Thursday, September 15, 2016

Pi3 as a secure proxy

In a previous post I talked about the cameras I was playing with.

I was looking at a raspberry pi3 that was sitting on my desk and started thinking about the fact that it has both a wifi and an ethernet port - so I decided to see if I could use it as a secure interface to the camera.

Pi3 is on my home wifi.
Pi3 ethernet is directly connected to the ethernet port on a camera.
On the ethernet interface run the following services:

  • ftp server
  • ntp server
  • dhcp server
  • The ethernet network is set up to not forward packets - This lets us take complete control of what the camera can access and what can access the camera.
On the wifi port turn on ssh with key only authentication and an https proxy to the http port on the camera.




Notes on some of the cameras there is a streaming port that is separate from the http port so those will need to be enabled to passthrough as well - perhaps a proxy could be enabled after authentication with a specific ip...
Labels: ,

Wednesday, September 14, 2016

Consumer Video Monitoring and Security

I recently had the opportunity to try out different cameras from Foscam, Amcrest and DLink.
What I found is that cameras are marketed using "security", but when it comes to network security they are not very secure.
  • They all use http for setup/admin.
  • They all report motion/audio events via ftp or smtp.
For those not in the network security world - ftp/http/smtp all send data in the clear over your network, you are now relying on the security of your physical or wifi network to protect your data.
One of the vendors has a laughable effort at "Security through obscurity" by making the http port 88 vs 80...
Command to look for open port 80 on a network
  • nmap -p80 192.168.1.0/24 --open
Command to look for 80 and 88 at the same time on a network
  • nmap -p80,88 192.168.1.0/24 --open
Yeah, somebody up to no good will never figure that out...
Labels:

Friday, September 9, 2016

ASUS Chromebook Flip and Android

Recently I decided to play about with the Android on Chromebook that Google announced.
This seemed like a good candidate for a little computer that could do it all for a low price. It is to bad that this is not charged via USB or it would be the perfect travel computer (I like the idea of only bringing a 2 port USB charger on travel).
I got an ASUS Chromebook Flip - it is an interesting little computer. I like the keyboard, importantly it includes an escape key which is critical for using vi. I like the idea of using Android on the Chromebook but since most of the web based sites have offline modes there are few apps that are really critical to have Android versions of itself. The flip is a bit of a gimmick - they may want to disable the keyboard when it is in flipped mode. BTW as of this writing you need to install the developer release to get the Android mode.

Android apps that I found to be of use on the Chromebook
  • Keypass - Store the passwords you need in a non-online version
  • Termux - Interestingly this revealed that the android is running in kind of a VM on its own internal NATed network so servers that are started on Termux are only accessible by the local Chromebook web browser and can't be hit from a remote computer (this is probably a good thing really).
  • Kindle - The only reason that I ever place it in flip mode
UPDATE:
One of my kid's Chromebooks failed a gravity test so the Flip is now serving as an instant replacement. One of the things I like about Chromebooks is that they are so interchangeable (I just did not anticipate having to use the Flip for that purpose)
Labels: ,

Thursday, September 8, 2016

Minimalistic travel and the Pixel C

I recently took a trip for business and the internal trackpad on my Macbook decided to take a trip of its own right as I was packing up. I decided to grab the Pixel C and use it as my primary computer for this trip.

I know that many many folks have been chucking their laptops in favor of tablets or phones, but I had not found the need to do that yet.

My normal workflow consists of a bunch of VI sessions running with SSH sessions to various hosts where i am writing code plus some windows for email, web lookups and document reading/writing.

On the trip this was accomplished with standard android apps and JuiceSSH (play store link) which did an admirable job but it did get me thinking.

When android first came out there was a great little app called Terminal IDE I had it installed on every android device I had, unfortunately it has fallen into abandonware status. It is a shame because it was a nifty little program.

After the trip I was checking to see if Terminal IDE or anything like it was still alive and I discovered my new favorite app on the Android: Termux (play store link)

Termux uses apt to get all the nifty unix tools that you are used to using if it is not included in the base then you can use apt to get it.

BTW - here is a dump of my apt commands:
apt update
apt upgrade
apt install vim
apt install nodejs
apt install git
apt install gcc
apt install openssh
apt install make
apt install autoconf
apt install python
apt install curl
apt install php
apt install perl
apt install bzip2

Labels: , ,
Subscribe to: Comments (Atom)