National Cyber Security Centre's weekly review – 44/2024

How to check your home network’s visibility on the internet

In recent weeks, the National Cyber Security Centre (NCSC-FI) and the media have highlighted the security of non-configured and non-updated devices, especially in homes. Botnets comprising unsecured devices in different countries can be used as part of espionage and influencing operations by state actors. In this article, we look at some ways to check the visibility of your home network or even your business network on the internet.

What is my public IP address?

The first step in finding out how visible your home network is is to find out the public IP address of your internet connection. A public IP address is, as the name suggests, the address from which devices in your network are visible to other internet users. In many mobile broadband routers, the connection is routed through a so-called NAT Network Address Translation, where the external (WAN) address of the home router is not yet actually a public IP address.
- You can check your public IP address 
   - In your router settings
   - From the https://bittimittari.fi/en (external link) (External link) addresses (remember to disable any VPN connection for the test)
       1. Select “Proceed to measurement”
       2. Select “Start measurement" and wait for the measurement to complete
       3. Once the measurement is complete, select "specifications" at the bottom of the page
       4. See your public IP address at: “IP address” (e.g., 123.134.245.67)

What is visible on the internet from my home network?

You can then view the visibility of that address through services such as Shodan or Censys.
- https://search.censys.io/hosts/xxx.yyy.zzz.vvv/ (replace xxx.yyy.zzz.yyyy with the IP address you received in step 1) - https://www.shodan.io/host/xxx.yyy.zzz.vvv (replace xxx.yyy.zzz.yyyy with the IP address you received in step 1) The services do not always contain the same information, so it is advisable to check the information for both services. We have compiled examples of how different devices might appear in services in the drop-down elements of the article. In most situations, it is not a good idea to have anything visible from home networks on the public internet side. When you want to access home network services remotely, special care must be taken with the public visibility of the services.

If, after checking, you find that your home network devices appear open to the internet, we recommend that you first check your home router settings according to the manufacturer's instructions. The NCSC-FI has written general instructions for securing routers  (External link). You can also contact either your ISP or commercial operators, which offer help to home users.

Even if everything seems to be fine after the intervention, it is worth remembering that every IT device is made by us humans, both in terms of hardware and software, and we are fallible. The life cycle of home network devices is often longer than manufacturers have thought, and the world and cybercrime and evolving faster than we can possibly imagine. If you think of a traditional safe from 75 years ago, it is probably easy for a modern-day locksmith or criminal to open it, even if it was "unbreakable" when it was made. In today's IT age, it is good for us to consider the same analogies with our own IT devices, with the difference that the "obsolescence" of technology has accelerated many times over. The 75 years of a safe can be compared to about 7.5 years for routers. 

Terms

• Public IP address – the home address of your internet connection, which may change periodically
• Network address translation (NAT) – a bit like poste restante, i.e., all devices in your home will see one address on the internet, but each device on your home network will have its own private IP address.
• Private IP address – the standard governing IP addresses states that the following IP address ranges are reserved for private use
  • 192.168.0.0 - 192.168.255.255
  • 172.16.0.0 - 172.31.255.255
  • 10.0.0.0 - 10.255.255.255

Real estate and construction sector in digital upheaval

The real estate and construction sector has become rapidly digitised in recent years. This has led to an increasing number of network-connected devices, known as the Internet of Things (IoT), being found in properties. For example, heating, air conditioning, CCTV, locking and alarm systems, especially in new buildings, are often connected to a network and can be remotely managed for ease of use.

This rapid development has brought cybersecurity challenges to the industry. Remote management connections must be protected, and security updates must be installed on digital devices in buildings. From time to time, it may also be necessary to update the whole stock of devices, especially in situations where a device manufacturer no longer produces updates for a device.

Although digital development has brought with it security challenges, the major players in the real estate and construction sector in Finland are aware of the actions required to meet these challenges. At the EU level, there has also been a wake-up call for the regulation of IoT devices. In August 2025, a regulation [1] will enter into force, setting out the security features of wireless IoT devices placed on the EU market. Another regulation, the Cyber Resilience Act (CRA) [2], is more comprehensive and arguably more relevant to IoT devices. CRA Regulation increasingly requires manufacturers of digital products to take cybersecurity into account. CRA will start to be visible to users after 2027 at the latest, when digital devices entering the EU market will have to comply with the regulation, although the fastest players can already adopt it now.

Links to regulation:
[1] Delegated regulation: https://eur-lex.europa.eu/legal-content/FI/TXT/?uri=CELEX:32022R0030 (external link) (External link)
[2] CRA: https://eur-lex.europa.eu/legal-content/FI/TXT/?uri=CELEX:52022PC0454 (external link) (External link)

Information security at the Cyber Security Nordic event

People from the cybersecurity industry came together on 29–30 October for the Cyber Security Nordic fair at the Helsinki Messukeskus. Traficom's National Cyber Security Centre was present at a joint presentation with the Digital and Population Data Services Centre and Cyber Citizen. In addition, XX Director General of the NCSC-FI, gave a speech on 30 October on topics such as cyber sovereignty and the importance of cooperation in developing cybersecurity.

Visitors to the NCSC-FI's demonstration point were interested in the services offered by NCSC-FI, including Hyöky and CyberMeter. Visitors were also interested in the forthcoming EU regulation on cybersecurity. Thank you to everyone who visited our stand for all the good discussions!

Director General of the NCSC-FI XX spoke under the heading: "Cyber Sovereignty – Shaping the Future of Security and Collaboration"

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.