Best Security Controls for Securing a Home Network
Question
A user asks a security practitioner for recommendations on securing a home network.
The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home.
Some of the IoT devices are wearables, and other are installed in the user's automobiles.
The current home network is configured as a single flat network behind an ISP-supplied router.
The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices.
Which of the following security controls would address the user's privacy concerns and provide the BEST level of security for the home network?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The BEST security control for securing a home network that includes multiple IoT devices, wearables, and an automated home assistant, would be to segment the home network and implement firewall rules to restrict traffic. Option C is the correct answer.
Segmenting the home network would mean separating the network traffic between users and IoT devices. This would limit the scope of a security breach to only the segment that was compromised, reducing the potential impact of an attack. Segmenting the network would also allow for more granular control over network traffic and access permissions.
Ensuring that the security settings on the home assistant support no or limited recording capability would be an added measure to protect user privacy. This would prevent sensitive information from being recorded or transmitted from the home assistant.
Installing firewall rules on the router would restrict traffic to the home assistant as much as possible. This would prevent unauthorized access to the home assistant, reducing the risk of sensitive information being disclosed or compromised. It would also limit the potential for attackers to gain access to other devices on the home network.
Option A's suggestion to ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network and to disable the home assistant unless actively using it would provide some level of security, but it would not be as effective as network segmentation and firewall rules. Additionally, segmenting the network would allow for each IoT device to have its own segment, which would provide additional control over network traffic and access permissions.
Option B's suggestion to install a firewall capable of cryptographically separating network traffic and to require strong authentication to access all IoT devices would be beneficial, but time-of-day restrictions may not be sufficient to protect the network from all types of attacks. It is also important to note that not all routers are capable of cryptographically separating network traffic.
Option D's suggestion to change all default passwords on the IoT devices and disable Internet access for the IoT devices and the home assistant would be a good starting point for securing the network, but it would not provide as much protection as network segmentation and firewall rules. Additionally, obtaining routable IP addresses for all devices and implementing IPv6 and IPSec protections on all network traffic would be beneficial, but it may be difficult or costly to implement for a home network.
In summary, option C's suggestion to segment the home network, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to the home assistant as much as possible, would provide the BEST level of security for the home network.
