Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #21  
Old 12 April 2018, 13:02
IronCross's Avatar
IronCross IronCross is offline
Supporterator
 
Join Date: Dec 2010
Location: Dallas
Posts: 792
Amazing thread.

Wired>wireless, almost every time.
__________________
Keep your mouth shut and listen. That is the best piece of advice I have been given.
Reply With Quote
  #22  
Old 12 April 2018, 14:07
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 1,042
Quote:
I'd use a hardwired connection (including keyboard) for anything I absolutely couldn't have compromised
Some people believe that since modern (from 2011 onwards) wireless kb /mice with built in AES hardware encryption are safe. Maybe yes, maybe no. I personally am not going to take any chances. Reminds me of the old news that's Keysweeper. Of course, many pros don't disclose their tools and technology marches forward so...

Physical connection (be it for ethernet or for all kinds of HIDs) is the way to go for me IMHO.
One client I recently audited had valuable data taken away from reception's PC by me disguised as a cleaning man who just got hired. Physical perimeter breached without one problem, tool inserted, data downloaded. Some artefacts cleaned in the process but even if they were left onboard the PC, good luck with pinning me down since nothing got tripped and the computer has pendrives inserted into it on a daily basis. No cameras in reception but that too can be circumvented to delay recognition. I even managed to sweep the floor. No hacking, just a specifically prepared pendrive.

Reminds me about other old trick, leaving prepared pendrives with payload within company premises (a fancy pendrive with some ad printed on so employees think it's a freebie someone left by mistake, ripe for the taking), etc etc...

ETA: Apologies for the offtop, did not want to derail the thread.

Last edited by Paul85; 12 April 2018 at 14:28.
Reply With Quote
  #23  
Old 13 April 2018, 06:58
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
As a rule of thumb, and in the simplest of terms (as per this thread's purpose), wired is always preferable to wireless when considering security and privacy. Bluetooth is a form of wireless, so keep that in mind.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #24  
Old 13 April 2018, 08:21
HighDragLowSpeed's Avatar
HighDragLowSpeed HighDragLowSpeed is offline
Been There Done That
 
Join Date: Dec 2006
Location: Only Place For Me
Posts: 5,103
Some other secure approaches that might work for some y'all.

A Standard for the Transmission of IP Datagrams on Avian Carriers https://tools.ietf.org/html/rfc1149

IP over Avian Carriers with Quality of Service https://tools.ietf.org/html/rfc2549

IPoXP: Internet Protocol over Xylophone Players http://stuartgeiger.com/ipoxp-archive.pdf
__________________
"I know of no country in which there is so little independence of mind and real freedom of discussion as in America." - de Tocqueville, 19th century

God made machine language; all the rest is the work of man.
Reply With Quote
  #25  
Old 13 April 2018, 09:01
crapstash's Avatar
crapstash crapstash is offline
Divides by zero
 
Join Date: Jan 2007
Location: Probably Oconus
Posts: 298
Awesome thread.

I know you guys are dumbing it down here, but not dumb enough for this dummy. I want to replace my ISP router/modem setup with one of my own.

1)Where do i find one that is setup like you are talking about? I don't even know where to begin here. Is there a guide to "flashing" these things?

2) Can a VPN be setup on my router, so everything behind it is covered at all times?

3) Can you explain how (and what) you would setup a system in your Mothers' house? Meaning...you want her super safe but she doesn't know shit about a modem/router thingy and will never mess with one.

No offense to Moms out there that are super tech savvy! Im looking at you Hillary...
__________________
No one realizes how beautiful it is to travel until he comes home and rests his head on his old, familiar pillow.
Lin Yutang
Reply With Quote
  #26  
Old 13 April 2018, 09:41
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Documentation:
DD-WRT > https://www.dd-wrt.com/wiki/index.php/Main_Page
OpenWRT > https://wiki.openwrt.org/

If you want to skip it, you can buy a router with one of the above already installed from places like eBay. Be mindful of who you're purchasing from as you're opening yourself up to potential abuse. If you must buy from a vendor, make sure they have some reputable feedback. When you get the router, go into the settings and 'reset' to make sure they didn't leave a more obvious misconfiguration.

VPN: Yes, you can configure your VPN to work through your router. The specifics are dependent on your version of firmware, but is generally easy to find the menu option and put in your VPN information. NOTE: be careful about configuring your VPN from the router itself as it can cause issues with services like Netflix if they detect you're using a proxy (VPN).

Stuff for Mom: I wouldn't explain anything to Mom. I would just follow the information above to configure the device and then install it at her house. Most people don't care to know how the meatloaf is made, just that it tastes good.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #27  
Old 13 April 2018, 12:08
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 1,042
If you want to use the VPN, check if your ISP provides a static pub address to your router. If so, configure away. If not, you'd have to use DDNS service (Dynamic DNS) to overcome this. There's lots of free DDNS providers out there.
Reply With Quote
  #28  
Old 13 April 2018, 12:46
Akheloce Akheloce is offline
Six Minutes!
 
Join Date: Sep 2012
Location: Alaska
Posts: 396
Chances are slim that a residential customer will be given a static IP from their ISP. Most ISP's will provide one for a fee.
__________________
RIP Sitka 43 and ICY 33

Seven … six … eleven … five … nine-an’-twenty mile today
Four … eleven … seventeen … thirty-two the day before —
Reply With Quote
  #29  
Old 13 April 2018, 13:00
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Quote:
Originally Posted by Paul85 View Post
If you want to use the VPN, check if your ISP provides a static pub address to your router. If so, configure away. If not, you'd have to use DDNS service (Dynamic DNS) to overcome this. There's lots of free DDNS providers out there.


You don't need a static IP to connect to a VPN. DNS is a different animal, and not really cogent to this thread, or what's being asked. The VPN options an end-user would use are effectively tunnels, sending all data through the VPN stack.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #30  
Old 13 April 2018, 13:27
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 1,042
Yep I got something mixed. Sorry. It's been a long day at work You're correct, of course. Too many damn things TBD with too little time.

As to the used routers, I usually stay away from them because I don't know what was done with them and fear the risk of sudden hardware fault. But I also know people who bought used ones and were happy (usually enterprise or pricey consumer models sold at a decent price).

Last edited by Paul85; 13 April 2018 at 13:40.
Reply With Quote
  #31  
Old 13 April 2018, 13:48
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,580
If you want everything going OUT of the router VPN'd - you don't need to worry about DNS.

If you want to get IN to your home network from abroad using a VPN tunnel, you need to get a FREE dynamic DNS host-name from places like NO-IP.com, etc...
Reply With Quote
  #32  
Old 13 April 2018, 13:49
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Thumbs up

Quote:
Originally Posted by Paul85 View Post
Yep I got something mixed. Sorry. It's been a long day at work You're correct, of course. Too many damn things TBD with too little time.
No worries. I just didn't want to confuse anyone watching the thread. Just think of this thread as the bare-bones, simplest advice or end-users.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #33  
Old 13 April 2018, 13:51
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 1,042
Thanks guys. However, as to what Polypro wrote, I do remember that you have to re-register new IP with the DDNS provider every time? Or is it another way now?

I always used static IP from my ISP and had the entire hassle out of the way.
Reply With Quote
  #34  
Old 13 April 2018, 13:54
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Quote:
Originally Posted by Paul85 View Post
Thanks guys. However, as to what Polypro wrote, I do remember that you have to re-register new IP with the DDNS every time? Or is it another way now?

I always used static IP from my ISP and had the entire hassle out of the way.
If you're hosting a resource from your home that you want the outside world to have access to, that's where DNS gets involved. Again, best for a different thread.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #35  
Old 13 April 2018, 13:58
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 1,042
To clarify I touched this because a majority of people who set up their routers and asked me for help were geniunely interested in accessing their home resources from WAN via VPN. Home NAS, home PC, etc.

Quote:
Again, best for a different thread.
Okay, apologies for the slight offtop.
Reply With Quote
  #36  
Old 13 April 2018, 14:01
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
If you have the time and inclination, it might be cool to draft up some basic instructions for that situation and setup, and start a thread on it. I'm sure it would be helpful to the same folks to are watching this thread.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #37  
Old 13 April 2018, 14:07
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,580
Quote:
Originally Posted by crapstash View Post
Awesome thread.

I know you guys are dumbing it down here, but not dumb enough for this dummy. I want to replace my ISP router/modem setup with one of my own.

1)Where do i find one that is setup like you are talking about? I don't even know where to begin here. Is there a guide to "flashing" these things?

2) Can a VPN be setup on my router, so everything behind it is covered at all times?

3) Can you explain how (and what) you would setup a system in your Mothers' house? Meaning...you want her super safe but she doesn't know shit about a modem/router thingy and will never mess with one.

No offense to Moms out there that are super tech savvy! Im looking at you Hillary...
1. Depends on your ISP and what it is - Cable or DSL or...? Cable ISPs will have a list of approved hardware customers can purchase. Odds are the latest Motorola will be approved (DOCSIS 3.1 - ~$158 on Amazon) Then you need a router. I like Asus - and all you really need is an AC68 if they still sell them. And honestly, their stock firmware is pretty damn good - but AsusWRT Merlin is what you can flash.

https://asuswrt.lostrealm.ca/

Support Thread on Small Net Builder:

https://www.snbforums.com/forums/asus-wireless.37/

2. Yes. All you need is the account/connection info from your VPN provider. But be advised - If you have a mongo 100mbps cable connection - you won't get anywhere near that from the VPN. I would recommend buying a second router and set it up as just a Router/AP (Your main router will be in GATEWAY mode) connected to the VPN. Then you can get full speed for video etc... from Roku's et. al. connected to the gateway, but you can connect to the VPN device for any security/privacy you need. Honestly, it's just easier to run VPN clients on each computer/phone/tablet if you ask me.

3. You generally only need to set up the router settings ONCE unless you are an uber geek and play around a lot. So just do the best practices stuff posted here on hers and be done.
Reply With Quote
  #38  
Old 13 April 2018, 14:15
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,580
Quote:
Originally Posted by Paul85 View Post
Thanks guys. However, as to what Polypro wrote, I do remember that you have to re-register new IP with the DDNS provider every time? Or is it another way now?

I always used static IP from my ISP and had the entire hassle out of the way.
Simple answer, why waste thread space ---> Providers have free software you run on any networked computer (always on) that notifies them if your ISP changes your IP. No-IP's is called DUC (Dynamic Update Client). OR - most routers have built in Dynamic DNS update support for most of the providers <---Hey! I made it relevant to this thread, woot!
Reply With Quote
  #39  
Old 16 April 2018, 09:16
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,506
Thumbs up

Quote:
Originally Posted by Polypro View Post
<---Hey! I made it relevant to this thread, woot!
haha
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #40  
Old 17 April 2018, 07:55
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,580
I LOL'd:

Quote:
Former NSA hacker Jake Williams points in particular to the DHS alert's warning that Russian hackers hijack home routers when their owners don't change the default password—a form of hacking he considers almost laughably mundane, performed by even unskilled cybercriminals. "Everybody hacks routers," Williams says. "Saying that home routers with default passwords are getting owned is like saying that thieves are picking up unattended money in a public area."
https://www.wired.com/story/white-ho...ddles-message/

As stated numerous times above - disable remote admin and change default user/pass :thumbsup:
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 08:01.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Socnet.com All Rights Reserved
SOCNET