In this article, I will show you tips and tricks on how to protect your home network and connected devices from hackers. So you don’t become the victim of a cyber attack. I will also introduce you to CUJO, a smart home firewall for your entire home network.
Update: CUJO has discontinued its AI firewall. That means, the company might not provide future firmware updates. Check out my Bitdefender Box review for an alternative option.
Reviewed Brands and Products
Why worry about cybersecurity?
Cybersecurity sounds like a problem that large organizations should have to deal with. But the reality is that every day private citizens become the victim of cyber attacks. As a result, cyber- and online security are issues that all individuals who use the Internet should think about.
Every device that you connect to the Internet is potentially vulnerable to becoming the target of an attack. The risk grows the more devices we add to our home networks. In this article, I’ll review CUJO, a smart home firewall that detects and blocks threats as they occur.
Your home is full of smart devices. They are not protected by antivirus, leaving your home open to hackers. CUJO uses machine learning to secure everything from tablets and PCs, to TVs and baby monitors. (CUJO)
If you are an IT security professional, and familiar with the do’s and don’ts of online behavior, you can skip down to the review of CUJO.
If you are new to security in the digital world, check out this new book* that I recently got my hands on. It’s an excellent starting point to learn more about the topic and its terminology.
How threats evolved over the years
When floppy disk drives (FDDs) and compact disks (CDs) were the most common external mass storage devices, viruses posed the main threat to computers and networks. I remember when my parents told me not to insert disks into our family computer blindly.
With the proliferation of USB thumb drives, threats continued to rise. In the business world, many organizations started disabling all USB ports to prevent employees from inserting potentially unsafe thumb drives. Some companies went as far as injecting glue into the USB ports of employee computers, just to make sure that they couldn’t plug anything in.
Hackers can access your finances by exploiting security flaws in your connected devices. They sell your banking data to fraudsters. A hacker could cost you everything. (CUJO)
These days, the Internet has taken the place of physical interfaces as the primary gateway for malware, such as viruses, Trojan horses, etc. Additionally, we are no longer dealing with a single device, such as the family PC, that we need to protect, but with dozens of smart devices.
The connected home
In our home, we have connected almost 40 devices to the Internet, including:
- iPhones and iPads,
- Printers and scanners,
- Light bulbs,
- Home security cameras and more.
In other words, our home is like a virtual Swiss cheese with an ever-increasing number of holes and entry points that attackers could exploit. Trying to patch each hole individually is virtually impossible. Plus, most smart devices represent an enclosed system that you cannot tinker with.
For example, I have no idea what protocols and security mechanisms LIFX or ecobee implemented in their light bulbs and smart thermostats to communicate with their servers. I don’t think it is the case, but they could be using obsolete encryption and hashing algorithms that hackers could exploit to get into our home.
A hacker can trick you into visiting a malicious site and gain access to your email account, hack your cameras, and steal your photos. Exposed and unsecured devices mean it’s a matter of when, not if, you will be hacked. (CUJO)
If I only had Macs, I could install a firewall on each, but the maintenance effort alone would not make that a feasible strategy. There has to be something better, and there is, so stick with me.
What can you do?
Besides tackling the problem with technology, there are a few things you can do to reduce your risk and exposure significantly. In fact, until just recently, the steps I am showing you below were the primary ones I took to remain safe online.
1. Be smart when browsing the web
Back in the days, you had to launch a file with an executable extension (i.e., EXE or BAT on Windows) to get infected with a virus. These days malware hides everywhere: In Word documents, PDF files, and even in web pages. You may not know that, but your web browser also executes programs, such as Java scripts, when you visit a web page. So attackers can sneak malware into web pages to infect your computer when you visit the page.
As a result, you want to be smart about what web pages you visit. Don’t blindly click on search results, especially if you are searching for phrases that hackers often use to lure victims in. Examples of that include “free stuff,” “getting rich quick,” or pornography, just to name a few. The good news is that most modern browsers support Google’s Safe Browsing to identify fraudulent websites. The same is true for major search engines, such as Google and DuckDuckGo, my favorite search engine.
2. Don’t click on links you receive
I wouldn’t be surprised if clicking on links was the #1 cause of falling victim to a phishing attack. A phishing attack is when an attacker tricks you into providing personal or sensitive information that the hacker can then use to gain unauthorized access to your accounts.
A classic example is a fake email from your credit card company that asks you to log in to verify something about your account. Of course, as soon as you have logged in to the fake web page, the attacker has your account credentials and can use them to log into your actual credit card account.
The people behind such phishing attacks have become incredibly good at making such emails look legit. For example, you may receive an email that looks like it came from American Express and even the links may look familiar. But if you look closely, for example by hovering your cursor over a link, you can see that there is an intentional mistake in the URL, such as a typo. Instead of americanexpress.com, the URL may point to americanexpres.com (One ‘s‘ is missing). That fake URL could be owned by the attacker and hosts a webpage that looks like a replica of the legit page.
My advice is to never click on any links or URLs you receive via email unless you are confident they are legit. Instead, open a browser and type in the URL in the address bar manually. In the example above, I would enter americanexpress.com, verify the certificate via the lock icon and then log into my account.
3. Don’t blindly open emails and attachments
You should treat attachments similar to how you treat links. That is important because attachments are another potential source of malware that can infect your device as soon as you attempt to open them. As a rule of thumb, never open an attachment from an unknown sender. If you get an email with an attachment claiming to be from your bank, even though you don’t have a relationship with that bank, delete the email.
But even if you know the sender, don’t open the attachment if you didn’t expect to receive it.
If my mom tells me that she is going to send me a recipe as a Word document via email, it is probably safe to open the document. But if I receive such an email unannounced, I would ask my mom about it first, before opening it. Why? It is because hackers may have broken into my mom’s email account and started sending out infected emails to everybody in her address book. So be smart about what you open.
4. Keep your devices patched and up to date
No operating system or application is free of bugs, but many vendors are quick to patch vulnerabilities in their software. So it is crucial to install patches and updates immediately. I would even argue it is best to configure your device to download and install updates automatically.
Of course, sometimes vendors send out bad updates that may break something, but for most users, that’s better than having vulnerabilities remain unpatched.
5. Take privacy and security more seriously online than offline
Unless you live in the countryside, I am sure you lock your doors at night and make sure your home is secured before you go to bed. That’s common sense, and it reduces the risk of an opportunistic attacker entering your home.
Unfortunately, many users are far more careless when it comes to keeping them and their devices safe on the Internet. I would argue that you are more exposed online than you are offline. As a result, you should take your online privacy and security at least as seriously as you do offline.
6. Choose your operating system wisely
Many Apple fans would argue that Macs are more secure than their Windows-based counterparts. I agree that most Unix-based operating systems, such as macOS, are more secure by design. But that doesn’t mean that macOS doesn’t have bugs and vulnerabilities that hackers can exploit.
However, it is a fact that hackers have traditionally focused on Windows. That is because there are significantly more PCs in the market than there are Macs. It’s simple economics. If I want to get the most bang for my buck, I create a virus for Windows and not for Macs. But Mac malware has been on the rise in the past few years and using macOS is no longer a guarantee of safety if you don’t act smart online.
I am in IT security and while that doesn’t make me invincible, knowing about potential threats and how to behave online has kept me safe so far. In case you wonder, I am no fan of anti-virus software and haven’t used one in years. Anti Virus software slows your computer down and makes your operating system even more vulnerable to man-in-the-middle attacks and more.
What else can you do?
If you carefully follow the steps above, you can reduce the risk of becoming a victim of a cyber attack. Unfortunately, even when you do everything right, you may still get hacked. For example, an otherwise trusted website may get infiltrated resulting in malware being downloaded to your computer when you visit it. Or the email account of someone from your address book gets hacked and you get an unsuspicious attachment from that person containing a virus. If you notice the problem right away, you can at least take preventive measures, but often users don’t even know that they have fallen victim to a cyber attack. For such cases, you need another layer of protection that covers every single device on your home network, like a big umbrella.
Traditionally, PC security software, like antivirus or anti-malware, is designed to only protect you the device it’s installed on. With so many connected devices in your home, you and your family’s personal lives are now on display through the networked home gadgets you have. Once connected to your router, CUJO smart firewall protects your entire home from nosy and unwanted intrusions.
CUJO – Home Network Security Firewall
CUJO is a smart firewall that protects all devices on your home network from threats and attacks that originate from the Internet. It uses machine learning to detect threats and abnormal behavior.
CUJO is a smart firewall that keeps your connected home and business safe from cyber threats so that you can stay secure and private online.
From a technical perspective, CUJO consists of a hardware appliance, an app, and a cloud service. The cloud service acts as the Intrusion Detection System (IDS), and the appliance works as the Intrusion Prevention System (IPS). In a nutshell, CUJO provides home network security monitoring and threat detection without requiring manual interaction.
How does CUJO work?
CUJO sits between the modem of your Internet Service Provider (ISP) and your remaining connected devices, such as wireless access points, computers or other IoT devices. IoT stands for Internet of Things and includes smart thermostats, connected light bulbs, etc.
Depending on how you wire and configure CUJO, all Internet traffic that enters your home via the modem passes through CUJO. That way, CUJO can inspect each network packet for potential threats and block them before they reach your devices or harm them.
For that to work, CUJO continually sends data packet headers (metadata) to the cloud for inspection and analysis. It does not transmit the actual content of your Internet traffic to the cloud. That’s important from a data privacy perspective!
Let me give you an example: If you open a browser on your computer and go to google.com, then CUJO would see that and would let its cloud service know that you went to Google. But the cloud service would not know what you searched for and what search results Google showed you.
Of course, CUJO encrypts all data it transfers to and receives from the cloud with AES-256, one of the most robust symmetric encryption algorithms available today.
CUJO works with the following network setups:
- WiFi router
- Modem and router as separate devices (that’s what I have)
- Modem and router as one device
- Wireless extender or access point in addition to your router
Setup with AT&T Arris modem and AmpliFi router
For my fiber-glass Internet connection (review), AT&T provided an ARRIS BGW201-700 modem. Behind the modem, I have an AmpliFi HD mesh router (review) and several mesh points to cover my home with WiFi.
Before I got CUJO, the AmpliFi router handled DHCP and Network Address Translation (NAT), while the Arris modem was, more or less, a passthrough device. My goal was to position CUJO between the Arris modem and the AmpliFi router. For that to work, I switched the AmpliFi router into bridge mode and let the Arris modem handle DHCP.
If that’s all too technical for you, don’t worry! CUJO has excellent step-by-step guides on how to integrate its appliance into your specific network setup. Even better, they offer a proactive support team to guide you through each step. When I plugged in CUJO and signed up for an account, I had to provide a phone number. Minutes later, I got a call from CUJO support asking if I needed help with the configuration. I had never seen anything like that before and was pleasantly surprised at how proactive their support team was.
What I like about CUJO is that it does its job in the background. It stays out of my way until it detects a threat and sends me a notification to my smartphone. There are no firewall rules to configure and no manual updates necessary.
- Guards all devices
- Offers parental controls
- Protects against hacking, fraudulent sites & malware
- Supports speeds of up to 1 gigabit per second
- Automatic software updates
CUJO handles all of that without requiring my intervention. Even better, it constantly learns thanks to the machine learning capabilities of the CUJO cloud. That is possible because the cloud service analyzes an incredible amount of data every day to learn about how individual devices behave or are supposed to act. If those patterns change, there could be a problem and CUJO can then block those potential threats before they can harm you.
Additionally, CUJO shares threat information among all of its devices. So when one CUJO appliance detects a threat, all other CUJO users are automatically protected against it.
Comparison with traditional solutions
So how does CUJO compare to conventional solutions, such as firewalls, anti-virus solutions or a standard wireless router?
In a nutshell, CUJO is much more than a firewall; it is like a commercial intrusion detection and prevention solution but for your home.
After having used CUJO for a few months, I noticed that some pages were loading slower than usual and CUJO would alert me to potential threats on a daily basis. It turns out that CUJO is relatively aggressive with blocking ad networks and as a result, it slowed down pages that use a lot of ads, such as Facebook or Amazon. So I reached out to CUJO support and asked for help. They cleared all access rules and blocked sites from my CUJO applianced and suggested to run a malware scan on my Windows and Android devices. I don’t own anything but macOS and iOS devices, and so I skipped that step.
After rebooting CUJO, my internet speed appears to be back to normal. I will update this article again in a few weeks to report if anything changes.
Why I use CUJO and why you should too
We have a continually growing number of connected devices in our household. And I realized that I only have direct control over a fraction of those devices, including my two Macs and, to a degree, our iOS devices. Everything else is a black box for me, and I have to trust that the vendor did a good job of securing the device.
So I needed a solution that could protect all of my devices without requiring me to stay on top of new threats and rule changes constantly. CUJO fits that bill because it offers continuous protection for all of my connected devices. While that doesn’t mean that I can let my guard down and start acting irresponsibly online, I feel comfortable that if I ever make a mistake, this smart home network security appliance has my back.
CUJO is available from the company’s online store* or Amazon* for $249 + free shipping. If you own CUJO, let me know how you like it by leaving a comment below. If you found my article useful, or even if you didn’t, I want to hear from you. So don’t hesitate to leave me a comment or send me an email!