Confirmed "public" and "private", pitfalls of online settings in telework -Telework protection: Nikkei Clostec Active

　This time, I will explain the points that employees who work in telework should be careful.First, it is necessary to pay attention to setting mistakes when connecting a computer that has been taken out of the company.Windows has a confusing network setting.

　If you connect a personal computer to a home network or a hotel wireless LAN, etc., the access point displayed on the right side of the Windows screen is "Can other PCs or devices on the network be detected?"Such sentences are shown, and two options are displayed, "yes" or "no".Here you must select "No".

　If you select "Yes", the Windows network profile will be set as "Private", and if you select "No", it will be set as "public".You can check the contents of the network profile by selecting "Network and Internet" from the Windows 10 setting screen.

　This expression is confusing.At first glance, it seems to be a "private" network profile, so it seems that files with other PCs can be prohibited.

　The network profile specifies the environment to be used, and if you prohibit file sharing with other PCs, select "Public", and "Private" if you allow share.If you connect to an external network, not limited to home networks, choose a public that prohibits file sharing.

　Confirm the setting of the router of the home network.The router is a gatekeeper that protects the home network.If you allow an invasion here, you will be immediately exposed to a threat.To protect your home network from these threats, first check if the router has opened extra ports.The more open ports, the more likely you are to enter.

　"CMAN Internet Service (https: // www.CMAN.JP/Network/Support/Go_access."CGI)" and "Shodan (https: // www.Shodan.You can see it by using a web service such as "IO/).If you use the CMAN Internet service, you can find out the IP address assigned to your home router.When the IP address is entered in the search window of SHODAN, the host name, domain name, and ports where the home router is open will be displayed.

　Pay particular attention is the ports other than you have set.The family network is also used by employees.For example, you may open a port for online games.Ports that such a family have opened can cause unauthorized access.

　Basically, the function of the port forming (port opening) that transfers the packet received to the specific port number is disabled.

　Various devices are connected to the home network besides PCs used for business.There will be IoT equipment and smart home appliances in cooperation with the cloud environment.It is also important to check for vulnerabilities in these devices.In fact, unauthorized access is being observed in Japan that abuses the vulnerabilities of IoT equipment.

　Unexpected devices may be connected to the Internet due to the spread of smart home appliances.So, first, use the tool to understand the devices connected to the home network.

　For example, if you use the free tool of the trend micro "Smart Home Scanner", you can see the devices connected to the same network and the port that each is open.Simple, but also displays the content of the vulnerability.

　It is also important to take the basic measures such as turning off the power of devices connected to the home network when not in use, and always changing the initial setting password.