Black Hat Trip Report – Trend Micro

At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack surfaces. Here is a summary of the key points from each talk.

Rogue Automation

Presented at Black Hat, Wednesday, August 5. https://www.blackhat.com/us-20/briefings/schedule/index.html#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523 and the corresponding research paper is available at https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming

Industrial robots contain powerful, fully capable computers. Unlike most contemporary computers, though, industrial robots lack basic information security capabilities. First, at the architectural level, they lack any mechanism to isolate certain instructions or memory. That is, any program can alter any piece of storage, or run any instruction. In traditional mainframes, no application could access, change, or run any code in another application or in the operating system. Even smartphone operating systems have privilege separation. An application cannot access a smartphone’s camera, for instance, without being specifically permitted to do so. Industrial robots allow any code to read, access, modify, or run any device connected to the system, including the clock. That eliminates data integrity in industrial robots and invalidates any audit of malfunctions; debugging becomes exceptionally difficult.

Industrial robots do not use conventional programming languages, like C or Python. Instead, each manufacturer provides its own proprietary programming language. That means a specialist using one industrial robot cannot use another vendor’s machine without training. There are no common information security tools for code validation, since vendors do not develop products for fragmented markets. These languages describe programs telling the robot how to move. They also support reading and writing data, analyzing and modifying files, opening and closing input/output devices, getting and sending information over a network, and accessing and changing status indicators on connected sensors. Once a program starts to run on an industrial robot, it can do anything any fully functional computer can do, without any security controls at all. Contemporary industrial robots do not have any countermeasures against this threat.

Most industrial robot owners do not write their own programs. The supply chain for industrial robot programs involves many third-party actors. See Figure 1 below for a simplified diagram. In each community, users of a particular vendor’s languages share code informally, and rely on user’s groups for hints and tips to solve common tasks. These forums rarely discuss security measures. Many organizations hire third-party contractors to implement particular processes, but there are no security certifications relevant to these proprietary languages. Most programmers learned their trade in an air-gapped world, and still rely on a perimeter which separates the safe users and code inside from the untrusted users and code outside. The languages offer no code scanners to identify potential weaknesses, such as not validating inputs, modifying system services, altering device state, or replacing system functions. The machines do not have a software asset management capability, so knowing where the components of a running program originated from is uncertain.

All is not lost – not quite. In the short term, Trend Micro Research has developed a static code analysis tool called OTRazor, which examines robotic code for unsafe code patterns. This was demonstrated during our session at Black Hat.

Over time, vendors will have to introduce basic security checks, such as authentication, authorization, data integrity, and data confidentiality. The vendors will also have to introduce architectural restrictions – for instance, an application should be able to read the clock but not change it.. Applications should not be able to modify system files, programs, or data, nor should they be able to modify other applications. These changes will take years to arrive in the market, however. Until then, CISOs should audit industrial robot programs for vulnerabilities, and segment networks including industrial robots, and apply baseline security programs, as they do now, for both internally developed and procured software.

Protocol Gateway Vulnerabilities

Presented at Black Hat, Wednesday, August 5, https://www.blackhat.com/us-20/briefings/schedule/index.html#industrial-protocol-gateways-under-analysis-20632, with the corresponding research paper available here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong.

Industry 4.0 leverages the power of automation alongside the rich layer of software process control tools, particularly Enterprise Resource Planning (ERP), and its bigger cousin, Supply Chain Management (SCM). By bringing together dynamic industrial process control with hyper-efficient “just-in-time” resource scheduling, manufacturers can achieve minimum cost, minimum delay, and optimal production. But these integration projects require that IIoT devices speak with other technology, including IIoT from other manufacturers and legacy equipment. Since each equipment or device may have their own communication protocol, Industry 4.0 relies heavily on protocol converters.

Protocol converters are simple, highly efficient, low-cost devices that translate one protocol into another. Protocol converters are ubiquitous, but they lack any basic security capabilities – authentication, authorization, data integrity or data confidentiality – and they sit right in the middle of the OT network. Attackers can subvert protocol converters to hijack the communication or change configuration. An attacker can disable a safety thresholds, generate a denial of service attack, and misdirect an attached piece of equipment.

In the course of this research, we found nine vulnerabilities and are working with vendors to remediate the issues. Through our TXOne subsidiary, we are developing rules and intelligence specifically for IIoT message traffic, which are then embedded in our current network security offerings, providing administrators with better visibility and the ability to enforce security policies in their OT networks.

Protocol converters present a broad attack surface, as they have limited native information security capabilities. They don’t validate senders or receivers, nor do they scan or verify message contents. Due to their crucial position in the middle of the OT network, they are an exceptionally appealing target for malicious actors. Organizations using protocol converters – especially those on the way to Industry 4.0 – must address these weak but critical components of their evolving infrastructure.

What do you think? Let me know in the comments below or @WilliamMalikTM

The post Black Hat Trip Report – Trend Micro appeared first on .

Securing Smart Manufacturing

“Alexa, turn on the TV.”

”Get it yourself.”

This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.

Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.

Software development has long been a team effort. Not since the 1970s have companies sought out the exceptional talented solo developer whose code was exquisite, flawless, ineffable, undocumented, and impossible to maintain.  Now designs must be clear across the team, and testing requires close collaboration between architects, designers, developers, and production. Teams identify business requirements, then compose a solution from components sourced from publically shared libraries. These libraries may contain further dependencies on yet other third-party code of unknown provenance. Simplified testing relies on the quality of the shared libraries, but shared library routines may have latent (or intentionally hidden) defects that do not come to life until in a vulnerable production environment. Who tests GitHub? The scope of these vulnerabilities is daunting. Trend Micro just published a report, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” that surveys the Industry 4.0 attack surface.

Within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. Industrial robots provide a clear example. Industrial robots are tireless, precision machines programmed to perform exacting tasks rapidly and flawlessly. What did industry do before robots? Factories either relied on hand-built products or on non-programmable machines that had to be retooled for any change in product specifications. Hand-built technology required highly skilled machinists, who are expensive and require time to deliver. See Figure 1 for an example.

Non-programmable robots require factory down time for retooling, a process that can take weeks. Before programmable industrial robots, automobile factories would deliver a single body style across multiple years of production. Programmable robots can produce different configurations of materials with no down time. They are used everywhere in manufacturing, warehousing, distribution centers, farming, mining, and soon guiding delivery vehicles. The supply chain is automated.

However, the supply chain is not secure. The protocols industrial robots depend on assumed the environment was isolated. One controller would govern the machines in one location. Since the connection between the controller and the managed robots was hard-wired, there was no need for operator identification or message verification. My controller would never see your robot. My controller would only connect to my robot, so the messages they exchanged needed no authentication. Each device assumed all its connections were externally verified. Even the safety systems assumed the network was untainted and trustworthy. No protocols included any security or privacy controls. Then Industry 4.0 adopted wireless communications.

The move, which saved the cost of laying cable in the factory, opened those networks to eavesdropping and attacks. Every possible attack against industrial robots is happening now. Bad guys are forging commands, altering specifications, changing or suppressing error alerts, modifying output statistics, and rewriting logs. The consequences can be vast yet nearly undetectable. In the current report on Rogue Robots, our Forward-looking Threat Research team, collaborating with the Politecnico di Milano (POLIMI), analyzes the range of specific attacks today’s robots face, and the potential consequences those attacks may have.

Owners and operators of programmable robots should heed the warnings of this research, and consider various suggested remedies. Forewarned is forearmed.

The Rogue Robots research is here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/rogue-robots-testing-industrial-robot-security.

The new report, Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis, is here: https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems.

What do you think? Let me know in the comments below, or @WilliamMalikTM.

The post Securing Smart Manufacturing appeared first on .

Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.

Keeping Tabs on Your Home Network

Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.

Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.

Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:

Start a Check Devices Scan – To check your network and devices, say: “Alexa (or Ok, Google), tell Trend Micro to scan my network.” Get Your Security Status – To get a network security status update, say: “Alexa (Ok, Google), ask Trend Micro if my network is ok.” Get An Online Activity Summary – To get a summary of a profile’s online activity, say: “Alexa (Ok, Google), ask Trend Micro what Tom (or any member of your household) did today.” Pause the Internet for a Profile – To disconnect the devices assigned to a profile from the internet, say: “Alexa (Ok, Google), ask Trend Micro to pause the Internet for Tom (or any member of your household).” Pause YouTube for a Profile – To prevent the devices assigned to a profile from accessing YouTube, say: “Alexa (Ok, Google), ask Trend Micro to turn off YouTube for Tom (or any member of your household).” Use the Dashboard – Lastly, though not a voice command, checking out the Dashboard of the HNS app will give you a brief summary of the state of security of your home network, and will let you know if anything triggered any Parental Control rules that you’ve set.

Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.

Devices. On your HNS app, Tap Menu > Devices and select a device. Then, tap Report and choose the report you want to view in order to see more details. User Profiles. From your HNS app, Tap Menu > Family and select a user profile. Then, tap Report and choose an event card from the list to see more details. Network Usage. Besides knowing the status of your devices and users, it’s also necessary to know your network usage, especially when your home network relies on a metered connection. Having an idea which devices are hogs on the network will allow you to make proper adjustments, either to rules you implement for your youngsters and other members of your household; or to let you know that maybe you need to upgrade your internet plan to address the more intensive internet needs of your family. Network usage can be viewed by scrolling down to the bottom of the Dashboard and tapping the Network Usage graph; or you can just simply tap Menu > Network. Both will display more detailed network usage information.

Responding to Network Events

Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.

A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:

Check if there are any important security-related issues you need to resolve by checking if the ball at the top of the Dashboard says “Action Required”. Tap the ball to find out what you need to do to make sure your network and device security are optimal. Check detected network activities. Check if the device where the unusually high network activity was detected. Select the device where the unusual activity was detected to view the Summary Report for the past 7 days. You will see the unusual network traffic details, including the time range of the traffic and the amount of data used. Check if the top 3 activity destinations were done by you or your family member. If you are aware of the activities and not concerned about these events, tap Report > Not Unusual. If these unusually high traffic activities were not caused by you or your family member, you need to double-check that the Network and Security settings are still enabled, to keep your connected devices protected. Moreover, you should fix any vulnerabilities on your devices, usually resolved by a software or firmware update.

For more specific information regarding these types of incidents, you may refer to this Technical Support article.

Monitoring the Health of Your Home Network Security Station

The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.

Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.

Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:

	Connect the adapter to the outlet and the Station. Make sure power on the outlet is turned on. Change outlets to ensure power is on.

Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.

Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:

	Disconnect your Home Network Security Station from the router. Check if internet line is connected to the router’s WAN port. If there is no internet connection, do the following: Reboot your router Check the network status from your Internet Service Provider Check your router settings

If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.

LAN Connection. Check the connection between the router and the HNS Station.

Ensure that the Ethernet cable provided is used to connect the HNS Station to any available LAN port of your router. Check if the two LED lights of the LAN port are turned on. The port on the right should be blinking green, while the other port should be a steady green or yellow. If the LED lights don’t light up as mentioned, move the Ethernet cable to another router LAN port. Once the LED lights become normal, your HNS Station should be connected to the network.

Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.

Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.

Final Thoughts

Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.

To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.

For more information, go to Trend Micro Home Network Security.

To read the rest of our series on HNS, go to

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.

Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.

We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.

1.   Threat Blocking

To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:

http://www.eicar.org/download/eicar.com

http://test-malware.hns.tm

When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.

2.   Access Control

Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.

Approving and Rejecting Devices

Device control is the first part of access control.

Navigate to Settings -> Access Control and enable New Device Approval, after completing setup and allowing HNS to scan the network for devices. Connect a device that has never been connected to the HNS-secured network. The phone that’s managing the HNS Station will receive a notification indicating, “Request from a new device to join the network”. Once you tap the notification, you’re given the option to either Allow Connection or Block the new device’s connection to your network.

Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.

Remote Access Protection

For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.

Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.

In this test, we will use the free version of TeamViewer.

Download the remote access software from https://www.teamviewer.com and install it on two devices—e.g., a laptop and desktop computer. (It’s available for phones and tablets too.) One will act as the source, the other the target. The target PC should be on the same home network where HNS is installed. The source PC should be on another network. Navigate to Settings -> Access Control -> Remote Access Protection in the HNS app and enable Block Remote Access. From the source PC outside of your network, attempt to establish a TeamViewer connection to the target PC and start a session.

HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.

Disconnecting Devices

Next, you should test Disconnecting Devices.

	To do this, navigate to the Devices page and choose a connected device (indicated by a green status indicator next to the device’s name). On the chosen device’s detail page, turn off the “Connect to the Network” switch to disconnect it from the network. Using the disconnected device, attempt to browse to a webpage or use an online application to verify that the device no longer has access.

3.   Parental Controls

As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.

Website Filtering

Testing Website Filtering is easy.

	For this test, under the Filtering sector, first assign a test PC with the Pre-Teen-Age Level default profile for Filtered Categories. Next, using the browser of your assigned test PC, attempt to go to a website that belongs to the default blocked categories in the Pre-Teen level, such as Personals or Dating.

The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.

Content Filtering

Moving forward, Content Filtering is next in our checklist.

Go to the HNS app, proceed to the test user’s profile Settings -> Filtering. Then scroll down to the Content Turn ON Google SafeSearch and YouTube Restricted Mode if they’re turned OFF, or vice-versa. The change in settings should be reflected on the browser. To verify this, open a new instance of the browser. From the Google Search results page go to Settings -> Search Settings and Turn On SafeSearch should have a check mark beside it if it’s turned ON by HNS, or it’s unchecked when turned OFF by HNS. For YouTube, go to https://www.youtube.com and locate the 3 vertical dots near the SIGN IN button. Scroll down and check whether Restricted Mode is turned ON or OFF, depending on the toggled setting made from the HNS app.

When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.

App Controls

To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.

	From the HNS app, toggle on Inappropriate App Used from the Settings of the same test user account profile of the assigned test mobile device. Enable Notifications and choose any or all that are listed in the App Category.

Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.

Time Limits

To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.

As an example:

	Monday, Tuesday, Wednesday, Thursday, Friday 30 minutes of Internet allowed, including 15 minutes of YouTube Times allowed: 6:00 PM to 10:00 PM

To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.

Connection Alert & Notification

Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.

To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.

And Now, the Answer to Your Question

Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.

Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.

Go here for Parts 1 and 2 of our series:

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .

You’re In Safe Hands with Trend Micro Home Network Security

A three-part series on using Home Network Security to protect your home

Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.

Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.

Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:

	Part 1 of the series centers on initial setup and configuration. Choose the right security settings in HNS to maximize its effectiveness in your network. Part 2 is devoted to configuring Parental Controls to best fit your family. Part 3 targets some best practices for daily and weekly monitoring and maintenance over time.

Sound good? Let’s get started with Part 1!

Part 1: Home Network Security: Setup and Configuration

Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:

Plug the Power and the Ethernet cables provided into the station. Plug the Ethernet cable into your router and then the power adapter into an outlet. Watch for the green blinking light while you connect your smartphone to the same network via WiFi. This indicates it’s ready to activate. Download the Home Network Security app from Google Play or Apple App Store and install it. When prompted, enter your 16-character Pairing Code in the screen, provided in your box and on the back of your HNS Station. Upon the Connection Successful message, sign into your Trend Micro Account to complete activation. HNS will register to your Account and automatically scan your network for connected devices. You’re already protected!

Configuration Modes

Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.

However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.

While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.

Some additional information about HNS’s station Modes:

	Modes 1-3 do not require any changes to your router. A 4th DHCP Mode allows you to configure Home Network Security as a DHCP Server (which assigns IP addresses to your devices on the network) but this requires you to first disable your router’s DHCP server. You can find details about it on the HNS DHCP eSupport page.

If you change the mode, run a Test Status check 5 minutes after changing the settings.

Off to a Good Start

As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)

At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.

If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.

Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.

Recommended Network and Security Settings

There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.

New Device Approval asks for your permission to approve network access when a new device attempts to join your home network. This component gives you control over the devices that are allowed access to your home network. Remote Access Protection limits remote desktop programs from connecting to your devices. This feature prevents Tech support scams that usually begin with fraudulent phone calls, or infected websites with malicious and fake popups, which can lead to fraudsters installing remote access software on the victim’s computer to gain access to its content. Those working from home who need to use remote access programs need not worry because they can set exceptions for their specific device and app. Voice Control lets you issue voice commands to Alexa to perform specific functions on HNS. You can conduct a scan, obtain your home network’s security status, pause internet usage, disable internet access for a user, and so on. Router Access Protection prevents malicious router attacks by blocking unauthorized access to your Primary Router’s Admin Console. Ad Block lets you filter out unwanted ads on all your connected devices for privacy protection and a better web browsing experience. Early Access Program features let you try the latest protection from HNS, while providing feedback to Trend Micro to help these features improve and evolve. Cyberattack Shield proactively protects all the devices in your home network from threat outbreaks by remotely deploying firewall policies.

For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.

For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.

The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .