this post was submitted on 12 Apr 2025
7 points (88.9% liked)

Linux

53088 readers
559 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
7
Tips for a secure LAN with cellular connection? (lemmygrad.ml)
submitted 2 days ago by Xiisadaddy@lemmygrad.ml to c/linux@lemmy.ml
6 comments fedilink hide all child comments
 

So i am moving soon, and will be setting up a new LAN. A bit of an unorthodox one. Internet in the city im going to school in is pretty expensive so I've got an old thinkpad running OPNsense and will use that as my router and just tether my phone to it to provide cellular WAN. Both my PC and Laptop use Linux, Mint on PC, Debian on Laptop. I'm wondering what steps i should be taking security-wise on a setup like this? All my traffic will be going over the open air, and i know highjacking cellular connections is something thats done. Other than just using a VPN all the time which im doing are there any other steps i should take, maybe in my computer, or router firewall, that could help prevent MITM attacks? I'm not super familiar with how router level firewall especially works. Is much tweaking even required?

technically OPNsense is FreeBSD based not Linux but hopefully people still know a bit about it

you are viewing a single comment's thread
view the rest of the comments
[–] hamsda@lemm.ee 2 points 2 days ago (3 children)

Set OPNSense default policy

As far as I remember, OPNSense has a default policy rule of "deny all incoming, allow all outgoing". If not, this should be one of the first steps to take.

Get your own VPN

If you can, you could use your own VPN service. I run a VPS for 6 € / month. If you can get your hands on something like this and install an openvpn server, you could always use that VPN for every connection.

So even if an attacker highjacks your connection somehow, he would only be able to see encrypted content and all content will be encrypted by a server you own and can verify / trust. You could also integrate this VPN into your OPNSense, so you'll be connected as soon as OPNSense starts up and has internet.

Regarding MITM attacks

Please someone correct me if I am wrong, but MITM attacks should generally be impossible when connecting to SSL backed connections, right?

These certificates (or rather the certificate authority the HTTPS certificates have been issued by) are generally trusted by your own operating system. Therefore, if someone wanted to highjack your connection without you getting some kind of certificate error, he would have needed to get his hands on a certificate issued by a worldwide trusted certificate authority and the address name matching the certificate.

[–] Xiisadaddy@lemmygrad.ml 1 points 1 day ago (2 children)

My MITM attack concerns mainly regard stingray use. Since ill be routing through cellular for everything.

[–] hamsda@lemm.ee 1 points 1 day ago (1 children)

I don't know what stingray is, but if it needs a connection to somewhere and the protocol to connect verifies os-trusted certificates, it should be safe.