Endpoint Security

Can a Raspberry Pi be used as enterprise-grade endpoint protection?

The Internet of Things (IoT), while full of promise, is also a minefield when it comes to security. Insecure Operating Systems, unpatchable hardware, everything generally left completely open to whoever wants access.

Travis Smith, Senior Researcher at Tripwire, thinks he has a solution. Using just a Raspberry Pi B3 and some free Open Source software, he can create a network gateway to “protect the unpatchable”.

Speaking at this year’s InfoSecurity Europe [although the above video is the same presentation from Security BSides San Francisco the previous month], Smith talked through what tools he used and how he set up a Pi as a network monitoring tool that can be used to simply protect your home or be scaled up into larger environments. “It doesn’t matter if you’re monitoring your toothbrush or financial records,” he said.

Starting with an OS, Smith opts for Raspbian (possibly with NOOBs for easier install), for an Intrusion Detection System he used Bro IDS with Critical Stack for a threat intelligence feed aggregator. The full ELK Stack was chosen for real-time data monitoring; LogStash as a log manager, Elastic Search to store normalised log data, and Kilbana for data visualisation.

Thanks to the ARM architecture and UNIX base, installation is relatively painless. Many of the above offerings come with Debian options, which run easily on Raspbian.

If you want to take a more proactive approach, the likes of NMAP can be used for network scanning, and OpenVAS for vulnerability scanning (although it is reportedly slow, even on a home network – so it may be worthwhile to have two Pis to break up the monitoring/scanning roles).

While there are commercial options that do similar things – for example, Asus AiProtection – they can reach the hundreds of dollars mark. All in all, the hardware for this project costs somewhere in the region of $60. Despite the impressive sounding nature of all this hardware, Smith says it all runs fine on his Pi, and even has plenty of CPU and memory left to spare.

For a detailed guide and the nitty-gritty of installation, head over to the Tripwire blog, or Smith’s dedicated GitHub page.


« Low digital payment penetration hinders e-commerce in Africa


InfoShot: The rise of the Euro-corn »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?