🌐 Module 3: Network Security Basics

Understanding Network Security

Network security involves protecting the usability, reliability, integrity, and safety of your network and data. Whether at home, in a coffee shop, or at work, understanding network security basics helps protect your devices and information from unauthorised access.

What is a VPN (Virtual Private Network)?

A VPN creates a secure, encrypted tunnel between your device and the internet. Think of it as a private highway for your data.

How VPNs Work: They encrypt all your internet traffic and route it through a remote server, masking your IP address and location.

When to Use a VPN:

• ✅ On public Wi-Fi networks (cafes, airports, hotels)
• ✅ When accessing work resources remotely
• ✅ When you want to protect your privacy online
• ✅ When traveling internationally

What VPNs DON'T Do: They don't make you completely anonymous, don't protect against phishing, and don't prevent malware infections. They're one layer of security, not a complete solution.

Firewalls: Your Network's Gatekeeper

A firewall is security software or hardware that monitors incoming and outgoing network traffic and blocks or allows data based on security rules.

Types of Firewalls:

• Software Firewalls: Built into your operating system (Windows Defender Firewall, macOS Firewall)
• Hardware Firewalls: Built into your router, protecting all devices on your network

Best Practice: Enable BOTH your OS firewall AND your router's firewall for layered protection.

Wi-Fi Security: Protecting Your Wireless Network

At Home:

• Use WPA3 encryption (or WPA2 if WPA3 isn't available)
• Change default router passwords immediately
• Use a strong Wi-Fi password (12+ characters)
• Hide your SSID (network name) if possible
• Keep router firmware updated
• Disable WPS (Wi-Fi Protected Setup) - it's insecure
• Consider a guest network for visitors

On Public Wi-Fi:

• ❌ NEVER access banking or sensitive accounts without a VPN
• ❌ Avoid "open" networks with no password
• ✅ Always use a VPN on public networks
• ✅ Turn off file sharing and AirDrop
• ✅ Forget the network after use
• ✅ Use your phone's hotspot when possible

HTTPS vs HTTP: The Padlock Matters

HTTP (Hypertext Transfer Protocol): Data sent in plain text - anyone can intercept and read it.

HTTPS (HTTP Secure): Data is encrypted using SSL/TLS - much safer.

Always check for:

• 🔒 Padlock icon in the address bar
• "https://" at the beginning of the URL
• Valid certificate (click the padlock to check)

Warning: HTTPS only encrypts the connection - it doesn't guarantee the website is legitimate! Phishing sites can also use HTTPS.

Home Network Security Checklist

• ✅ Change default router login credentials
• ✅ Enable WPA3 encryption
• ✅ Update router firmware regularly
• ✅ Use a strong, unique Wi-Fi password
• ✅ Enable firewall on router and devices
• ✅ Disable remote management features
• ✅ Create a separate guest network
• ✅ Review connected devices regularly

Mobile Security: Your Phone is a Target

With 5G networks and mobile banking apps becoming standard across Australia, your smartphone has become a primary target for attackers. Most Australians now access banking, myGov, and work emails from their phones.

Essential Mobile Security Practices:

• Keep your OS updated: Install iOS/Android updates promptly - they patch critical security vulnerabilities
• Only download from official stores: App Store (iOS) or Google Play Store (Android) - third-party app stores often contain malware
• Review app permissions regularly: Does that flashlight app really need access to your contacts and location?
• Use biometric authentication: Face ID, fingerprint, or iris scan adds strong protection
• Enable "Find My" features: Find My iPhone or Find My Device helps locate/remotely wipe lost phones
• Be cautious of public charging stations: "Juice jacking" attacks can steal data through USB ports - use your own charger or power-only cables
• Use mobile security apps: Consider reputable antivirus/security apps from known brands
• Enable automatic lock: Set your phone to lock after 30-60 seconds of inactivity

Australian Mobile Banking Security:

• Most major Australian banks (CommBank, NAB, ANZ, Westpac) require multi-factor authentication
• Never save banking passwords in your browser or notes app
• Use the official bank app rather than mobile browser for transactions
• Enable transaction notifications to detect unauthorised activity immediately
• Be wary of apps asking for banking credentials - legitimate apps won't ask for your full password

QR Code Scams - Growing Threat in Australia:

• Scammers place fake QR codes over legitimate ones (parking meters, restaurant menus, payment terminals)
• Always verify the URL before entering payment details after scanning
• Be suspicious of QR codes in unexpected places or on stickers that look recently applied
• Use your phone's camera to preview the URL before opening
• For payments, verify the business name matches before proceeding

SMS and Phone Scams Targeting Australians:

• Flubot malware: SMS messages claiming missed deliveries with malicious links
• ATO scam calls: Threatening calls claiming you owe tax money
• Tech support scams: "Microsoft" or "Telstra" calling about computer problems
• NBN scams: Fake NBN technicians requesting remote access

Remember: Government agencies like ATO, Services Australia, and myGov will NEVER call demanding immediate payment or ask for passwords/PINs over the phone.

Key Takeaways

• 🔐 Use VPNs on public Wi-Fi and for remote work
• 🔐 Enable firewalls on all devices
• 🔐 Secure your home Wi-Fi with WPA3 and strong passwords
• 🔐 Always prefer HTTPS websites
• 🔐 Keep network devices updated
• 🔐 Never trust open public Wi-Fi without protection
• 🔐 Protect your mobile devices - they're your most vulnerable access point
• 🔐 Be wary of QR codes from unknown sources