series parts under the general name "Information Technologies. Home Network Safety" is presented by the IEC website.
1 area of \u200b\u200buse
This standard identity requirements for the protection of the home network from internal or even threats. The standard serves as the basis for the development of system security protecting the internal environment from different threats.
Requirements are protected in this standard relatively informally. Despite the fact that many issues discussed in the present store are guided by the development of security systems in the internal network and the Internet, they wear typical demands.
Knutrennaya (home) network connected various devices (see Syno 1). Devices "Household appliances network", "Entertainmentual / video" devices and devices for working with "information applications" have various functions and working actors. This standard contains means for analyzers for each device connected to the network and definitions for each device.
2Termines, definitions and reductions
2.1Termines and definitions
The following terms and definitions are applied by the standard:
2.1.1 consumer electronics (Brown Goods): Audio / video devices that are used in entertainment purposes, such as a DVD recorder TV.
2.1.2confidentiality (Confidentiality): Property that provides inaccessibility and non-disclosure to information on the affordable persons, organizations or processes.
2.1.3 authentication (Data Authentication): The service used to provide the correct verification of the claimed sources.
2.1.4 integrity (Data Integrity): Property confirming that this data has been changed or destroyed in a unresolved manner.
2.1.5 authentication user (User authentication): service to save the identification information provided by the Partner Communication, despite the fact that the authorization service is supported by the access of identified and authorized-headers to specific device Or the application of the housework.
2.1.6 appliances (White goods): Devices used in digestive, for example, air conditioning, refrigerator, etc.
2.2Security
The following abbreviations are used by the standard:
3Conality
The standard is contained methodical instructions without any conformity libeling.
4 Requirements Security of Internal Home Electronic Systems
4.1 General provisions
Special for the development of the Internet and related network technologies appeared the possibility of installing communication between computers in the offices of ideas with the outside world, which ensures access to multiple course. Today, technologies that have become the basis of this success have reached our homes and provide the possibility of connecting the uses of the same way as well as personal computers. Thus, onin only allow users to track and control their previous devices, being both inside and outside the house, but to state new services and opportunities, such as home appliances and its service. This means that the home computer environment of the house is converted to the internal life network, combining many devices, security will also be provided.
It is necessary that tenants, users and owners of both homes and systems trusted the home-electronic system. Purpose of home security electronic system- ensuring confidence in the system. Since many components of the electronic system are in the work continuously, 24 hours a day, and automatically communicate with information with the outside world, information security is necessary to ensure the confidentiality, integrity and availability of data and the system. The attributable way to resolve the Safety reflumes, for example, what access to the system and saved Enterprising and outgoing data receive only authorized users and processes, and that only authorized users can use the system and make it possible.
The safety defense requirements of the HES can be described in several ways. This store is limited to the IT security of the HES network. However, the security of information technologies should go beyond the Ramcisama of the system, since the house must function, albeit with shameful capabilities, in the event of an IT system reflect. Intelligent functions that are usually supported by the HES network can also be performed when the system bonds are broken. In such cases, it can be understood that there are security requirements that will not be part of the system itself, but the system should not register the implementation of reserve solutions.
There are a number of security stakeholders. Not only residents and owners should be trusted to the home office system, but service identities and content. The latter must be confident that the services and the services and the content are used only by the permit. However, one of the basics of system security is that a specific service security administrator must be responsible for it. Obviously, such responsibility should be found on residents (system owners). It does not matter whether the administrator deals with this personally or goes to outsourcing. In love case, the responsibility is the system security administrator. The question of the confidence of service providers and the content of the Mother electronic system and their confidence that the users apply their services and the content is properly determined by contractual obligations between the parties. A strong, for example, can be listed functions, components of orprocesses that should support home electronics.
The architecture of the home-electronic system is different for different types of houses. For any models there can be a specific set of requirements. Below is a description of three different modulating electronic systems with different sets of requirements.
Obviously, nonsense of security is more important than the rest. Thus, it is clear that the support of some countermeasure measures will be. In addition, countermeasures may differ at the bottom and cost. Also for managing and maintaining such measurements may require various skills. In this Standard, an attempt was made to clarify the motives of the listed safety requirements and thereby allow the development of the e-system to determine which functions of the security propriet home systemAs well, with consideration of quality and efforts to ensure service management, which mechanism should be selected for such functions.
The requirements of the security of the network depend on the definition of security and the "house", the attack from what is understood by the "network" in this house. If the network is simply a channel connecting a separate PC with a printer with a climbing modem, then to ensure the safety of home networks to ensure the safety of this channel and equipment that it connects.
However, if there are dozens in the domain, if not hundreds of devices united in a network, while some of them belong to the household as a whole, the anecutors belong to people who are in the house need to be needed more complex security measures.
4.2 Security home electronic system
4.2.1 Definition of electronic system and security system
The home electronics and network can be defined as a set of elements, which process, transmit and store information, and also control it, providing communication and integration of multiple computer devices, attachment of control devices, control and communication in the fore.
In addition, domestic electronic systems and networks ensure the relationship of entertainment information devices, as well as communication and security devices, and the household appliances available. Such devices and instrument will exchange information, they can be controlled and controlled by, while in the house, or remotely. Accordingly, certain internal home networks will require definite-step security protecting their daily work.
The safety of the network of the virgin can be understood as the ability of the network or information system at a certain level to withstand by random events of or climbing actions. Such events or actions may make a threat to accessibility, authenticity, authenticity The iconfidentiality of preserved or transmitted data, and the services covered with them offered through such networks.
Information security incidents can be combined into the following groups:
An email may be intercepted, the data can be resolved or changed. This may cause damage caused to violating the rights of personality, fined and by abuse of intercepted;
Unauthorized access to the computer and internal computer networks is usually performed with malicious intent on copying, changing data destruction and can be distributed to automation equipment and systems located in the house;
Malicious attacks on the Internet have become quite common in the future, there may also be a telephone network more vulnerable to the future;
Malicious software, such as viruses, can be out of order computers, delete or change data, liboproogram household appliances. Some attacks are devastating and expensive viruses;
Distortion of information on physical or legal entities It may be a significant damage to becoming a significant damage, for example, customers can download-free software from a website, a masking subside source, contracts can be terminated, alarmfidential information may be directed by improper proliferations;
Many information security incidents are associated with snowfire and unintentional events, elder disasters (floods, storms and earthquakes), hardware failures or software, as well as a replication factor.
How to reflash iPhone with PC and iTunes
Best Bitcoin Wallets for iOS Download application wallet on iPhone
Lenovo Vibe X2 Description, Features, User Reviews
The computer does not see the flash drive: causes and solving the problem
About Windows Update From Wannacry Encrypter Virus
Hot browser keys
New Mac Mini turned out to be five times more powerful than the predecessor