My hobby: making home networks better protected from evil

  • 1
  • Idea
  • Updated 7 months ago
I've been a computer security researcher for 6 years. I got my start reverse engineering games that I had bought to see if I could generate CD keys even without permission, or play games without a CD back when that was still a thing. Professionally, I've published papers on multiple ways to detect malware, ways to obscure the purpose of software against reverse engineers and ways for reverse engineers to tell if such techniques are being employed by a program. I've written a web server that my computer helped me prove would never crash. But of all these grand things, I'm most proud of creating a home network that sufficiently deters me from accessing evil using it. Covenant Eyes is foundational to this home network, and the devices that leave my home network.

I did an assignment as a cyber-warfare officer in the U.S. Air Force. One of the exercises we participated in was called the Cyber Defense Exercise (CDX). The challenge was to secure a network that National Security Agency (NSA) hackers were trying to penetrate. That was actually easier than it sounds, however, the one particularly difficult catch was that they had a person on the inside of our network who "checked emails" (clicked on every single link that was sent to them, regardless of how obviously evil it was). I won't get into details of how we solved this, but I will say that it involved technology and techniques that are great for small networks, but do not scale easily to large ones.

I want to offer my help to anyone in the Covenant Eyes community who is interested in advice and assessment and possibly adaptation of their home network towards better protection, though I will never be able to guarantee perfect protection because that's not the world we live in. 

Some particulars for anyone interested in a more protected home network:
*This is for the Covenant Eyes community only. Please do not tell others outside of this community about this offer.
*Building trust from scratch is necessary for this endeavor. It starts with an email to lt[my last name]@acm[period]org and the logical conclusion is an in-person consultation. Non-negotiable.
*As this is a hobby, I have very limited time for it. I envision weekend trips once in a while. Non-negotiable.
*Your buy in matters. I won't accept a profit, but I don't want to pay for all travel expenses. Negotiable.
*This must be consensual. I will accept parents speaking for young children, but certainly all adults in the affected network should consent; teenagers can be discussed.
*A major part of the consultation is informal teaching of the study of computers. The most useful things to know about computers are not difficult to understand, as the relate strongly to everyday concepts. Negotiable.

I'm open to discussion.
Photo of Luke Jones

Luke Jones

  • 9 Posts
  • 1 Reply Like
  • optimistic

Posted 7 months ago

  • 1
Photo of Steel

Steel

  • 86 Posts
  • 11 Reply Likes
Luke, while not a bad idea, I'm not sure about the tenability of it. Network consultations are a great idea, (and, as a fellow pseudo-security-researcher,) are an excellent tool in this type of arena. However, I'm not sure that attempting to limit the scope to CE-only is a viable option.
- First, this is an open forum (and as such, you may want to remove the pseudo-PII in your original post) - anyone could use the information here for any number of things.
- Second, network security is useful to lots of people! It would be a *good* thing if folks outside the CE community implemented proper network security (think about the small church down the street who probably just has an open 'linksys' network...).
- Third, we're still on the internet. Personal connections and real-world meet-ups are a hairy cross-over from the digital realm. My general policy is not to meet up with digital acquaintances, and I recommend the same to those acquaintances. Especially as allegations seem to arise from seemingly innocuous circumstances, it would be a travesty for your offer to be not only taken advantage of, but used as an attack vector against your physical person.
- Lastly and possibly most important: Consider the repercussions to the CE ecosystem. Were something to happen (real or falsified) involving your physical contact with an individual based on a connection that started on the CE help forums, what ramifications could it hold for CE at large?

I empathize with what I see as a desire to help - I've had it too. But in tempering those wishes, I've had to realize that there are significant risks to others, even if I am willing to shoulder the risks to myself. I've found an outlet for this desire to help by offering my services to others in my local church, small group(s), support group(s), and their affiliated connections. It's a small start, but it affords me several of items you cited above: trust, time, buy-in and education.
It's easier for me to gauge trust and buy-in from a person I've known in one of those settings. Likewise, if I don't know the person, I can ask for referrals from mutual connections. Some interested parties have been adamant in their interest, but I knew it would fade, having been able to gauge the individual. This allowed me to couch my expectations accordingly, and not be disappointed when they eventually dropped off of the radar. This crosses over into time - helping me to put my valuable time where it would be more effective. ... and since I can gauge these things and properly allot time, those who actually would benefit from the education receive it, and self-motivate. All this to say, consider the following: If you want to help more, what can you do in your current circles of influence? Why not start there? If it works, set up a consultation company and engage in a formal practice. You can offer discounts through affiliate programs, possibly even with Covenant Eyes (*Totally not speaking for the CE program at large!), allowing you to perform your services, cover expenses, and assist others, but while covering many of the potential issues of offering this service.

I can't change your mind, but consider the above text from empathy, not correction.