Thursday, January 14, 2016

HOWTO : Network Security for Home and SOHO Users

Never think of Intrusion Prevention System (IPS) can be deployed at home or SOHO environment because of expensive cost? I have a good news for you that you can deploy IPS at home or SOHO with a very low price.

Croissants is an Intrusion Detection and Prevention System (IDPS) which is developed by me (Samiux). Its engine is next generation IDPS - Suricata. It is a very high performance engine.

Features of Croissants :

- Plug, Play and Forget!
- Suricata as IDPS Engine which is the Next Generation IDPS
- Based on ET Open rules (can use ET Pro rules with minimal settings)
- Work with ClamAV (Open Source Anti-Virus) MD5 signatures
- Work with LMD (Linux Malware Detect) MD5 signatures
- Work with IP Reputation blacklists
- Work with SSL Certificate blacklist
- Work with Denyhost SSH blacklist
- Work with Advertising Domains blacklist
- Drop certain traffic with minimal settings
- Disable and Enable rules with minimal settings
- Auto update ET Open rules, MD5 signatures and Blacklists
- Data analysis with charts on web interface
- 4K video streaming playback capable
- Can play common online games (but not ideal for playing demanding First Person Shooting games as it may has spikes) Demo videos

Zotac CI323 Nano Plus with Windows 10 equipped with 2 wired network interfaces and 1 wireless interface as well as 4GB RAM and onboard 32GB M.2 SSD.

Zotac CI323 Nano Plus is ideal to install Croissants when you insert extra 4GB RAM or replaced it with two 8GB RAM (total 16GB). I recommend to install 16GB RAM on it for better performance. Meanwhile, you need a wireless router. Croissants (special version for CI323) can be installed on the 32GB M.2 SSD with Ubuntu 14.04 LTS Server previously installed. However, it is better to install to hard drive or SSD drive.

You can get the special version at the following (the current version is 1.0-RELEASE). Please also note that the performance of 16GB version is higher than 8GB version :

8GB RAM Zotac CI323 - https://www.infosec-ninjas.com/files/croissants-1.0/croissants-home-ci323-1.0.1-RELEASE.tar.gz
sha256sum - a12f78ae571fa93dce0ee68f383c8b5af39a903ccaac09336dcaf0b9c5fd6278 croissants-home-ci323-1.0.1-RELEASE.tar.gz

16GB RAM Zotac CI323 - https://www.infosec-ninjas.com/files/croissants-1.0/croissants-smb-ci323-1.0.1-RELEASE.tar.gz
sha256sum - 759616b21235353953ab363f6ca8f6ecbe05e48a7988b0c771675596045959ba croissants-smb-ci323-1.0.1-RELEASE.tar.gz

Please refer to the Croissants website for the installation procedure. The procedure is similar to standard version of Croissants. Meanwhile, this special version will only keep 60 days data.

Make sure you connect Zotac CI323 between ISP and wireless rotuer and the monitoring cable should be connected to the router or switch (if any).

Before installing Croissants, you need to edit nsm.conf :

WIFI_SSID - The SSID of your wireless router
WIFI_PASSWORD - The password of your wireless router

The default monitoring IP will be x.x.x.180, such as 192.168.1.180.





To extend the security of your network, you may consider to add the following OpenDNS servers to your router.

OpenDNS FamilyShield DNS servers have build-in fraud and phishing protection as well as pre-configured to block adult content :
208.67.222.123
208.67.220.123

OpenDNS Home DNS servers have the captioned features but it can customized what content to be filtered. You can register to OpenDNS Home for the customization or just use the following servers without customization. They all use the following addresses :
208.67.222.222
208.67.220.220

OpenDNS DNS servers are compatible to Croissants.


REFERENCE

5 DNS Services to Block Porn Sites without Installing Software
HOWTO : Hardening and Tuning Ubuntu 14.04 LTS

That's all! See you.