The Definitive Guide To Protecting Your Home Network From Cyber Threats With A Raspberry Pi

Dedicated antivirus tools may not be mandatory these days, but that doesn’t mean the Internet is free from the scourge of viruses. Rather, with how ubiquitous computing devices have become … Read more

Taylor Bell

Taylor Bell

Published on Jul 04, 2024

The Definitive Guide To Protecting Your Home Network From Cyber Threats With A Raspberry Pi

Dedicated antivirus tools may not be mandatory these days, but that doesn’t mean the Internet is free from the scourge of viruses. Rather, with how ubiquitous computing devices have become over the last couple of years, there’s a truckload of spyware, keyloggers, and other malware floating online, ready to target their next victim.

Best single board computer

Related

Best single board computer in 2024

If you’ve been thinking of tinkering with a SBC, we break down the most common ones and why you’d want them.

Thankfully, there are just as many ways to protect all the devices connected to your home network. In fact, if you have a spare Raspberry Pi board, you can easily convert it into a network monitoring tool to prevent malware from causing harm to the devices connected to your home network.

What you’ll need

Although we’ll be installing quite a few applications, everything besides the optional section of this project can be replicated on your average Raspberry Pi. I used the 8GB variant of the Raspberry Pi 5 in the tutorial, but other boards, including the less powerful RPi Zero W series, should work fine as well. However, you’ll need more storage than usual, and I recommend getting a microSD card with a minimum storage capacity of 16GB to avoid running out of space in the middle of installing the apps.

Next, we’ll assume you’ve already installed an operating system on the microSD card. I had planned to go with Kali Linux because it’s the crème de la crème OS for anything and everything related to cyber security. However, I finally chose the Raspberry Pi OS due to its better performance and beginner-friendly nature, though you can use Kali Linux or a Debian-based distro.

Check for vulnerabilities using Nmap

Nmap is a fantastic probing tool that lets you scan all the devices connected to your home network and run commands to detect vulnerabilities that can be used to execute harmful payloads. You can install it on your Raspberry Pi by following these steps.

  1. Launch the Terminal app.
    The Raspberry Pi terminal app

  2. Use the following command to install the Snap Store: 
    sudo apt install snapd -y
    The command to install the Snap Store

  3. With the help of the snap command, install the snapd package: 
    sudo snap install snapd
    The command to install the snapd package

  4. Next, install the Nmap package by running this command: 
    sudo snap install nmap
    The command to install the Nmap package

  5. You’ll need to run the snap connect command to grant Nmap access to the network-control interface. 
    sudo snap connect nmap:network-control
    Granting Nmap the privileges to access the network-control interface

Once you’ve installed Nmap, you can run several scripts to diagnose security vulnerabilities in your devices and website. Here are some common commands that you should remember:

Besides these three commands, Nmap has different flags and options for all your network diagnostic needs. You can browse them by typing nmap into the terminal.

Keep an eye on the data packets with Wireshark

For the uninitiated, packet sniffing is a technique that can intercept the data packets transmitted to and from your devices. This lets you analyze the traffic to ensure your data isn’t getting routed to an unauthorized party. We’ll use Wireshark to bring packet sniffing capabilities to our Raspberry Pi.

  1. Inside the terminal, run this command to install the Wireshark package: 
    sudo apt install wireshark -y
    The command to install Wireshark

  2. Assuming you’re the only person accessing the Raspberry Pi, pick Yes when the installation wizard asks you to grant non-superusers the authorization to capture packets.
    Granting non-superusers the authorization to capture packets

  3. Once Wireshark has finished installing, run the chmod command with these parameters to grant additional privileges to the user. 
    sudo chmod a+x /usr/bin/dumpcap
    Using the chmod command to give more permissions to the user

With that, you’re free to use Wireshark to analyze the network traffic on Ethernet, Wi-Fi, and other connections.

  1. Click on the Start button and pick Wireshark inside the Internet tab to launch the app.
    The procedure to launch Wireshark in the Raspberry Pi OS

    Alternatively, you can type wireshark into the terminal.

  2. Double-click on the network interface of your choice to view the incoming and outgoing packets.
    The procedure to check the data packets in network interfaces

Use PiVPN to maintain your privacy

VPN, or Virtual Private Network, is a privacy-driven tool that conceals your public IP address to maintain anonymity on the Internet. If you’re not fond of third-party VPN providers, you should check out the PiVPN utility, which lets you create an OpenVPN/WireGuard server on your Raspberry Pi.

We already have a dedicated article on how to set up PiVPN on the Raspberry Pi, but here’s a short version of the procedure:

  1. Run the following code inside the terminal to grab the PiVPN package: 
    curl -L https://install.pivpn.io | bash
    The terminal command to download PiVPN

  2. Block the IPv6 leaks when prompted by the installer.
    The procedure to block IPv6 leaks in the PiVPN installer

  3. Assuming you’ve already set up port-forwarding beforehand, agree to set your Raspberry Pi’s default IP address as the static IP.
    Picking a Local User in the PiVPN installer

  4. Choose either WireGuard or OpenVPN as your VPN protocol.
    The procedure to pick a VPN server in the PiVPN installer

  5. Reboot your Raspberry Pi once you’ve entered the Port Number and chosen a DNS Provider for your VPN server.
    The procedure to set a port number in the PiVPN installer

(Optional) Turning your Raspberry Pi into a dedicated firewall

All the tools I’ve mentioned so far can be installed on a single Raspberry Pi, and you won’t have any issues running them simultaneously. However, you’ll need to flash the Raspberry Pi with the OpenWRT firmware to use the SBC as a network-wide firewall.

As such, you’ll need a second Raspberry Pi for this procedure. And not just any board, mind you. Since OpenWRT’s UI can only be accessed once you’ve connected the SBC to both your PC and router, you can’t use a Raspberry Pi model that lacks a dedicated Ethernet port. You’ll also need a USB Type-A-to-Ethernet adapter to pair the SBC with your router.

Like the VPN, we have a detailed guide to help you with setting up the Raspberry Pi-flavored firewall. But here’s a quick overview of the entire process:

  1. Download the OpenWRT firmware version that’s compatible with your Raspberry Pi.
  2. Write the OpenWRT files onto a microSD card with the help of Balena Etcher, Rufus, Raspberry Pi Imager, or another flashing tool.
    Balena Etcher with the option to flash the OpenWrt firmware image highlighted in red

  3. Connect the Ethernet port on your Raspberry Pi to the RJ45 socket of your PC.
  4. Use the adapter I mentioned earlier to pair a USB port of your RPi to the Ethernet interface of your router.
  5. Switch to your PC and sign up on the following link: 
    http://192.168.1.1/
    The procedure to set a new password in OpenWrt web interface

  6. Once the OpenWRT dashboard appears, you can customize the traffic rules per your needs.
    An overview of the traffic settings in OpenWrt

A Raspberry Pi 5 resting on a PC case, with a LAN cable wrapped around it

Related

How to protect your home network with a Raspberry Pi firewall

Here’s how you can configure a network-wide firewall with your Raspberry Pi

Protecting your network (and privacy) with a Raspberry Pi

Those are some methods even beginners can use to safeguard their home networks from cyber threats. If you’re completely new to SBCs or networking, you can spend some time getting your bearings with Nmap and Wireshark. They’re quite easy to use and work incredibly well at flushing out suspicious activities on your home network.

Once you’ve gained more experience, I recommend giving the OpenWRT-powered firewall a shot. Although it’s a rather cumbersome project that can make a real mess out of your desk, a properly configured Raspberry Pi firewall can eradicate all the threats targeting your home network!

Partager cet article

Inscrivez-vous à notre newsletter