Page 1 of 1

Network security question

PostPosted: Jul 28th, '20, 20:47
by jiml8
My network is divided into a trusted LAN and an untrusted VLAN. The trusted network hosts all devices and systems that I have full control over (meaning I have root access and can verify they are clean), while the untrusted network is a new addition specifically for untrusted devices - which are any device that is an appliance over which my control is limited. I set this up specifically for my new smart TV; I can't root it so I can't really control it but I won't let it spy on me or become a potential security hazard for my other systems.

I have decided that I would like to set up a VPN proxy on the untrusted network so that I can route all traffic on that network out through a single VPN connection.

I have already set up a raspberry pi pi-hole DNS server on my network. This server can be accessed from the trusted network on port 53 and on port 22 (so that I can remote manage it) and on the untrusted network only on port 53, so that the untrusted network can only talk to it for DNS..

My choices for how to set up this VPN proxy are two:

(1) I can open up access by the untrusted VPN to the raspberry pi and use it as both DNS for the entire network and as VPN proxy for the untrusted network, or

(2) I can procure another raspberry pi, configure it to reside only on the untrusted network (no connection at all to the trusted network), and let it be the dedicated VPN proxy.

Choice 1 allows traffic from untrusted devices that are potentially hacked or owned into a Linux-based device that has access to my trusted network.

Choice 2 denies this sort of access, at the expense of more hardware hence more support requirements for the network.

Presently, of course, traffic from both networks does flow through my router. But that router is a simplewan and, given how it is hardened, I doubt it is vulnerable to an attack from the LAN or the untrusted VLAN.

I am not so sure, however, that the raspberry pi (Debian based) is so secure. But maybe I am being a bit too cautious about it.

I am not willing to go to the effort of hardening the raspberry pi beyond setting up appropriate iptables rules; there are many other things I would much rather spend my time doing.

What would you do? Choice 1? Or choice 2?

Re: Network security question

PostPosted: Jul 30th, '20, 02:25
by jiml8
I am rather surprised that no one has offered an opinion.

However, I have decided to go with choice 2, and I have ordered another raspberry pi.

I decided that choice 1 was a compromise, and the reason for making the compromise was not good enough.

If my untrusted network is to be isolated, then I should isolate it completely. So, while permitting untrusted traffic to pass through the raspberry pi DNS server would probably be OK, it wouldn't certainly 100% be OK, and I would be providing a path into the trusted network.

Option 2 eliminates that path.

Re: Network security question

PostPosted: Jul 30th, '20, 23:16
by magic
I think it does come down to personal choice, how unsafe you feel and what resources you want to commit. (I mean, you could say that using a physically separate network - well except for the gateway - is 'safer' but that seems excessive in most cases to me)

Option 2 might also make fault finding slightly easier when something goes wonky. Not that I really know much about it, in truth.

Re: Network security question

PostPosted: Aug 1st, '20, 01:20
by jiml8
You might want to take some time one day and read up on the massive security issues surrounding IOT devices, and also read up on the truly awesome amount of spying and data collection that smart TVs have been engaged in. It really is remarkable.

Once you have done that, you might reconsider what you consider to be necessary when allowing any of these devices onto your network, and in contact with your other devices.

I have, in fact, set up a separate network just for my new TV and any other devices that I cannot control. That is what a VLAN is. This TV cannot see any of my trusted devices and will have no access to systems that contain important information. That is specifically because I cannot trust them to keep "hands off", when the record is clear that they will rifle my systems if they can.

I also cannot trust them to be inhenently secure, because again the record shows that they are not and in some cases cannot be made secure. Thus, I segregate and isolate them so that if and when they are cracked it won't impact my trusted and important systems.

Re: Network security question

PostPosted: Aug 1st, '20, 22:40
by magic
I'm not disagreeing with you, just saying that different people will have different considerations and will reach different conclusions.

The issue of what is being transmitted externally is definitely something that should be carefully considered by everyone before employing any such device.