Whitelist MAC

This commit is contained in:
Alicia Sykes 2020-01-14 13:40:11 +00:00 committed by GitHub
parent 1bdbbb896a
commit cf56877c25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -113,8 +113,9 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
**Stay protected from DNS Leaks** | Optional | A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level. To prevent this you can either use a DNS server provided by your VPN, or use [CloudFlares DNS](https://1.1.1.1/) (set nameservers to `1.1.1.1`), or maintain your own DNS server. You can check your protection, by running a [DNS Leak Test](https://www.dnsleaktest.com/), or run `nslookup whoami.akamai.net` in your terminal. Read more about [preventing DNA Leaks](https://securitytrails.com/blog/what-is-dns-leak-how-can-i-prevent-it).
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widley used, and currently considered a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and effiecient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnrable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and [WireGuard](https://www.wireguard.com/) *(experimental)* are also good options.
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
**Avoid the free router from your ISP** | Optional | Typically theyre manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws arent released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to connect to your network. A malicous actor can bipass this, by making their address appear the same as one of your trusted devices, but it will add an extra step for them.
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
**Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service thats not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.