As we become more reliant on connected devices in our homes, it's important to be aware of home network security. Familiarity with zero trust architecture (ZTA) can provide significantly improved security for your home network. Most home networks have very little security as the Internet Service Provider (ISP) usually only provides a router with basic firewall settings. The ISP’s router gives you access to the Internet, but it also can possibly allow other people access to your home network. In this blog post, we'll discuss what a zero trust architecture is and the importance of following ZTA principles to secure your home network. We’ll also show you how to begin by first securing your identity. By implementing ZTA principles in your home, we can help you secure your work-from home environment and the family’s data and privacy.
What is a zero trust architecture?
A zero trust architecture is a security model that requires all users and devices to be authenticated and authorized before accessing any resources. This includes people in the home and outside if there is a VPN, as well as devices that are connecting to the network. By “devices”, we are referring to things such as a PC, Alexa or a gaming console that needs the Internet to work. Devices that use the Internet are called “IoT”, short for “Internet of Things”. Zero trust architectures are designed to create a more secure environment by preventing unauthorized access to data and resources.
Zero trust is a cybersecurity concept that is being heavily implemented in government and the business world. The reasoning for zero trust is that security and data theft are more prevalent than ever, and legacy security is not sufficient to protect against modern threats. To keep things simple, the ZT model can be broken down into these three principles:
- Trust no one, unless authenticated and authorized (think “verified”)
- Give the least privileged access needed (no more access than necessary)
- Always assume the network is being breached (under attack)
In essence, a Zero Trust Architecture or ZTA is a network that meets these three principles. While the ZTA approach could seem like overkill for a home environment, risks to personal data, family finances, and individual safety are increasing faster than most people can comprehend. With many more people working from home, it is even more important to secure the home network from intentional threats from outside your network and from unintentional impacts of sharing a home network with members of your family.
Why do you need a zero trust architecture for your home network?
Cybersecurity Ventures reports that a cyber attack occurs every 11 seconds. By 2025, the threat of cyber security crime will cost $10.5 trillion. A zero trust architecture for your home network is important because it provides an additional layer of security to your online identity and the private data on your devices. Your personal identity is always at risk every time you go online. Multi-factor authentication and complex passwords are two ways you can help protect your and your family's identities.
As people increasingly work from home on their personal computers, gaming consoles, entertainment devices, and numerous IoTs, home networks are growing larger and more complex. Families using wireless routers and access points are vulnerable to hackers who may access private data. To isolate your network and prevent devices from communicating with each other, you can use a principle called "network segmentation." This will reduce the chances of a compromised device introducing malware that could infect other devices on your network.
It is also important to have malware software installed on all computers and mobile devices that connect to your home network. This will provide endpoint protection for those devices and help to protect against software viruses, dangerous websites, and data loss. When looking for reputable software to protect your data and devices, choose a vendor with four stars or better.
Securing your identity with multi-factor authentication
As mentioned in the beginning of this blog, one of the first steps you can take today for yourself, and family members is to configure multi-factor authentication for all the personal and financial websites that you regularly visit. Just in case one of your accounts is compromised, use a different password for each site, as this makes it difficult for thieves to hack your other accounts. Don’t forget about gaming websites. Bad actors are out there to take your favorite characters too!
Multi-factor authentication, also known as two-factor authentication, is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism like your email or banking websites. The most common form of multi-factor authentication combines something the user knows with something the user has. For example, a user might be required to enter a password (something they know) and then insert a hardware token into a USB port (something they have). Even more common is the use of an authenticator application on your smartphone or mobile device that provides a means of something you have by submitting a code generated by the application to accept a login request from a website.
Multi-factor authentication can also be implemented using biometrics. In this case, the user would be required to present a fingerprint or other biometric data (something they are) in addition to something they know or have. Multi-factor authentication can significantly improve the security of an online account or system. By requiring the user to present multiple pieces of evidence, it reduces the likelihood that an unauthorized user will be able to gain access.
There are a few drawbacks to multi-factor authentication, however. First, it can be more complicated and time-consuming than single-factor authentication. Second, if any of the factors is compromised, the entire system is compromised. For example, if a hacker can obtain a user's password, they would also be able to gain access to the account if the only other factor is something the user has, like a hardware token.
Multi-factor authentication is an important security measure that can greatly improve the security of online accounts and systems.
How to set up multi-factor authentication for your home network.
The first thing to do is download the authentication application of your choice. Below we have listed a few with their links for downloading.
Google Authenticator
Apple App Store | Google Play Store
Microsoft Authenticator
Apple App Store | Google Play Store | Microsoft App Store
Yubico Authenticator1
Desktop | Apple App Store | Google Play Store | Microsoft App Store
Once you have selected an MFA solution, you will need to install and configure the MFA authenticator application on your mobile device. The specific steps may vary depending on the MFA solution that you choose. However, the general process is as follows:
- Download the MFA authenticator app from the app store.
- Install the app on your mobile device.
- Open the app and enter your email address or username.
- Enter the code that is displayed on the screen.
- Follow the prompts to complete the setup process.
After the MFA authenticator app is installed and configured, you will need to use it to authenticate when accessing systems and applications that require MFA. The specific steps may vary depending on the system or application, but the general process is as follows:
- Enter your email address or username.
- Enter the code that is displayed on the MFA authenticator app.
- Follow the prompts to complete the authentication process.
By following these and vendor instructions, you can ensure that the MFA authenticator app is properly installed and configured on your mobile device.
Conclusion
Protecting your identity with multi-factor authentication is just one step on your journey to having ZTA Principles for Home implemented in your home network. Normally, these types of solutions are designed around businesses and their cybersecurity requirements for a Zero Trust Architecture that not only protects a user’s identity but also manages the devices, networks, and workloads or applications that are used to access protected data and resources
This blog focused on the importance of protecting your identity by configuring and using multi-factor authentication for web sites and resources where you store your private information such as financial, retail, and government sites. In the next series of MPGZTA blog articles, we will introduce you to our downloadable software solution that is packed with tools to help fully protect your home network using Zero Trust Principles for Home areas.
