- NOTE: All documentaion and code hosted here is a huge work in progress. Im in the process of writing docs, porting existing code and cleanup.
- The SEWiFi project aims to create a security enhanced WiFi USB dongle. The USB device for this project is based on a Debian ARM distribution which masqurades as a USB WiFi dongle which passes a host computers network traffic though a full security stack (i.e. Firewall, IDS, IPS, VPN, etc).
- The project is currently in its early stages.
- The current hardware for this project is a Gumstix Overo ARM board with an Overo Thunbo daughter board.
- The base OS is a tweeked Debian ARM Linux distribution which can be installed on a base Debian system with a single deb package.
- Precompiled images of the project can be obtained here
- Documentation can be found here
- Documentation can be found here
- if you are already running Debian on a Gumstix Overo board you can simply do the following
cat << EOF > sewifi/etc/apt/sources.list
deb https://raw.githubusercontent.com/hackgnar/sewifi/master/apt-repo main
EOF
apt-get update
apt-get install sewifi-gumstix-overo
In its current state the project is very much useable by seasoned Linux users. Most of the work that needs to be done revolves around making the device affordable, easy to use by everyday users, and adding more security tools. Once your device is up and running it is currently only configurable via ssh. These configurations include setting up wifi credentials, setting VPN credentials, viewing and taking action on IDS rules, etc.
Currently, to configure the device, do the following:
- Plug it into a host computers USB port and wait for it to serve you up a DHCP address on your USB network interface
- SSH to 172.16.1.2 with username root and password hackgnar. Note, you should eventualy change your password.
- Set a wifi network up in /etc/network/interfaces
- Setup VPN credentials if desired
- Make the device your default route or simply turn off your host computers wifi and unplug and wired network connetions.
- Thats it... All network connections will now be filtered though the devices firewall, IDS, VPN, etc software.
- Making the SEWiFi device easy to use for everyday users.
- Masquirade as popular USB wifi device
- Web configuration console
- Serve configuration files over a USB filesystem mount
- Host application & driver to send/recieve data to the SEWiFi device
- Making the hardware for the SEWiFi project more affordable.
- This is currently a work in progress. I am looking at a different board which would bring the price point under $100 instead of $200
- Making the hardware for the SEWiFi project smaller.
- This is also a work in progress. The board mentioned above will reduce the size considerably.
- Adding actions triggered by ISD alerts.
- This requires some simple customization of the systems current IDS (BRO). This should be added fairly soon.
- Notable alerts should also be propigated to the user.
- Adding more security tools to the base image.
- There are many other tools which can be included in the base image. Some of these include:
- Tor
- DNSSec
- Alternate IDSs for the Bro haters
- HTTPS encapsulation for non SSL traffic
- others...
- There are many other tools which can be included in the base image. Some of these include: