Chapter 7: Security

"Hongik Ingan: Aunt (AIR-SHIELD) guards every home in the WIA family."

7.1 Built-in Security

Security by Default
===================

WIA-HOME includes:
  [OK] TLS encryption (HTTPS)
  [OK] DDoS protection
  [OK] Web Application Firewall
  [OK] AIR-SHIELD integration
  [OK] Automatic updates

No configuration needed.
Security is automatic.


Security Architecture
=====================

Incoming Request
      |
      v
+-------------------+
|   Rate Limiter    |  <- Block excessive requests
+-------------------+
      |
      v
+-------------------+
|   WAF (Firewall)  |  <- Block attacks
+-------------------+
      |
      v
+-------------------+
|   TLS-LITE        |  <- Encrypt connection
+-------------------+
      |
      v
+-------------------+
|   AIR-SHIELD      |  <- Deep inspection
+-------------------+
      |
      v
   Your Content

7.2 WIA-TLS-LITE

Lightweight TLS
===============

Traditional TLS:
  - Complex handshake
  - CPU intensive
  - Resource heavy

WIA-TLS-LITE:
  - Simplified handshake
  - Minimal overhead
  - Perfect for personal servers


Features
========

[OK] Full encryption (AES-256-GCM)
[OK] Certificate auto-renewal
[OK] No manual configuration
[OK] Works behind NAT
[OK] P2P certificate verification


How It Works
============

1. Key Generation
   - Generate keypair on setup
   - Public key registered with WIA DNS

2. Connection
   - Client connects
   - Server proves identity
   - Encrypted channel established

3. Renewal
   - Automatic before expiry
   - No downtime
   - Seamless


Certificate Display
===================

Visitors see:
  Lock icon in browser
  "Connection is secure"
  yoursite.wia.home verified

Same trust as traditional SSL.

7.3 DDoS Protection

Rate Limiting
=============

Automatic protection:
  - Max requests per IP
  - Gradual throttling
  - Temporary bans


Default Limits
==============

Normal traffic:
  100 requests/minute per IP

Suspicious traffic:
  Throttled to 10 requests/minute

Attack detected:
  Temporary IP block


P2P Distribution
================

Under attack:
  1. Request distributed to peers
  2. Peers absorb traffic
  3. Your server protected
  4. Attacker faces whole network


Custom Configuration
====================

home.security.ddos.configure({
  rateLimit: 100,           // requests/minute
  throttleThreshold: 50,    // when to slow down
  blockThreshold: 200,      // when to block
  blockDuration: 3600       // seconds
});


Attack Logging
==============

home.on('ddos_detected', (event) => {
  console.log('DDoS detected from:', event.data.sourceIP);
  console.log('Requests blocked:', event.data.blockedCount);
});

7.4 Web Application Firewall

Attack Prevention
=================

WAF blocks:

SQL Injection:
  Input: ' OR '1'='1
  Result: BLOCKED

XSS (Cross-Site Scripting):
  Input: Result: BLOCKED

CSRF (Cross-Site Request Forgery):
  Invalid token request
  Result: BLOCKED

Path Traversal:
  Input: ../../../etc/passwd
  Result: BLOCKED


WAF Configuration
=================

home.security.waf.configure({
  sqlInjection: true,
  xss: true,
  csrf: true,
  pathTraversal: true,
  fileUpload: {
    maxSize: 10 * 1024 * 1024,  // 10MB
    allowedTypes: ['image/*', 'application/pdf']
  }
});


Form Protection
===============

All forms automatically:
  [OK] CSRF token added
  [OK] Input sanitized
  [OK] Rate limited
  [OK] Honeypot field


Upload Scanning
===============

File uploads:
  [OK] Type verification
  [OK] Size limits
  [OK] Malware scan (AIR-SHIELD)
  [OK] Quarantine suspicious files

7.5 AIR-SHIELD Integration

Aunt Guards the Home
====================

AIR-SHIELD (Aunt) provides:
  - Deep packet inspection
  - Malware detection
  - Behavior analysis
  - Threat intelligence


Automatic Protection
====================

home.security.airShield.configure({
  enabled: true,
  scanUploads: true,
  protectForms: true,
  blockMalicious: true
});


Threat Detection
================

AIR-SHIELD detects:
  [OK] Malware uploads
  [OK] Bot attacks
  [OK] Credential stuffing
  [OK] API abuse
  [OK] Data exfiltration


Alert Notifications
===================

home.on('security_alert', (event) => {
  console.log('Threat detected:', event.data.type);
  console.log('Action taken:', event.data.action);
  console.log('Details:', event.data.details);
});


Dashboard View
==============

Security Status: PROTECTED

Threats blocked (24h):
  - SQL Injection: 12
  - XSS attempts: 8
  - Bot requests: 156
  - Malware uploads: 2

All handled automatically by Aunt.

7.6 Privacy Protection

Privacy-First Design
====================

WIA-HOME default:
  [OK] No third-party tracking
  [OK] No Google Analytics
  [OK] No Facebook Pixel
  [OK] No data selling
  [OK] GDPR compliant


Data Storage
============

All data stays on your PC:
  - Visitor logs
  - Order data
  - Customer info
  - Analytics

Nothing sent externally.


Privacy Configuration
=====================

home.security.privacy.configure({
  tracking: {
    analytics: 'privacy-first',
    cookies: 'essential',
    doNotTrack: true
  },
  data: {
    encryption: true,
    localOnly: true,
    autoDelete: 90  // days
  },
  compliance: {
    gdpr: true,
    ccpa: true,
    pipa: true  // Korea
  }
});


User Rights
===========

Customers can:
  [OK] Request their data
  [OK] Delete their data
  [OK] Export their data
  [OK] Opt out of any tracking

All automated and easy.

Chapter Summary

• [OK] Security is built-in and automatic
• [OK] TLS-LITE provides encryption without overhead
• [OK] DDoS protection with P2P distribution
• [OK] WAF blocks SQL injection, XSS, and more
• [OK] AIR-SHIELD provides deep threat detection
• [OK] Privacy-first design with full compliance