Or why I set up a honey Pot on my home network!
I've decided to start self-hosting items from my network. Former coworkers have been doing this for years, and so have I technically. I have a plex server, and directions did call for me to use port forwarding in order to make it accessible to the outside world. I've also decided to set up a Nextcloud server, and host my own Node JS application using some Docker containers, a reverse proxy, and little port forwarding on my router. (thanks to Google backing down from having unlimited photo storage, and having that data go against the storage they give you) That said, having exposed ports does scare the snot out of me. Heck, looking at the firmware versions of most commercial routers should scare the snot out of most.
While I could go the route of beefing up my network, by setting up a dedicated firewall and what not... After thinking about it, it was like, why? The router I have has it baked in and you are only as secure as your weakest point. That said, if somehow, someway, any of my computers became infected (tainted PPA on a Linux machine, my old Mac with an old version of High Sierra having a vulnerability and Apple no longer supporting it, or one of the many Windows PC's I own getting a virus) I want to know which machine I need to unplug and wipe before my NAS or other drives become encrypted and I'm dependent on my 3 to 6-month-old backup. Not all, but many viruses today actually sit on your machine for months (as seen with the most recent attack)... just waiting to strike. You can get more machines if it stays undetected, and these antivirus companies don't have to find a fix, right!
So what is a developer / Tech Enthusiest to do? Welcome the HoneyPot. Per Wikipedia, a HoneyPot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. In my home network, I found an old Raspberry Pi 2 that was doing nothing and decided to install all the tools needed to create my own HoneyPot on my network. As a side, your family should know you have it on the network too... they will role there eyes, but when you start getting emails telling you little Timmys laptop is pinging the box, you'll need to be able to identify did he click on the wrong thing, or did he install something malware-ridden.
For my Honeypot, I decided to go bare metal, using a spare 32GB Micro SSD, a Raspberry Pi 2, USB power plug, TPLink 2.4ghz Wireless N USB adapter. For my software, I am using the latest version of Raspbian, WebMin, and OpenCanay, from Thinkst Applied Research. Now there are a few options out there, however, I went with Thinkst because they take a very RedHat approach to their product, Open Sourcing their code, while charging for support. Now I am all for paying companies or teams for items I use, however, $7500 for 5 devices a year is a bit much for my little home network. So, after installing Raspbain (based on Buster) on my Pi's SD card, booting it up, adding it to my home network, calling updates (sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y), and installing automatic updates (apt-get install unattended-upgrades apt-listchanges -y) I was ready to get rolling. Or so I thought...
See, thinking about it, I still have to manage this guy, but I don't want to use SSH, since the honeypot I am using fakes the SSH. While I could use another port, I am a fan of web portal based interfaces... specifically, WebMin. Directions to install Webmin can be found here. I then preemptively installed Python and Samba on my machine as I knew I wanted to track not only Linux but Windows Worms as well.
Ok... Now for the install... Following the directions on Thinkst Github page I was able to install OpenCanary on my box. Before executing the final command that actually starts the service, however, you do need to do one thing, which is to configure Email. Unless you want to log into the Honeypot every day, I suggest setting up the email option. As I use Gmail, my directions can be found here.
So what does this protect me from? While I did spend the money on a really decent router this year, you can never be too safe from online threats trying to get in. As well, I have new neighbors in my apartment complex... and while the 80-year-old former union worker upstairs from me may not be a huge threat to hacking into my wifi and getting access to my network shares, the neighbor down the hall with the RGB lights might think himself leet enough to try to crack my 20+ character wifi network password. While the Honeypot may not protect me from that, when they do start clicking into network devices, I'll at least know there is an unknown IP on my network, accessing my drives, and it might be a good time to update my password.