[AiProtection] How does AiProtection protect my home network?
Note: Please refer to the product specification page to confirm that your router supports AiProtection Pro or AiProtection Classic. Comparison Table for AiProtection Pro & AiProtection Classic version, please refer to AiProtection – Internet security and WiFi protection | ASUS Global
AiProtection, incorporating state-of-the-art, three-pronged security from the Trend Micro Deep Packet Inspection (DPI) engine, gives you enterprise-level security in the home — making ASUS routers equipped with these features the most secure home routers. AiProtection constantly monitors the security and safety of your home network for total peace of mind.
Firstly, by scanning your router’s setup for dangerous loopholes, and then removing those vulnerabilities, AiProtection prevents insecurity in your home gateway. Secondly, during internet activity, AiProtection, with Trend Micro’s state-of-the-art web reputation service (WRS) and DPI, uninterruptedly protects and safeguards you from unwittingly accessing dangerous websites. And finally, AiProtection mitigates against intrusion from a variety of cyber threats: malware, malicious websites, and system vulnerabilities. Moreover, alerts are raised when a device on your network is compromised and exhibits suspicious behavior.
DPI engine detection flow
Prevention - Router Security Check
Many simple problems can compromise security, such as a weak router password, unencrypted Wi-Fi or unblocked remote access. Incorrect settings could also allow hackers to change router settings and bypass your firewall so as to control devices, steal sensitive personal information or even to use your IP camera remotely.
Once all the basic security settings are checked and enabled, your router and all the devices connected to your home network will be safe and secure from outside interference. You’ll have the peace of mind of knowing that hackers will be kept at bay, and that your data is safe and your privacy is well protected.
Router security assessment
Protection - Malicious Sites Blocking
Malicious sites blocking can prevent you from visiting malicious websites thereby protecting your computers from being infected with Trojans or being exploited unknowingly. AiProtection with Trend Micro’s Web Reputation Services (WRS) helps you identify malicious URLs.
Malicious Sites Blocking work flow
a. Users try to visit a normal web site:
b. Users try to visit a malicious web site:
Malicious Sites Blocking categories
• Proxy Avoidance
• Potentially Malicious Software
• Spyware
• Phishing
• Spam
• Adware
• Virus Accomplice / Malware Accomplice
• Cookies
• Dialers
• Hacking
• Joke Program
• Password Cracking
• Remote Access
• Program Made for AdSense
• Disease Vector
• Malicious Domain
Note : WRS (Web Reputation System)
With one of the largest domain-reputation databases in the world, Trend Micro’s web-reputation technology tracks the credibility of web domains.
AiProtection with Trend Micro’s WRS assigns a reputation score based on factors such as a website’s age, historical location changes and indications of suspicious activities discovered through malware-behavior analysis. Trend Micro has advanced how it applies web reputation to keep pace with new types of criminal attacks that can come and go very quickly, or that try to stay hidden from view.
Protection - Vulnerability Protection
With more and more Internet-of-Everything (IoE)-enabled devices coming online, securing these devices becomes one of the next big security challenges.
• Vulnerabilities may exist in your IoE-enabled devices
IoE-enabled devices are usually built upon old-versions of unpatched, open-source packages, and thus these devices are increasingly vulnerable to exploitation.
• Your IoE-enabled device vendors may be reluctant to patch your devices
Patching a vulnerable device may result in incompatibilities, causing the device not to function properly. As a result, device vendors may be reluctant to release security patches for your devices until they have performed adequate testing.
• Your IoE-enabled device vendors may never release security patches
IoE-enabled device vendors may not have thought too much about releasing security patches, or might even never release security patches for your devices.
• Security patches are no longer issued for legacy operating systems or applications
For example, Microsoft stopped releasing security patches for Windows XP in April 2014 yet this operating system is still widely used.
Since all your IoE-enabled devices are connected to the Internet through your home router, and since vulnerabilities may exist in IoE-enabled devices, requirements for vulnerability protection on home routers have never been greater.
AiProtection with vulnerability protection can help prevent the exploitation of a known vulnerability even when the vulnerable systems/devices have not yet been installed with security patches. With the built-in DPI engine, AiProtection is capable of identifying and blocking known attacks before the attacking packets reach the vulnerable IoE-enabled devices. Malicious traffic is blocked by AiProtection and never reaches the vulnerable IoE-enabled devices.
Mitigation - Infected Device Detection and Blocking
When a host is infected with a bot or Trojan, it will stealthily connect to the malicious server, which is also called a C&C (Command & Control) server, in order to get commands from the attacker. This host becomes a zombie computer of the Botnet. The attacker can control the infected host via the malicious server. The whole connection is called C&C communication. The attacker can also steal the victim’s sensitive information through this C&C communication.
If the log of the device shows that a host tried to connect to a malicious server and was blocked, then this is an indication that the host has been infected.
AiProtection with Trend Micro’s Web Reputation Services (WRS) helps you identify C&C communications.
Infected device detection and blocking work flow
NOTE: AiProtection offers an [Alert Preference] feature. This feature, when enabled, will send you an alert email if security events are triggered.