Private Network

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Traditionally corporate networks were private and relied on firewalls to protect uses from attacks from the open Internet.

Context

Times have changed and each computer now comes with a firewall protecting it from the open internet, which is all that computers see when traveling.

Problems

  • Now attackers are using browsers to access devices inside the user's home networks.

Solutions

  • Explainer: Private Network Access is continually updated in place.
    Private Network Access is a web specification which aims to protect websites accessed over the private network (either on localhost or a private IP address) from malicious requests from websites located outside the private network. Say you visit evil.com, we want to prevent it from using your browser as a springboard to hack your printer. Perhaps surprisingly, evil.com can easily accomplish that in most browsers today (given a web-accessible printer exploit). This specification used to be named "CORS-RFC1918" , after CORS, which provides a mechanism for securing websites against cross-origin requests, and RFC 1918, which describes IPv4 address ranges reserved for private networks.
  • See wiki page Cross-Origin iFrame for details on CORS.
  • New Chrome security measure aims to curtail an entire class of Web attack (2022-01-13) Hackers have long used browsers as a beachhead. Google aims for PNA to change that.
    For more than a decade before 2020, the Internet has remained vulnerable to a class of attacks that uses browsers as a beachhead for accessing routers and other sensitive devices on a targeted network. Now, Google is finally doing something about it. Starting in Chrome version 98, the browser will begin relaying requests when public websites want to access endpoints inside the private network of the person visiting the site. For the time being, requests that fail won't prevent the connections from happening. Instead, they'll only be logged. Somewhere around Chrome 101—assuming the results of this trial run don't indicate major parts of the Internet will be broken—it will be mandatory for public sites to have explicit permission before they can access endpoints behind the browser
  • Virtual Private Networks (VPNs) have given computers the ability to join a remote network as though they were physically attached to that network. {https://www.cnet.com/tech/mobile/with-pixel-7s-built-in-vpn-googles-giving-you-a-security-boost/ Google Announced] on 2022-20-06 that their Pixel Smartphones would come with a VPN built in.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Private_Network&oldid=18953"