So I was online the other day and I got a notice in my email and the wife got a notification on her browser that a torrent was downloaded for some God awful movie, well surely I’ve never ever downloaded anything online that I shouldn’t have. Now, of course, I have no desire to do such things, but I don’t like the idea that big brother can watch my Internet so easily. So I decided I was going to try to make the best secured and anonymous configuration I could think of with my gear and software that I currently have available.
Since starting this endeavor, I’ve learned more about DNS leaks, IP leaks, and other ways a potential snoop or hacker can obtain information about you. I setup an annual subscription to a well recommended VPN/Proxy provider.
I then realized, that I didn’t want the VPN to be an all or nothing situation. There are only a couple of things that I would desire to use a VPN. I didn’t want to have my entire machine using the VPN for just a couple small tasks. Plus, if I ever did want to look into nefarious material, I’d want to do it on a clean machine that’s never been exposed to my personal data. So, I created a new clean VM inside the desktop virtualization software that I use. I restricted the IP of the virtual system so it is only allowed to communicate with the firewall inside my network and only allowed to communicate with the specific IP addresses of the VPN servers for my third-party VPN provider – ALL OTHER COMMUNICATION is 100% blocked. The VPN provider also no longer provides IP address lists because ISPs like to block them. However, they do provide the FQDN’s that resolve to multiple addresses. So, I made a PowerShell script that goes through a list I created of all the FQDNs and parses the data into two files. The first file is a hosts file that contains all the addresses that the VPN client software would need to communicate. The second file is a script of all the cisco commands so I can dump the information into my firewall and it will automatically add those addresses to the rules for this specific VM. The VM itself is not configured for any DNS servers. 100% of the name resolution is through the hosts file. By doing this, DNS Leakage is not possible. The server is unable to communicate with any server on the Internet that is not the VPN provider (this is blocked by my Cisco ASA 5505). Therefore, IP leakage is not possible. The VM itself has a virtual network drive that is a direct connection to a shared folder on the host. So, one folder is exposed and used to transfer files between the host and the guest, but otherwise the host’s drive is restricted.
Here’s a lazy drawing of my basic setup – the IP addresses have been changed…
I’m very excited about this setup, I’ve run multiple tests and they all come out perfect. I LOVE IT!
So why am I a hypocrite?
Well, while I was setting this up, I was noticing that whenever I would come into my son’s room he’d immediately shut off his Surface tablet and have a funny look on his face. Now, I know he’s not interested in girls yet, but he’s obviously looking at something that he doesn’t think we’d approve of. We’ve told him that if he’s looking at something that he doesn’t think we’d like that it’s probably something he shouldn’t see. However, he’s a lot like his daddy and he’s going to try to do what he wants. Unfortunately, DNS loggers and so forth don’t work as well anymore because almost anything (even kids restricted sites) will have inappropriate pop-ups. So, while he was at school today I installed TightVNC. I configured it to not show any notifications or task bar icons. He has no idea when I’m connected and viewing his screens live. So, I’m now waiting for him to do something that I disapprove of. Then, I’ll text him to come downstairs (on his iPod), and show him the captured screen. I imagine he will have the look of horror on his face as I tell him that I can see everything he does. I will then remind him that his Daddy’s job is in IT and he needs to remember that when he’s online.
I just find it funny that on one hand I’m trying to make sure nobody can watch what I am or am not doing while at the same time making sure I can see everything my son is doing.
My ruling on this? I’m the parent, and children have no rights until they pay rent and move out. My job is to protect them from their own stupidity. So it’s the hypocrisy of the ages >>> PARENTHOOD 🙂 LOL