Friday, February 8, 2013

Me, My Raspberry Pi and I

In this post, I would like to share my raspberry experiment. I don't want to write another post of "How to do <this> with raspberry pi", but instead, share my experience. First of all:

What is Raspberry Pi?

From Raspberry Pi's FAQ:
The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming.

Raspberry Pi and I

I totally agree with the FAQ's definition! And I would recommend to all parents who are PC "aware" to buy a RP for their children!
My history with RP was quite long! I had been thinking of buying a RP a long time ago. But, I have a drawback (apart from my noumerous advantages of my character! :P); if I want something badly, I want it at the same time! Therefore, I wanted to buy a RP and didn't want to wait about 3 weeks, so I ordered from ebay. Unfortunately, I had bad luck. I ordered Friday and Saturday (as far as I can remember), it was announced that RP new releases would come with 512MB RAM instead of 256MB. All customers who had order from the authorized resellers they would get the 512MB version without any extra cost. But I had ordered from ebay!... So, no luck!... Nevertheless, I didn't get disappointed.

My "Project Plan"

My experiment with RP was to create a RP to host the following:
  • VPN server
  • Torrent downloader
  • TOR proxy
  • Syslog
  • Dropbox uploader
  • File Server
  • (I hope the list will grow!)

Getting Started

I will skip the first steps because they are well documented at RP's site here!
Initially I had an SD with 8GB RAM but unfortunatelly it was declared dead.... So, I bought a 16GB SD, class 10! :)

First steps

I will start from the classics. Change the default password and throught raspi-config, extend file system to occupy the whole SD card and enable SSH. You will need it some time!
One of the classic security basics is to change your password! Through raspi-config, change the timezone and the keyboard. Another way to do this is to edit XKBLAYOUT and set it to "us" at /etc/default/keyboard.


Update your RP

In order to keep my RP distro up to date I used RPi update. You can get it by doing the following:
> sudo apt-get install git-core
> https://github.com/Hexxeh/rpi-update
Copy it to a cron directory, according to your needs (I have copied to the cron.weekly for example).

VPN Server

I have set up a VPN server in order to get connected to website & services over unsecured WIFIs. I have used this useful guide to set it up!


Torrent Box

I use bittornado client. Generally, you can use apt-get command and install your preferable torrent client software. Here you can find a guide for installing trasmission on your RP!


TOR Proxy

TOR project is an open network which you can use in order to tunnel your requests through many proxies all over the Internet. The purpose of the project is to provide its user anonymity. Here you can find information regarding TOR project.
The installation on my RP was quite simple. Issue the command:
apt-get install tor
and your RP is hosting your TOR proxy. Now you must alter your proxy settings on your browser in order to route all your requests through the TOR software. A very nice firefox add-on is QuickProxy!


Syslog

I also use syslog service of my RP to gather all logs from my network devices. You have to un-comment the following lines from /etc/rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
and instruct the network devices to use your RP as a syslog server!


Dropbox uploader

One of my first thoughts with RP was to upload files to dropbox through RP in order to take advantage of RP's low consumption. Moreover, it won't be necessary to have my macbook powered on in order to upload large files!
I found a useful script which uploads files to Dropbox with a Bash script. It's very useful and easy to install and use! You can find it here.


File Server

My RP is always ON! So why not share some files? For example some photos? So, I created a user, installed samba and voilá; my photos are shared on my home network. I used the following sequence:
#Install samba
> apt-get install samba samba-common-bin
#Created a user
> adduser <username>
#Set user samba password
smbpasswd -a <username>
#Added the following lines in /etc/samba/smb.conf:
[Photos]
comment = Photos Folder
path = <path here>
writable = no
guest ok = no
#Restart Samba Service
> /etc/init.d/samba restart


Now, the path entered in Samba.conf file is being shared over the network!

Iptables 

Last but not least, you need to setup a firewall. Iptables is a fine solution. If your RP is exposed to the Internet, it would be wiser if you configure your iptables. Here is some of fine guided I have used to write my iptables:

http://www.cyberciti.biz/tips/linux-iptables-examples.html
http://www.garron.me/linux/iptables-manual.html
http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ 

Sum-up

My adventure with the RP does not end here. I experiment a lot with my RP and currently I am working on the project Kali Linux on RP, so stay tuned!

Further Reading

  1. Raspberry Pi FAQ
  2. Buy Raspberry Pi from Farnell or RS.
  3. RPi Tutorials list.

Tuesday, February 5, 2013

Intellectual Property and Code of Ethics 001

As you may have noticed, I have watermarked every picture embedded in my blog posts. I had a recent plagiarism incident where my whole post was copied and integrated to somebody's blog and there was no citation to it apart from a link at the end of this blog post.
I would like to mention in this post that the information I write to my blog is free for everyone to share. But, the initial source of this information should be mentioned following the academic ethics. I am sure that the majority of infosec professionals had an academic education and therefore written some kind of dissertation according to some official rule set. For example in my MSc we have the following rules.
After a long search over the Internet I found a document under the name "Data Citation Best Practice Discussion Document" which can be found here.
It is a nice reference for all of us who do use references in our blog posts and we don't copy them without respecting the work of our colleague.
I am free to discuss this subject and of course, eager to hear any different point of view.

Friday, February 1, 2013

CISSP Study Notes

It has been a while when I passed my CISSP exam. I don't think that an introduction is needed to describe the CISSP exam; it is well known how important is for an Information Security professional.
Because of some "tidiness projects" I have taken over in my house, I found my lost CISSP study material! However, I found that my notes were a little bit destroyed in their upper parts, but they are still readable.
I decided to "digitize" them and share them with Information Security community. My main study resource was Shon Harris' All-in-One-Exam Guide (all times classic!) and therefore any page reference found in my notes, is referred to this book.
Please note that -as every personal notes- my notes are not perfect. What is more, they focus on domains that I needed -or wanted?- to focus more. There sure will have mistakes on them too! So, I don't want to take this as a disclaimer, but use at your own risk! :P
I suggest you to use them -if you wish- as an auxiliary material, and of course I need your feedback! If I have a mistake or any kind of misinterpretation on them, I would be grateful if you could share it with me.
 
Good luck with your exams!