Have I fundamentally missed something between the time when I sat with my 486 IBM PC in the house, fully offline, and today? Do normal people actually set up complex local networks in their homes where they have some kind of “trust anyone with an internal IP address” security scheme going on?
What exactly do they mean by this? I get the feeling that either I am extremely ignorant and somehow have not understood basic concepts of networking in spite of dealing with this (and hating it) for 25 years, or they have no idea what they are talking about and have learned everything they know about computers from Hollywood blockbuster movies and crappy TV series…
What does “gaining access” to a home network mean? Is that, like, exploiting the NAT router (if such a thing is used, which has not always been the case for me)? Even if they exploit the router, that doesn’t magically give them any “access” to the “network” (meaning PCs connected to the router)? At best, they can maybe read plaintext traffic, but how much such is there these days? I shall hope 0% of all traffic.
And again, for a long time, I didn’t even have any device “in between” the ISP and my single PC. It was a very “stupid” cable modem or ADSL modem which had no control panel or any NAT features etc. Right now, I’m using a Mikrotik NAT router which I update maybe once a year at best, because it has the most user-hostile, idiotic mechanism for enabling “auto updates”, which you’d think would be not only dead-simply, but enabled by default. Nope. You have to follow their cryptic news and decide when to manually SSH into it (or use the extremely confusing and messy web interface) to apply updates. I guarantee that 99.99% of all people (including “geeks”) have no idea that they even need to do this, let alone actually bother to.
So what do people mean when they talk about “gaining access”? No updated version of Windows has ever just allowed somebody to randomly connect remotely to “gain access”, regardless of the presence/absence of a router/switch/whatever in between. Or, if it has, that’s some kind of “0-day” exploit or unknown-to-the-public exploit. The so-called “hackers” that people talk about more than likely never “gain access” like that at all; I bet it’s 100% social engineering and tricking them into running coolgame.exe as sent to them in an e-mail attachment and things like that.
Since apparently I always sound rude, I should point out that my intention with this question is to understand people and the world, and not an attempt to somehow sound “superior”. I’m genuinely wondering about this since not a day goes by without me feeling extremely paranoid about security and privacy, especially knowing how incredibly naive and stupid I used to be, and how naive and stupid people in general seem to perpetually be about these things.