When I test network security, I frequently get asked "How can I protect my house network?" After I discuss the "typical solutions" (good passwords, configurations, MAC filters, permissions, firewalls, IDS, etc.), some people reach the conclusion that all those solutions are "too passive." When they work, they simply block possible attacks, and we have to simply trust them to work, blindly. Sometimes, however, that is not enough!Imagine you are on your home network, alone. How can you be sure you are alone? How can you be sure that you are not having your traffic redirected by a Man in the Middle (MITM) attack? Even if you find an intruder inside your network (an unknown device), how much time do you need to connect to your router and "kick him off" of your network?A few years ago, I started playing with a Raspberry Pi computer out of curiosity. I found out that even with all those "good security rules," I always had people trying to invade my network. So, after a few experiments, I found out that using a Raspberry Pi as a "Network Defense Center" was very effective and cost-efficient.After connecting a Raspberry Pi to a monitor and installing Kali Linux
on it, we have all the tools needed to monitor our network, and the tools that give us some "offensive" capacity to repel intruders, all combined on an energy-efficient computer (great for being plugged in 24/7). That way, we can use IDS, all those good security policies, etc. and still have an active role in protecting and monitoring the network ourselves.
- We can monitor our network in real-time with Airmon-ng, which allows us to see exactly how many devices are connected, as well as the MAC address of each device. This is great to make sure that we really are alone on our network while, for example, using net banking.
- We can monitor for suspicious packets and requests using wireshark, or even tshark (terminal-based wireshark).
- We have total control of our network, we can monitor who sends information and where, who asks for information, etc. We can also use nmap to make regular port scans to make sure no suspicious ports are used or open without us knowing.
- We can block out any intruder sending a continual de-auth flood with airplay (That way, the attacker can't do anything on our network).
- We can use Mdk3 as a "Panic button" to crash our own network, in the case of intrusion, for detection of anyone trying to exfiltrate information, etc.
The best part: all these actions are easily scripted to carry out fast responses to any situation that may happen, making it a fast-acting solution. (With a TFT screen, we can even have a portable device to use anywhere in the house).There are tons of different tools, and some people even prefer other tools/techniques. These are only some options for creating a simple and cheap way to monitor and protect your home network.