Technically Religious

S02E04: Home (in)Security

January 28, 2020

Last year we started to dig into the idea of what it’s like to be an IT professional with a strong religious, ethical, or moral point of view, who is also a parent. In that episode we discussed some of the concerns we have with technology, and how we get around those concerns. But like most topics in tech, there is a lot more to say. So today we’re revisiting this topic to extend and deepen the information we shared. In this podcast, Leon Adato, Keith Townsend, Al Rasheed, and Destiny Bertucci about parenting with a bible in one hand and a packet sniffer in the other. Listen or read the transcript below.

 

Leon: 00:06 Welcome to our podcast where we talk about the interesting, frustrating and inspiring experiences we have as people with strongly held religious views working in corporate IT. We're not here to preach or teach you our religion. We're here to explore ways we make our career as IT professionals mesh, or at least not conflict, with our religious life. This is Technically Religious.

Leon: 00:53 Last year we started to dig into the idea of what it's like to be an it professional with a strong religious, ethical or moral point of view, who's also a parent. And that episode we discussed some of the concerns that we have with technology and how we get around them. But like most topics in tech, there's a lot more to say. So today we're revisiting this topic to extend and deepen the information that we shared. I'm Leon Adato and the other voices you're going to hear on this episode are some of my best friends and cherished colleagues, including Destiny Bertucci.

Destiny: 01:22 Hello.

Leon: 01:24 Keith Townsend.

Keith: 01:26 Hey!

Leon: 01:26 And Al Rasheed.

Al: 01:27 Hello.

Leon: 01:29 Before we dive into this, very important and also a big topic. I want to give everyone a chance for some shameless self promotion. So Destiny, why don't you kick off and tell us a little bit about yourself and where people can find you and how you identify religiously.

Destiny: 01:44 I'm Destiny Bertucci. I'm one of the product managers for SolarWinds and you can find me on Twitter @Dez_Sayz with a Z, and I'm an evangelistic Christian.

Leon: 01:54 Keith, how about you?

Keith: 01:55 Hey, I'm Keith Townsend. I'm the cofounder of the CTO Advisor. You can find me on the Twitters @CTOAdvisor, and I am a nondenominational Christian.

Leon: 02:09 Al.

Al: 02:09 Hello. I am Al Rasheed. I am a federal contractor in the DC area. You could find me on Twitter @Al_rasheed. Also my blog is https://alarasheedblog.wordpress.com/. And I am a practicing Muslim.

Leon: 02:22 Great. And just rounding things out. I'm Leon Adato, I'm one of the head geeks at SolarWinds. Yes. That's actually my job title. Head Geek and SolarWinds is neither solar nor wind. It's actually a monitoring software vendor because naming things apparently is hard. You can find me on the Twitters, which we all say because it annoys Keith's daughter to no end. @LeonAdato. I pontificate about things technical and religious at http://www.adatosystems.com, and I identify as Orthodox Jewish. So we have a range of both religious and technical opinions on the episode today. And before we dive into the "how", because I know a lot of people listening are really hoping for the, you know, "how do I build my home network and how do I secure it? What software should I buy?" And we're going to get there. But first I think it's important, like any good IT project to define the scope, what is in and out of scope. So what are some things that we're not going to be talking about on the episode here?

Keith: 03:21 So if you are, uh, you've gone to the airport, you've seen these, uh, amazing billboard ads for firewalls, we're not going to tell you how to configure a set of golden firewall rules for protecting your, your, the egress VPNs. And all of that...

Leon: 03:40 Right? We're not going to tell you how to do your Palo Alto firewall, you know, uh, profiles and things like that.

Keith: 03:47 I know a couple of the hardcore fans out there have a enterprise class firewall but that's not gonna...

Leon: 03:52 At home?

Destiny: 03:53 I may have a couple. Just a few.

Leon: 03:56 Okay. But it's beyond scope again, beyond scope. If you have a Nexus in your basement, we're not going to talk about that. Uh, anything else that is that we're not discussing here?

Keith: 04:07 So I think the other thing is if you have an active teenager who was, you know, going out and uh, you know, kind of, uh, defeating your, your, your, your protections, we'll talk about kind of repercussions to that, but not necessarily how to outpace your, uh, your, your geeky teen.

Leon: 04:26 Yeah. If you are in a arms race, uh, and they're constantly finding ways to get around your firewall or get around the protections you've put in place, then that's sort of out of scope. And as I am fond of saying, there is no force on earth that is going to stop a horny teenage boy from searching for boobies on the internet. It's just, it's a losing proposition. What we're really gonna deal with are more the oopsies and also some other protective measures that you may not even be considering, but, but yeah, horny teens, we're not gonna stop them. That's out of scope.

Keith: 05:00 Where was the internet when I was a teenager?

Destiny: 05:01 Right? Yeah. I feel, I feel like the honeypots are still fun though for those. I always always like to tell them there's a great collection of old Playboy in the back. So as long as they can... as long as they can break in.

Leon: 05:16 Yeah. Yeah. There you go. Um, but what we are going to talk about are things like, let's see, um, we're going to talk about filters, right? How to set up a filter on your house, uh, on your home internet. Right? What are some other things that we're going to talk about?

Al: 05:27 Passwords, um, securing your passwords you discussed, um, you know, resetting them every so often. Um, not having an open network. I believe you all seen that discussed as well.

Destiny: 05:40 Basically like cyber hygiene, right? Like, you know, let's, let's get rid of them guest networks. Let's go ahead and like kind of do our due diligence on protecting ourselves and realizing that the brick and the mortar house does not protect our internet, right? We gotta, we gotta get to take it to the ones and zeros and be able to put up those little blocks and we know that that can sometimes be a little intimidating, but we're going to try to make that a little bit easier. Plus we'll discuss some of the software, right? That is available as applications for your phones as well as your kids' laptops and things like that so that you can actually filter that out and see what they're doing,

Leon: 06:13 Right. Um, aluminum siding is not, in fact a faraday cage. It's not going to keep the signal from leaving.

Destiny: 06:18 I'm going to remove my foil hat right now.

Keith: 06:22 I did just spend $1,000 on a fancy security door, so that, that HAS to help.

Leon: 06:27 I don't know that that security door is doing. Uh, the security that you're implying here, but, okay, fair enough. All right. So, uh, so again, now that we've talked about what's in and out of scope, what, what are the problems that we're trying to solve? Um, so I'm going to start off and say that we're not talking about internet jail. Um, we're really talking about creating a, a healthy family environment and a healthy technical environment, uh, in your house as it relates to technology, the internet, cell phones and things like that. But that's what we're doing is, and we are going to talk about gear. I don't want to give you the impression, we're not going to talk about geek toys. We are gonna talk about hardware. Absolutely. But we're doing it with the intention of creating a positive environment where the internet can be seen as a useful and safe, uh, tool within the family structure. Whatever your, your moral, ethical or religious outlook is. Um, what are some other problems that we're going to address here?

Destiny: 07:34 Think were going to be talking about like, you know, the effects of technology in today's world. A lot of the times the parents are trying to play catch up to what the kids are understanding and knowing and their social aspects and a lot of times parents don't understand why social media is such an integral part right of their life. And so we're going to try to see if we can bridge that gap while making them safe as you are talking about. So that's like self body image, right? That's like just basic things that we should do as cyber hygiene of our social media accounts. Let's not give out things that are so private that people could use against us. Let's not use things like that that are out there. So we just need to kind of like get those out there and put those into the mindset of parents and other people who may not have the knowledge so that they can actually relate that and understand with their kids a little bit better.

Keith: 08:22 Yeah, and, uh, to piggyback on that. A lot of times we're focused on, especially as as religious people, we're focused on kind of the, the, the sexual parts of internet and making sure that we're protecting our kids from porn. You know, my 11 year old granddaughter came in, uh, this morning around this recording the, there's an awful lot going on in the middle East and my 11 year old granddaughter's teachers told her something very inaccurate around politically what can happen here in the U S if we're at war. And I'm like, "That's not true at all!" So while, you know, 11 year olds are at that point where they're very impressionable. They find people that they admire, such as teachers or people on YouTube that they, that looks fancy and well put together. And the next thing you know, they're coming in and arguing. "I know I've been to Australia, but the earth is flat for sure. Grandpa."

Al: 09:24 I was just going to add, we're going to remind them that common sense most times I'm not prevails. And I think, and I know Keith has mentioned this as, as everybody else, what they see online is not always good. It's not positive, it's not the path that they should follow. And um, you know, when we reflect back on our times when we didn't have all these, all this technology, we didn't have the internet at our hands at all times. We, we just used, again, I can't say it enough common sense because we always knew what decision we made was going to have an action right behind it.

Leon: 09:54 Great. And I also think that Destiny to your point, um, when we talk about the, the safety of the internet, you know, cyber hygiene, um, recently there were some really high profile moments that uh, parents who are geeks may be more familiar with, but if you're not in, you know, it feel, don't feel like you're part of the geeky spectrum. The Ring doorbells recently was a big deal where there was a $6 app that you could download from uh, the internet, a couple of different places and install and it would just tell you all of the open, unprotected. "Nobody changed their password" Ring doorbells and in the home devices and you could just hack right into them. And a wife came home, she heard a man's voice inside the house and thought that the house had been broken into. And after doing some, some investigation realized there was nobody in the house, but somebody was on there, uh, in indoor Ring speaker and it was making fun of the dog, which they could see. So there was a camera and a speaker that was talking to their own dog and the husband who happened to be two states away was having, was justifiably worried because he had no idea where that person was. They might be in the next driveway over on the actual home wifi, but they might not have been. And I think that there's, there's a lot of cases like that. Um, Destiny, you had a couple of stories recently in your neck of the woods.

Destiny: 11:22 Yeah. So especially around the holiday times, birthdays, things of that nature. A lot of people get, you know, new technology that they're just not used to. And they assume that when they apply it into their application because their phone has a password - and I've heard this from several people - that they assume that that transfers over, right? Like, "okay, well I opened it up with my face ID. So obviously somebody has to have my face to be able to get into my Ring" or "they have to have my face to get into my Wise." And that's not true because they did not change the password when they were logging this in and getting things done. It's still an open password, right? Like it's one that you can Google today. It's just like if you have a Netgear or LinkSys anything of which that you want to do, you can Google what the standards are. You know, your, your standard capital P password one, you know, things like that. And that's fine and dandy and I get it that people don't quite translate that technology. But here's where it gets you in a bind. They start putting their cameras up in their playrooms. They start putting their cameras up, kind of like a monitoring system. Right? And we all know that monitoring systems for babies and things like that used to be hackable by a telephone, right? There's things like, just think about it. I always tell everybody if it has an operating system, it's hackable. I don't care what it is. All you need is time and motivation. So what people do with these is they can actually use your Ring door camera and they can see when you left, they can see if you're home and then you start adding them inside of your house and you don't change the password. Well now they can see where you're at located in the house, what your routine is in the house. They can see and gather, what's your daughter's name, what's her pet name, what's your pet's name, right? Like what are all these little things of which that you're doing that you generally use to protect your data online. So it's one of those things where when they start to actually talk to you through the device, right, they're done. And I'm just throwing that out there. If they are talking to you through the device, they're done with you. They've already gathered what they need, they've already done what they needed to do, right? So how long have they had it open? How long have they monitored you? How long have they, if they were a pedophile, watched your kids in their bedrooms undress and dress, and I know that sounds mean, but we deal with it every day. There's people who are still putting cameras and doing things in their children's bedrooms that are on a live feed, that it can be accessible all over the world that is being hacked. You have to start thinking that you have to protect yourselves. I know you're trying to protect yourself as a parent to say, "Hey, I'm monitoring the situation. Right?" Well you're not. If you're not doing your due diligence to protect your network indoors, and that's something that I think that people have to focus on. You should never ever leave the out of the box password. You should create a reminder in your phone. We all have, I'm the one that they do the face ID to connect to it to change your passwords. You should be able to actually look into your network and have just basic concepts of: is there external transactions that are coming through? How do you read the log file? It's all in your user manual. Like there's things that are in there that you can do due diligence. And it's almost a disservice by saying, "well I just didn't know", right? Because the law tells you all the time. The ignorance to the law is no reason that you wouldn't be punishable. Right? So if you're putting things of technology within your home, in your safe dwelling, you should protect it like it's your family. So you should look into that device. You should Google the reviews, you should make sure that there's security measures in place that's going to help protect you cause you want to be able to protect yourself and your family. That's why you probably have it. And that's probably why you were putting it in those rooms, is for a protection base. And you just didn't understand that there's a whole global world out there that can use that against you. So you have to stand up to it.

Leon: 15:09 And for those people who are thinking, "Oh, but it's gotta be really, really hard to get into." I just want to offer one website, http://shodan.io. And by the way, all the websites and all... everything that we talk about in this episode is going to be in our show notes. So don't feel like you have to scribble things down or worry about spelling. It's all gonna be there. You can pull it from http://www.technicallyreligious.com but Shodan.io is a clearing house for IOT, internet of things, devices. You can search by manufacturer, by brand, by country, by company name, by any, anything that's associated with the devices. And there are prebuilt searches. So you can look for webcams that still have the password admin admin. So there's just a list built in there on shodan.io to find those things. Now on the one hand you can look for yourself and you can make sure that you are not on it. But on the other hand, that's how easy it is to find these things. If, uh, you know, somebody wants to, you know, go looking for trouble. So there's that. All right, so having talked about what we think is a problem... Some of the things we think are problems. I do want to take a minute and talk about why we see it as a problem to be solved and, and we've started to really get to this, but there's a lot of people who look at some of this stuff "Well, I don't, I don't want to put a filter on my kid's phone or their internet or whatever because this stuff is in the world and if I shelter them, they'll never know how to deal with it." And things like that. That's the sort of the argument about it. And I'm going to kick off this section by saying that my community, my Orthodox Jewish community has incredibly (compared to many other communities), strict standards about outside influences. For example, in my city for a very long time, if there was a TV in the house, the kids couldn't attend certain schools. They, the schools felt that the television was such a negative influence that they didn't want those kids coming to the Jewish day school in question. So that's, that's the level. And the internet is really an extension of that set of values. The Orthodox community here in Cleveland understands that parents need to work. The internet is part of that. It needs to be there. But to leave it unfiltered and unmonitored is like leaving a fire burning in the middle of your living room. Yeah, it is going to keep your warm and yeah, you can cook your food, but it is also going to burn your house down. So, you know, not, not the way that we want that to happen. That's uh, you know, that's the attitude. That's one of the reasons why some people see this as a problem to be solved: it just doesn't fit into their, uh, ethical, moral or religious values. The other piece I'll bring in is actually a piece of Talmud, which, uh, discusses that there are three things that a parent is responsible, obligated, commanded to teach their children. And the first one is Torah. Meaning they have to teach their children how to pray and how to understand what their religion means, how to think critically about their religion and understand it in their application of life. That's an interesting perspective. The second thing is they have to teach them a skill, a trade, something that they can, uh, be worthwhile. And the third one is how to swim. And that's the one that stands out for a lot of people. It's like, "Wait, wait, wait, wait. The first two makes sense. That's like life skills. What about swimming?" Well, back in the old times, back in the old days, medieval times or before that, water was really dangerous. People didn't know how to swim, there was no such thing as a public pool. And if there was a flood or a river overflowed its banks or whatever you're talking about, dying simply from not being able to tread water. So a parent was responsible for teaching a child basic survival in the, in the wilderness. It is understood in many, uh, synagogues, many Jewish communities that the internet is equivalent to the way water was treated. "Yet we have to have water, we have irrigation, we have to live near waterways because it's travel, all that stuff. But it'll kill you. You know, if you're not careful, one false move, you slip in and you're going to drown in it." And I think that the internet has those, some of those same properties. So those are some reasons why building a safe, secure, um, and mindful internet space in your home is important and necessary. So that's, that's my side of it. Well, what are your folks thing

Keith: 19:37 in the Townsend household? We have this philosophy. We let our children go over other people's homes. Uh, we commune with, you know, we're, we're part of the community. However, this is a fortress, not when it comes necessarily somebody breaking my door down. But this is a place of refuge. This is not quote unquote the world. You can come here and let your hair down. That's what happened to mine.

Leon: 20:09 You let it all the way down!

Keith: 20:11 I let it down a little bit too much. You can come here and let your hair down and you can as a place of safety. So, you know, uh, when, when for the longest time, my sons, when they were kids, we'd be that home that the neighborhood kids come and play basketball. Some kid would curse and I say, "You know what, that's it. Everyone has to go." And they'd be very disappointed. But it taught them that this, the, when you come to the Townsend's home, there was an expectation. So extending that no matter what your faith is, whether you're, you're to, you're to the point that you made, that you're of a faith that this is a river or to someone's extreme point that, you know what, this is the world. I just don't let the world in my home. Period and, and there and the internet is part of that. It's part and parcel. So, uh, it may not be to the same level of your, your strictness, Leon, but there it is stricter than most and it, it's, I'm going to protect my family, uh, regardless of what medium that is.

Destiny: 21:15 I have to second that because that's kind of the same thing with us is a lot of the kids come to our house and like, just like they'll show up at on Friday and they leave on Sunday. Right? And it's one of those just normal things. But one thing that they all know is that they bring Sunday clothes because they know they're going to church on Sunday. They know that they're eating dinner every night together. It's not just on a Sunday thing and to where now they like start to do things to where like Leon, you know, like we do like little contests and stuff on like 'who makes the best cookie arrangement for the holiday' or whatever. You know, we put it out there and the reason why we cook and we bake and we do stuff like that is because my Christian values and the things that I come from is, you know, we are supposed to be able to feed into nurture, into, you know, to bring people up within the world, right? Like it's all about love and I feel like if I can have these kids here and where they're learning how to make, even if it's a chocolate chip cookie, right? Like they're learning a skill and they're surrounded by love and they love it. Like they have so much fun. But it's one of those things where it's like they're protected. Like kind of like what Keith was talking about, you know, like there's a zone, like our house has like a dome or something on it where we've had kids show up at two o'clock in the morning because bad things were happening. Right. And they didn't know where else to go. A: it should've been the cops, not gonna lie, but we took them to the cops. But it was one of those things of we were still a safe haven. They got in a bad situation and they didn't know what to do. And they knew that we would probably guide them in the right location. And we did. And it's one of those things where it's like, no matter where we've lived, we've tried to make sure it's an open door. It's "Please come in." We don't force anything upon anybody by any means. But they know and they have a sense when they leave that there's love that's in that household. And I think that that's, that's all I ever wanted, to be honest. Like, you know, I just want the kids to feel safe and I want people to feel they're loved, but they also know like kind of what Keith was saying, it is a protected zone and you know my husband very well, like he's "the protector." So it's one of those things where we take it very wholeheartedly.

Leon: 23:35 Yeah. I mean the idea of a safe space, you know, making our home a safe space from an emotional standpoint, making it a safe space from a physical standpoint and extending that, making it a safe space, from an internet or Keith, I like it, you know "the world", you know the world, the internet trolls are not going to intrude in this space. They exist. They're out there but they're not coming here.

Al: 23:56 Yeah. If I could add to it also when we have kids come over, we try to, you know, or when we're together as a family more so recently, try to have some bonding without the electronics. Board games or you know, "how, what, what was your day like?" "Is there something you want to talk about?" Or "what do you have on the horizon? What are your plans?" So on and so forth. And um, you know, there's a, we want to get off of this reliance of technology to function. We all got, we all got by fine without it years ago. It should be the same moving forward. Uh, but there's no way really around it. But we've tried to limit it as much as possible.

Destiny: 24:35 We have "the basket policy." I love the basket policy. We have a friend basket for the friends come over and each, cause we have four daughters. Sorry guys. I know it's crazy. But we have, we have four baskets for the girls and the parents have their baskets too. And trust me, they will call you out on that if your phone is not in the basket when it's supposed to be because they're like, "Excuse me, where's your phone?" And it's like "I'm working." And they're like, "Nope, it's dinner." And that's like you said Al, that's 100%. Like you have to have those boundaries of a technology gap. And if you look at Steve Jobs and even Bill Gates, they monitored and completely limited their children and their family because they knew and understood what they were creating and doing. And I think that's something that people may not realize. That a lot of the, the applications that we have on our phones, a lot of the software, a lot of the gaming things that we do is created by neurologists as well as gaming commissions with the machines, right? So they know what's going to make you want to come back for more. They also know if you're young and you're playing a young game, that they can show you an intermediate ad while you're playing it to prepare you for your next level. So as me and Leon has talked about this, the parent is behind the ball because you literally have a force of scientists that are backing your kids to keep them in technology. And you're one person, right? They have teams and teams and billions of dollars invested on hooking your child from a young age.

Al: 26:12 Right? And it's very hard to manage all the security or try to enforce everything at all times because they can literally just go right across the street to their friend's house, piggyback on their wifi and you've lost all control.

Leon: 26:25 Well, and we're going to talk about ways to avoid that because that is, um, that is definitely a concern. Is that you can lock down your fortress and as soon as somebody leaves through the, you know, through the, um, portcullis across the moat, you know, they're going to get attacked by the ravaging hoard. Just to, just to beat the metaphor, the ground here. But there's some ways to, to still protect our families, not just kids. I mean, I think in some cases for some families, the people you're trying to protect the most are your parents. You know, or you know, or your spouse. You know, again, we're talking to the whole episode is talking about being a, you know, somebody who's religious and a parent and a geek. But we may not be married to geeks. We may be the one who has to, uh, help our, our non-geek spouses to avoid those same risks. So we'll talk about that also. Uh, good stuff. Okay. So having, having talked about why these are problems and those are some compelling reasons - but I don't think that that's, you know, surprising - what are some, we're going to talk about some technical approaches and then we'll talk about some non technical approaches for how to, uh, how, how to really build a secure, safe, comfortable environment without, again, Keith, to your point, without having to buy Palo Alto firewalls and you know, stuff like that. Like how, what, what's a, uh, reasonable home environment or home setup.

Keith: 27:50 So I'll start with my, my configuration. So I'm in a pretty interesting situation versus I think everyone else on the line, I have a 11 year old granddaughter. We're empty nesters, so my granddaughter's coming over. So we have to co-parent. And my daughter and, and, and my wife's perspective on some of these topics are wildly different. However, the Townsend family, uh, traditions are in place when family and friends come to our house. That's just the way it is. So we use, uh, for my own protection because I'm an adult and I still have eyes and I still want to protect my own purity. That's just my approach to making sure that, uh, when I run into women on and the community that I have the proper perspective of those women. I'm not, my eyes are not seeing things that, that uh, that will harm my reputation of being "Keith" in the community. So I use Eero plus and the natural filters on that. And then I think everyone uses, what's the DNS service that you can just set your DNS to? Uh,

Leon: 29:07 OpenDNS?

Keith: 29:07 Yes! OpenDNS...

Leon: 29:09 Which is now Cisco... Part of Cisco umbrella.

Destiny: 29:13 of course it is.

Leon: 29:18 Well, okay, I'm going to talk a little bit more about, about Cisco umbrella in a minute cause I'm really impressed with, uh, what they're, what they're doing with that. But okay. So you've got Eero and you've got OpenDNS or Cisco Umbrella

Keith: 29:28 And then I can use, you're there. I can set, um, uh, I can turn the knob as to what I want to be able to search myself and what family and friends when they over because I've had the challenge, believe it or not, where I've had friends come over and abuse. Uh, the internet here when it was open. This was some years ago and I had to have, have a difficult conversation with a, uh, with a good friend. The other thing that we do is... Mobile is put a big challenge, especially in the days of unlimited data that, uh, you know, simple controls that Apple allows on, I think for me, the iOS is probably the better platform for parental controls. You can just go in and, uh, as you can even set if you want Safari, uh, turned on or not. So, you know, the scariest thing about iOS and mobile devices is a mobile web browser because you're, now you're outside of the boundaries of open DNS, et cetera, et cetera. You'd have to go in and manually set, uh, DNS if you want it to do that. That's, that's a easy fix for some people. If you're not battling, you know, a teen that wants to, you know, bypass open DNS, you can set your DNS server, uh, even on your mobile device to the open DNS servers. And then we control the knob as far as applications. Obviously my 11 year old doesn't have a job to be able to, uh, buy applications on her, on her own. So we, uh, approve every application that's installed, uh, monitor her overall usage, et cetera.

Leon: 31:14 We know you can't listen to our podcast all day. So out of respect for your time, we've broken this particular conversation up. Come back next week and we'll continue our conversation.

Destiny: 31:23 Thanks for making time for us this week to hear more of technically religious visit our website, http://technicallyreligious.com where you can find our other episodes, leave us ideas for future discussions and connect to us on social media.