The Premise
The following blog entry is a copy of my Linkedin article.
Hello world! Until recently I was enrolled in an intense programme of study designed for people looking to start a career in Cyber Security.
This is the first post in a series about my project. I am using this medium to gather my thoughts and share my experiences with the world.
To conclude the course I had to complete a Capstone Project on a Cyber Security related topic. I currently work in a unique position where I am one part educator and one part technologist.
The Methodology
So I thought why not use this unique background as a foundation of my project? To raise awareness to others of Cyber Security to others? My plan of action was this:
- Use the Raspberry Pi currently collecting dust as a Pi Hole (DNS Sinkhole)
- Connect the device to the home router.
- Configure the device (Install a Universal Forwarder) to send data to a separate Splunk Server in the cloud.
- Analyse the data within Splunk.
The Raspberry Pi has become the third best selling computer of all time. It’s a very commonly available multipurpose device that runs a variety of operating systems. It is most well known for running versions of Linux (Raspbian being an ARM based form of Debian). A good familiarity with Linux and the command line was required for the installation and configuration of the software across multiple devices.
What is Pi-hole?
Pi-hole is a network-wide ad blocker. Rather than installing ad-blocker software on every device and every browser, one can install Pi-hole once on your home network, and it will protect all devices. Because it works differently than a browser-based ad-blocker, Pi-hole also block ads in non-traditional places, such as in games consoles and on smart TVs.
How does it work?
Pi-hole functions as an internal, private DNS server for your home network. For many home users, this service is already running on your router, but your router doesn’t know where advertisements are. Pi-hole does (It stores thousands of domains on its blocklist). Pi-hole will intercept any queries for known ad-serving domains and deny them access, so ads won’t be downloaded.
How does this relate to Cyber Security?
To strengthen the Cyber Security posture of your organisation one needs to enhance the knowledge of employees. I believe that good Cyber-Security starts at home and that one should ‘practice what you preach’. Over the course of 10 days and collecting large amounts of data I discovered that a significant proportion of my web traffic consisted of domains tracking users and many attempts to send telemetry data ‘back home’. Hardening the computer network also is part of the Australian Cyber Security Centre’s ‘Essential Eight’ maturity model. Under the section of ‘user application hardening’: ‘web browsers do not process web advertisements from the internet’.
In the next parts I will share how I installed and configured the different components and got them to talk to each other.