You may be surprised with how frequently, modern Internet devices such as mobiles, laptops or computers continuously send and receive data on our behalf that were we are not aware of their existence. When a person decides to know the content of the information that is being shared or limit and profile some data he may come across the idea of installing a firewall in his computer. So, is installing software firewalls in computers enough to counter the situation? When a software firewall is used it is probably aiming to control the higher network level and therefore it may be good at limiting other software applications exchanging data. On the other hand, have you considered the possibility that your own device might send the information which needs to be monitored? In this point, a software firewall on top of the device is not the best case scenario as the software might never be in a position to detect the exchanged low-lever system data or may not be legally allowed from the Operating System’s manufacturer and other factors to tamper with them. Finally, as the saying goes, one system is based on another, so if an attacker could use another vulnerability in your system to tamper with its firewall, since its software, you might never knew it was affected. On the other hand, as compared to software firewalls, someone could use a hardware standalone network firewall as these devices may control the network traffic from more than one hosts and they are dedicated to a single task wich makes them harder to be penetrated. The solution of using standalone network devices as firewalls makes more sence in the security field, however, their negative aspects lie in other factors as: that they are difficult to be found in the consumer market, they may cost something extra and may not be tailored according to a user’s needs.
For quite some time I was occupied to solve this situation wondering whether a person could use a firewall solution within reach to define his network policies, be 100% confident for their effect in play, eliminate the possibility of breach through software, and be informed as well, in real-time, for the exchanged network data. To fit in the above requirements, the solution had to be an independent network device for the afore mentioned benefits, not cost a fortune and to have enough processing speed to control the exchanging data. In order to match these expectations, the raspberry pi B was ideal as it is built for low-power consumption and may run Linux and Python over a quad-core ARM cpu. The next question in hand, was how to monitor the exchanging traffic. The solution, was given to me by the network itself as at the end it’s all about data in a cable that come and go. I had to let the hosts be and focus my attention on the medium, the cable where everyone is connected! What if you could control which kind of data arrive and which kind of data leave from the medium towards the Internet? There is no other way for the data to go right? and that would be something really game-changing as with one device you could control multiple hosts! In order to achieve this, I had to somehow split the network wire between the internal hosts that were in need to be defended and the Internet and to install the device in between them to act as the firewall.
In order to approach the solution, I had to ask how does someone split a network wire in two?! For this task, a bridge was in need to be formed as it is called in networks. A bridge is simply a device with two network cards which may exchange data from/to another and therefore the hosts from the one or the other side of the cable are not aware of the device’s existence since it does not have a network presence. Furthermore, in order to be informed for the network traffic from the device and change its rules you would need to use a third network interface to access the device, this time as a network host. These make up to three network interfaces, however, as you may have noticed a raspberry pi has only one. The other two interfaces would be usb to ethernet adapters since the pi has 4 USB ports available. In the project, Apple’s ethernet to usb adapters were used as they demonstrate good performance, low power consumption and the raspbian os has the necessary drivers to support them. If you decide to make a device of your own, watch out for the adapters from the ebay and other online stores as the pi might not support their drivers. Finally in order to understand the device you may observe the following diagram.
Introducing the device
This is PiWall, a game-changing, flexible, low-level network firewall!
Do it yourself!
in order to replicate the device you are going to need:
- one Raspberry Pi model B (2 or 3) url1, url2
- one micro sd card 8gb or more
- two Apple USB Ethernet Adapter
- one power cable for the raspberry pi
- a case for the raspberry pi (optional)
- heat sinks for the pi (optional)
- two new ethernet cables
Setting up the device
Write the latest linux/raspbian to the sd card as described in the official raspberry pi guide:
https://www.raspberrypi.org/documentation/installation/installing-images/
Insert the sd card and connect your device to a monitor, keyboard and power. As soon as you have a command prompt set up a new user password with:
passwd
edit the system’s settings with:
sudo raspi-config
select to:
expand filesystem
Internationalization options:
change time locale, timezone and keyboard layout
Advanced Options:
Hostname: change hostname to PiWall
SSH: enable sshd
Source code
The source code for the project is written in Python (3.4) as from the one hand, it is really easy and fun to control low-level traffic with a high-level programming language and from the other, Python is easy to write and thus to set your firewall, monitor and modify rules the way you need them.
The source code may:
- Monitor your traffic on the fly
- Firewall your traffic on the fly
- Modify your traffic on the fly
- Provide live information for all the above
Keeps internal and external host whitelist and has the necessary policies to handle ARP, IPv4, IPv6, ICMP, DHCP network protocols. You may view the project’s source code from here and learn how to install and run it:
https://github.com/kostiskag/PiWall
Last but not least, if something is not in the code the main idea is to define it yourself. Moreover the overall project, the programming language and the source code demonstrate a good background to apply various other algorithms for AI or big data. You may start by collecting frequencies from the various send and received protocols, you may modify your internal hosts mac addresses to keep them private, monitor DNS traffic, monitor peak hours and much more.
Final thoughts
You may know that these kind of solutions could be used for malicious acts like collecting network traffic, however, as a scientist, I believe in knowledge sharing and decided to publish this article as its development was meant to help individuals apply one extra measure of security in their home or work networks and thus try to reach a state of equilibrium towards the extensive network trafficking and profiling which is done on their behalf. On the other hand, this article and device were meant to let individuals be introduced into network traffic and control as network trafficking has become a part of our digital lives. Finally, the overall installation is not very expensive as the hardware costs around 110€£$ and may be used for research purposes, home or work environments.
As a room of after-thought, It may be a good practice to avoid connecting to unknown WiFis in airports, hotels or cafes as a similar and not so friendly Man-In-The-Middle (MITM) solution may be installed there. If you still need to connect from public places and can not avoid it you may use an encrypted VPN solution such as openVPN towards a trusted VPN server and thus be defended against a close MITM host.
Finally, have fun with your device and watch out for project updates!
You can view this project along with other three raspberry pi projects developed for 2017 in the following video
kostiskag 