Ask Dennis: Why should I know what’s on my home network?

You know what’s in your wallet — but what’s on your network?

Gryphon Online Safety
6 min readMar 24, 2021

Beginning in the early 1970s, when large-scale cybersecurity practices were still being defined, Dennis Devlin was already starting to work with major institutions like Hoechst, Harvard, Thomson-Reuters, Brandeis, and George Washington University to help them secure their networks. Though he is now retired, Dennis is still passionate about cybersecurity and safety, especially as the responsibilities of maintaining a network shift from institutions to the individual. Now a proud parent and grandparent, he freelances as a consumer security advocate with home and family safety in mind. You can read more about what led him to Gryphon here.

Why should I know what’s on my home network?

In December 2020, a widespread Internet attack took place that involved a product from a very reputable company called Solar Winds, which was used widely on many large enterprise networks. The product itself was compromised and then used to attack multiple critical US government agencies and major corporations. This is what’s known as a “supply chain attack” and illustrates the fact that it is critical to know what is on your home network.

This initial issue of Ask Dennis will address this topic for our readers. Like the TV commercial says, it’s important to know what’s in your wallet, and in many ways it’s even more important to know what’s on your network.

But only networks in big organizations get attacked. Right?

Highly publicized attacks usually involve large, well known organizations with “information worth stealing.” Many individuals falsely assume that no one would ever attack their home computers and networks.

Attacks against large, well-known organizations are known as directed attacks, with clear targets in mind.

There is another type of attack that simply scans every Internet address (also known as IP or Internet Protocol address) it can find to see if any vulnerabilities exist that can be exploited to gain access. These are crimes of opportunity, like trying to open car doors until you find one that is unlocked. This is why network security is so important, even in an individual household.

But I don’t have anything worth attacking on my home network. Do I?

Every home network is an entry point to almost everything else these days: your place of work, your children’s school, your bank, your credit cards, your doctor, your merchants and more. This makes home network security more vital now than ever. In addition, a crime using your home network address covers the criminal’s tracks because it looks like you committed the crime.

But I have a firewall! Isn’t my network protected?

Well, sort of. A firewall is like a one-way mirror. Insiders can see out and get out. In general, outsiders cannot see in and can only get in when they are invited in. Devices and software inside your network are often considered “trusted,” but in many cases they probably shouldn’t be.

This is because while your network router and firewall do a good job turning away outsiders who try to get in, the devices you allow to attach to your network may invite them in. You bought a new computer, printer, iPad, iPhone, smart TV, smart thermostat, web camera, garage door opener, baby monitor… The list goes on and on. The day of installation it seemed like a good decision. After that, you probably forgot all about it. The device did not forget, however, and keeps doing its thing, 24/7.

How do I know if I’m vulnerable to an attack?

What do you know about each device on your network? Is it from a reputable manufacturer? Was it well-tested? Does it receive security patches when vulnerabilities are discovered? What exactly does the device send to a server outside your network? What exactly does the device allow back into your network? Remember, firewalls can allow external access to your network when that access is invited by a device inside your network.

On the day you first installed your home router and firewall, your home network was probably very “stealthy” when it came to your network’s presence on the Internet. As mentioned earlier, hackers continuously scan the Internet for discoverable addresses that advertise they are open and available to connect to. Available networks expose what are known as “ports” and “services” to the Internet to enable outside devices and servers to find and connect to them.

What kind of devices can compromise my network security? Are there really that many opportunities for hackers to target my household?

When I was a Chief Information Security Officer for large corporations and major universities, we followed multiple international information security frameworks to reduce our risk. In every framework the first step was to identify information assets, starting with which devices were connected to our networks. These were networks with tens of thousands of devices attached to them!

My wife and I are retired now and live a much simpler life than when we were both information technology executives. When I did a scan of our home network, I discovered 37 different IP addresses that have been used at least once! Frankly, I was a bit shocked. What was going on?

I went on to identify and enumerate each device using its IP address. We have an Internet-attached picture frame from our grandchildren, a smart thermostat, our garage door opener, a weather station, desktop computers, laptops, iPads, iPhones, smart watches, printers, network-attached storage devices, scanners, and security cameras. All of the devices were legitimate!

Think of your homes with young children: you use school devices, home devices, work devices, media players, guest devices that visitors and friends bring, home automation devices, light switches, speakers, etc. There are now even Internet-connected light bulbs and refrigerators!

Every one of those devices is a computer that could potentially open an outbound connection through your router firewall and upload and download information you never know anything about. Every one of those devices could also potentially compromise your network security if it is vulnerable, exposed to the Internet and not patched.

What if I can connect to my home network from outside my home? Does that make me safer, or more vulnerable?

If you can connect to your home network from outside your home, your situation becomes even more complicated and potentially risky. If you can connect to your home network and devices from outside your home you are probably using something called a VPN (Virtual Private Network). A VPN provides you with a safe, encrypted “tunnel” between your device and your home network. It is functionally similar to the HTTPS addresses you use to communicate securely with your bank over the web.

To make such a connection possible, your home network must expose and advertise one or more ports (with names like Port 443) and associated services to allow it to happen. Your home network then requires some sort of authentication — a user ID and password, a onetime code sent to your mobile phone, or something similar — to prove that you are you.

If you can see your home network from the outside, so can hackers. If you can access your home network from the outside, hackers will also try to do so. If your authentication is an easy to guess password like “abc123,” hackers are also probably already accessing your home network. Always use the complex passwords and more than one method of authentication if you can!

How can Gryphon help me secure my home network?

Gryphon routers were designed with you in mind by information security professionals who are parents (and grandparents) themselves. Remember that home network security includes knowing which devices are on your network. Gryphon makes it easy for you to identify every device connected to your network, and then explicitly configure and administer the who, what, when, where and why of how each device uses your network.

Gryphon also incorporates active malware protection using both signatures and machine learning to quickly detect and stop malicious behavior by any device connected to your network. And it watches your network seven days a week, twenty-four hours a day, three hundred and sixty-five days a year.