Cyber Raspberry Pi lessons
1. Teach students how to install and use Kali Linux on a Raspberry Pi.
The best way to learn how hacking works is to learn to hack! Kali Linux is a
security-focused Linux distribution favored by penetration testers and ethical hackers.
Kali Linux is also available for ARM systems like the Raspberry Pi, and
simple to install. The OS has several dedicated tools for
learning about information security in a
practical hands-on way. Also, the portability of the Pi makes it a
desirable device for professional penetration testers.
2. Make the Ultimate Honeypot
A honeypot emulates a program or network vulnerability, to attract an
external attack. SNARE (Super Next generation Advanced Reactive
honEypot) and TANNER operate in
tandem to attract and evaluate potential hacking attempts.
SNARE runs on any Linux system making it perfect for the Pi. Once installed,
input the URL of the site you want to test to make a clone. Running SNARE
hosts a copy of the site at the Pi's ip address, and logs all requests
made to the site. TANNER is a tool to analyze the events, prepare
different responses, and visualize the data via the web GUI.
Learning how a network functions, and what to look out for when something
is going wrong, is an important step toward building secure systems.
3. Facial Recognition Using Open CV
Facial recognition is widespread in surveillance, but you can implement
it yourself with a Raspberry Pi. The project requires a Pi and a camera
module (plus a battery to make it truly mobile) and uses OpenCV to
distinguish between faces. Hackster.io user MJRoBot has a detailed
tutorial on getting it up and running.
This is a much more "physical" security usage for the Pi. Portable and
easy to extend systems are an extra form of entry protection, which can
be directly wired to locking or alarm hardware.
4. VPN Server
At the top of my list of Pi experiments is creating a VPN server. Why pay
for a cloud VPN when you can tunnel home for free? Most of us leave
our best stuff, physical and digital, at home anyway. Once you punch
into your home VPN, you can access media files, backups, or anything else squirreled on your LAN.
In this arrangement, your Pi is the VPN server, and the end-user devices you
want to connect to it, e.g. laptops or mobile devices, are the clients.
Your Pi resides on your LAN, with your router mapping the Pi VPN port to
a port on its WAN IP. Dial your home’s IP and port, present the required
key, and you will open an encrypted line back to home base.
5. Transparent VPN Proxy
This project is unique because it doesn’t provide a service (and so isn’t a
server), but it facilitates the use of an existing service. When
converted to a transparent VPN proxy, your Pi becomes a portable
security device that automatically confers VPN protection on your
other devices.
To build your transparent proxy, first you will need to ensure that your Pi
has two wireless interfaces. Pi models come with, at most, one wireless
interface, so you’ll have to pick up at least one USB-connected wireless
device. Second, you’ll need a VPN service. If your VPN was the server
described above, I guess you’ll need another Pi.
A transparent VPN proxy is designed to solve the problem of not trusting
a network enough to connect your end-user devices directly to it, but
still needing connectivity. In essence, the proxy device does so by
interposing itself between the untrusted network and end-user device,
and then routes the end-user device through your VPN of choice. This
leaves the untrusted network carrying purely encrypted traffic.
To pull this off, you configure your Pi as an access point (AP) and as a VPN
client. What is it an AP for? The suspect network. Its role as a VPN
client works as you would expect, with its traffic encrypted to the VPN
server.
6. File Storage Server
We’re back to server mode here, so the networking prerequisites are back
in force.
A Pi file storage server can stand in for cloud storage while offering
added perks. The general concept is that, like with the VPN, it lives on
your LAN with its file service port mapped to a port on your router’s
WAN IP. You then access the file server by punching in your home
router’s IP and port, plus the server username and password, into your
network storage client program and you throw open your vault of stashed
files.
The advantages of running your own networked file storage are
substantial. For one thing, you can store way more data. Want more
space? Attach a bigger hard drive. For another, you own the
infrastructure. You’re not entrusting your data to some company, but to
your own hardware and open-source software — and it costs much less. You
really only sink one-time costs into the Pi and hard drive, and just pay
for electricity.