BACKGROUND ‘Who writes their own firewall?’
As most of you know, I operate on a rather ‘high’ level of paranoia. Security and Privacy are both very important to me, however; I’ve always considered the suggestion of someone, somewhere running tools to attack my home network extremely unlikely.
“Almost 4 trillion IP addresses (IPv4), who would attack me?”
Attending AusCERT in 2013 changed this view for me, for a few reasons:
· It was the first time I’d heard the word ‘Cyber’ said aloud (outside of PwC, who had recently adopted the name)
· Attending an array of talks by ‘average-joe’ (non-government / unsponsored) researchers, demonstrate examples of how quickly and broadly they could collect data about entire neighbourhoods. (in particular, this one)
I left AusCERT with a renewed energy for understanding how I, personally might be at risk…
I worked with our security team more, re-read my network-related university slides and generally searched the internet for information.
This served to remind me:
· Understanding how firewalls work is hard!
· ‘Good’ documentation is scarce
· Producing logs on your own router, using manufacturer operating systems may be impossible
· Heck, just knowing exactly what your routers firewall is configured to do could be impossible.
TWO YEARS LATER
I have finally willed myself through (what became) a 4-week-long saga of barely-working Wi-Fi / Internet, many complaints / criticisms from visitors to my house and completely locking myself out of the router (just once, honest).
To facilitate this, I committed myself to writing my router’s iptables rules from scratch, logging all dropped traffic to a local Splunk server, and then re-enabing ports / protocols as necessary, and creating limits on external connections to open ports, such as SSH.
My Router
My Router's Operating System
My Splunk Server
(more or less)