Protecting Against Sniffer On Home Network

Discussion in 'all things UNIX' started by artic0, Jul 21, 2016.

  1. artic0

    artic0 Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    6
    Location:
    usa
    Per a previous post here I've been working on Wireshark and ufw within linux. Although I haven't been able to master these two technologies (there is more than I expected and not as much free time as I need) I have another issue after seeing what Wireshark is capable of.

    My employer has given me one of their laptops to interface with their network. Do to their security policies the use of this laptop is non-negotiable. So it uses my home network. My setup is very basic. I have a router-DSL-modem setup from ISP. The employer laptop warns that it can monitor all computer activity on use, but If I'm in super paranoid mode it seems possible that the employer could have something like Wireshark on the laptop and be monitoring all my network traffic.

    Some ideas:

    1) I can already anticipate that one solution is "use a VPN" to encrypt all my traffic on other machines. While I could research a setup for my Linux computers using my network I'm not sure I have control over Roku, Amazon Kindle and other proprietary devices I may buy in the future. With that said, one has to wonder with the information collecting going on these days whether these types of devices have their own sniffers.

    2) I've wondered if connecting the employers laptop via cat-5 cable as opposed to wireless would eliminate sniffing but I know enough now to realize that the hub or switch that the ISP router-DSL-modem uses might still share broadcasts across that.

    3) I have an old WRT54GL with Tomato firmware installed that I figured I could plug into ISP router-DSL-modem via cat-5 then have employer laptop either use that WiFi or another cat-5 from WRT54GL to employer laptop. Other devices on my network would use the ISP router-DSL-modem SSID or I may need to purchase another router and hopefully not get too much of a problem from the ISP router\modem for having two routers and two networks running through it?

    I've already been looking into experimenting with OpenWRT and this old WRT54GL, from what I've read, seems to barely have the hardware to support the newer version. I've done some research on OpenWRTs website in regards to the best router but I've also consider the Raspberry Pi as a possible solution here since it seems like you can configure it to do almost anything. This is really a separate question from the "sniffer" protection I'm looking for but I do like the idea of having a Linux based router that I can install software packages on and use the command line to administer so I can configure firewall and log all network traffic for all devices on the network.
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    Wait. So you only need to use this laptop for WORK usage, right?
     
  3. hjlbx

    hjlbx Guest

    I would use the computer strictly for work.

    If you use it for personal matters, then the company can terminate your employment - at least that is the case here in the U.S.

    I know, I have seen it happen...
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Take that old second router you have and create another LAN on your network. Confine the work laptop to that individual LAN. The home devices will not see the second LAN and the work laptop cannot see the home LAN. This is a very easy process to do. Isolation is always the best method.

    Your ISP should not care what you do "downstream" from their modem. In fact they shouldn't even see it.
     
  5. artic0

    artic0 Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    6
    Location:
    usa
    Yes and that is all I will use it for.

    I probably wasn't clear. I'm not using the work laptop for personal things at all. I do need to have it connect to my home network, however, so it can VPN into their work environment.

    The work computer clearly warns when you log in that all usage can be monitored. The warning message is vague enough where it could allow for them to have a sniffer running in the background checking your network traffic too. So this would allow them to see, for example, that I am on wilderssecurity via HTTP at this point in time.

    The same could almost be said for any device. Maybe Amazon decides one day (or maybe they already do) to push software to their Kindle fires that sniffs network traffic. Of course I would expect that type of spying on a person to come more from a company like Facebook than Amazon. I figure this is only going to grow to be more of a problem as IoT takes off in the home. I almost wish there was some type of setup where each connection was isolated, but from what I read the protocols do not allow.
     
  6. artic0

    artic0 Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    6
    Location:
    usa
    I was trying to set up a router behind the ISP modem-router the other day and got some flaky behavior. Different advice I had found sometimes recommended ISP modem-router LAN ethernet cat-5 cable to WAN on WRT54GL and others recommended to go to LAN on WRT54GL. I'm worried that both the Tomato (main line stopped development in 2010) and WRT54GL were too old. When I finally did get something working my phone wouldn't connect to wireless nor would the work laptop.

    That setups wasn't going to work for security purposes anyway. So I'm thinking I can go WRT54GL LAN cat-5 to LAN on ISP modem-router then another cat-5 from LAN on WRT54GL to work computer. Assuming this even works (I will try it) how does this guarantee I'm secure. There is no way for the work computer to get past the WRT54GL short of hacking the tomato software?

    Thanks!
     
  7. hjlbx

    hjlbx Guest

    You might find this interesting:

    https://www.quora.com/How-can-we-detect-sniffers-on-a-network

    Networking is not one of my strengths so I had to find the above infos.

    I assume you are talking about a software as opposed to hardware-based sniffer.

    There's always Linux Tails - but I don't know enough about it; never used Linux for more than a few days.
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    I doubt you would have failed to consider this, but just to be certain: no in-range hotspots you could use?
    If by connection you mean device... it can be done. You can have N computing devices in your home, with each isolated from the others. Such that each won't be able to communicate with another or capture another's traffic, but each will be able to access the Internet. There are some caveats for radio interfaces though. For example, a wireless router may support a guest network and keep traffic on the guest network isolated from its other networks/interfaces. Such that guest and non-guest devices can't hear each other through the wireless router. WiFi devices can hear each other via RF though, and if configured to do so, capture each others traffic that way. Which should be encrypted. Except for some information like SSIDs and MAC Addresses and associations. Which some would prefer not to have captured by other parties.

    As you point out, the problem you are trying to address is a generic one. There are business scenarios which call for isolation and, increasingly, residential scenarios which call for isolation. Plus various degrees of isolation and different approaches to achieving objectives. People have been down these paths before and produced some helpful articles, discussions, configuration guides, etc. You've done some research/searching already. Be sure to do plenty of that. People who haven't started might start with keywords like: isolate device OR network OR connection iot OR smarttv.

    BTW, don't forget the potential for information to be collected via microphone, camera, accelerometer, ambient light sensor, other sensors, NFC, Bluetooth, maybe other radios, etc. If a device has a route out of your network, information collected from those types of things has a way out too.
     
    Last edited: Jul 22, 2016
Loading...