I certainly don't want ingress from the public Internet to devices on my home network in the general case
This is ultimately an operating system issue. For most of the history of the web, we've used NAT routers and firewalls as a fig leaf over the operating system issue. What is it? Operating systems are extremely promiscuous about listening for traffic on a multitude of ports. Operating systems are promiscuous about including a vast number of daemons running in the background handling a variety of tasks. Operating systems are promiscuous about running a bunch of daemons that phone home all the time.
All of this stuff is completely opaque to the user. All of it occurs on a default opt-out basis. All of it requires an extraordinary amount of knowledge for the user to feasibly withdraw consent. This is the operating system problem.
In another world, I can envision computers running operating systems which are totally transparent and easily understood by their users. All running services would be opt-in and users would be fully aware of exactly what's happening on their machines. That would be the world where end-to-end internet connectivity is highly desirable.
I am starting to think I should block all traffic out of my home network and force everything to go through a proxy server where I can manage all outbound traffic.
The number of devices I have plugged into my home network is astonishing and the chatter / discovery they do to each other is interesting to watch.
Expecting all networks to do this is a pipe dream because there are too many of them and a large proportion are administered by people you might not have anything charitable to say about. And then you're stuck falling back to something ugly, like tunneling over HTTPS to a device that can map that port and using it as a relay.
But you could still use it wherever it's available. Mobile devices spend a significant proportion of the time on home WiFi networks.
And there are only three major US wireless carriers. That isn't a matter of convincing a million absentee corporate firewall administrators, it's a matter of convincing three specific entities, any one of which would be a major win.
I'm half tempted to start making "enterprise firewalls" (i.e. a thin wrapper around Linux netfilter running on commodity hardware) and then enable RFC6887 by default and put a warning in the documentation not to turn it off because forcing applications to tunnel traffic over outgoing HTTPS can impair the functionality of intrusion detection systems and remove valuable information from audit logs.
Might be, but that’s not my concern as an operator of my private home network.
It’s completely fine for there to be conflicting goals even held by me. I want to not have my traffic interfered with when I’m on someone else’s network but I don’t want the vulnerable internet of shit stuff to be even more opaque on my network.
We shouldn't have to fight the OS, this is ridiculous.
Before moving definitively to Linux I'm considering installing a proxy on my router, bloc all ports except one and just redirect Firefox and a few apps that need connectivity to this port.
I'm not a network guy though, might be complicated.
The trouble is that it is behind your security perimeter once it is on your home network. It can start discovering other devices, monitoring traffic, enumerating ports and services, etc.
I do not trust random devices that plug into my home network. All connected devices are on a 'guest' network and firewalled (openwrt) from my other machines.
When I go to a cafe with my laptop, I run it in fully firewalled mode (no incoming connections of anysort).
At home, I want my machines to be more promiscuous. With the promiscuity comes various concerns. Whether it is my 1Password safe, my health and financial records, whatever - I don't want some $30 connected device to connect to my home network and publish a port to the outside world that permits tunneling into my inside network.
Unfortunately, outside of sandboxing/firewalling, I do not have the time to implement a tracking system to see what devices doing what.
Anyone else feel more safe with connected devices at home? What do you do?
Similarly, why not have an open wifi guest network? My neighbors can use it, my friends can use it, my mail man could use it. Having a secure connection just proves YOU are the one responsible for the browsing at hand. I agree, adding random browsing completely screws the game for people that snoop.
A good solution to this is using iptables to control what has access to which networks, rather than relying on the OS. AFWall+ is a nice front end for iptables and requires root. Netguard is another option that doesn't require root, but I'm not sure how that one works.
This requires being militant about never connecting under any conditions. If the device ever is even briefly connected to a particular network (especially any commonly-named public network), unless that entry is cleared, the device may reconnect later unintentionally and with no obvious indication of having done so..
For those with more expansive threat models, intentional dvice or network spoofing or cloning might bebrisks.
Since firewalling is performd off-device (on the home-LAN router), this will resut in an unsecured evice.
My preference would be for some on-device configured networking limits. Putting full reliance in fixed-site infrastructure migh be unpleasantly surprising.
Yeah, it seems to be the common consensus to just block everything going in and just make exceptions, where you really want to offer a service to the internet.
Makes total sense, thinking about it. I guess, all those years of just sitting behind a NAT makes one forget all these networking basics if you're not using them regularly.
Moving closed-source IoT devices into a special vlan, with some even more rigid rules (something like: only allow http/https traffic into the internal network) might be an additional level of security.
Having something like that turned on by default but being able to disable it would be a good choice.
Ultimately until someone can satisfy a user’s concern about the privacy and security of what flows through their connection there will be scrutiny on this piece. Being able to interject one’s own proxy or vpn tunnel could be interesting.
I don't even want them talking out to the internet by default, which is why I have a separate subnet with a different set of firewall rules that only allows whitelisted outbound connections.
If you are concerned with privacy and use any Microsoft products (you're already making a mistake by doing so in the first place but) I would recommend, by default, blocking all Internet access to/from the host (edit: by default; make exceptions as needed, obviously).
I've got one Windows machine here, just so I can run one specific client that I have to use for an internally-hosted application. That machine doesn't have a default route, just a single static route that lets it communicate with the (internal) things it needs to and, just for good measure, there are firewall rules (on the router connected to my upstream) that block any traffic to/from this machine and the Internet. (Sadly, I would not be surprised to learn that it can "fallback" to using DNS queries or some such to report back to the mothership.)
I think we'll eventually get to the point where, in general, devices won't have a default route. It might take a while, though -- currently, way too many people are still completely okay with every device and application they use spying on them and reporting back on what they do.
So-called "default deny" firewall policies for incoming traffic are pretty common nowadays. I can't wait for "default deny" policies for outbound traffic to become standard as well.
If I had smart devices in my home, I wouldn't allow them to communicate to the Internet directly. I think the common approach is to set up some bastion computer that only allows SSH login and make the other devices only visible to this computer and not the Internet at large.
Is there any way to get people a way to opt out of unnecessary internet connectivity? It seems to be spreading to include functionality that shouldn't require internet connectivity to begin with, like basic data storage and controls from a local network.
A solution would be allowing the user to turn this off. And more importantly, to allow firewall apps to manage all network traffic instead of excepting apple's.
That's how I deal with gaming and intrusive anticheat systems for a while now - we have a dedicated computer for gaming in our house, with the browser and most apps restricted. This is the only way to somewhat tolerate a ring0 spying system that also insists I have no hypervisors anywhere in sight.
I wish someone would make a router with a subscription service for blocking these connections that in no way benefit me. Throw a nice cpu in the router, make it L7. Charge me 5 bucks a month, I'll pay it so long as you never once challenge my trust in you, future router OS provider.
I can't manage this per device. Some, I don't want to, and most, I can't. Let's move the bandaid from the fingers to the wrist. Sell me a privacy aware router that sends 30% of my packets to 0.0.0.0.
Yes, yes it will be another page from the arm's race. Yes, websites will stop rendering content for not letting the tracking get through. I don't care, I live a year at a time and that is how this race is run. We won't win it, but we can die before we finish.
This is ultimately an operating system issue. For most of the history of the web, we've used NAT routers and firewalls as a fig leaf over the operating system issue. What is it? Operating systems are extremely promiscuous about listening for traffic on a multitude of ports. Operating systems are promiscuous about including a vast number of daemons running in the background handling a variety of tasks. Operating systems are promiscuous about running a bunch of daemons that phone home all the time.
All of this stuff is completely opaque to the user. All of it occurs on a default opt-out basis. All of it requires an extraordinary amount of knowledge for the user to feasibly withdraw consent. This is the operating system problem.
In another world, I can envision computers running operating systems which are totally transparent and easily understood by their users. All running services would be opt-in and users would be fully aware of exactly what's happening on their machines. That would be the world where end-to-end internet connectivity is highly desirable.
reply