Last active
March 14, 2018 23:45
-
-
Save nickgrealy/dbe4d6195ee14379826d181b77fac203 to your computer and use it in GitHub Desktop.
SamKnows - Security questions and answers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Is my internet traffic monitored, or does the SamKnows whitebox only measure "it's own" internet usage? | |
The Whitebox measures only it's own internet usage by running speedtests, your own traffic is not used for the measurements. | |
We check the *volume* of traffic to ensure the line isn't in use, but never the content or destination of the traffic. | |
- Why do I need to plug my devices into the back of the SamKnows whitebox? | |
We require devices to be plugged into the back of the SamKnows whitebox in order to be certain that the line is idle when a check | |
is scheduled to run. If you are using the internet and the amount of traffic flowing through the whitebox is above a certain | |
threshold, our scheduled tests can be delayed or cancelled in order to prevent us interfering with your usage, and to prevent us | |
recording results that are lower than they should be. We call this "cross-traffic detection", and if devices are connected to the | |
internet without going through the whitebox, then you may experience degraded performance when our tests are running, and the test | |
results may also not be valid. | |
- Does SamKnows measure the usage of wireless devices, or are they excluded? (these make up the majority of my internet clients. | |
Should I be connecting to the whitebox's wireless network?) | |
Using the Whitebox's internal wifi radios, we passively 'sniff' how many data packets are being generated from your wireless | |
network, for the same reason as above, to ensure tests are not performed when the wireless devices are in use. This way, even | |
if you are only using wireless devices, the Whitebox will still be aware and not run tests at an inopportune time. The Whitebox | |
does not broadcast it's own wireless network so it cannot be used to connect to the internet or be found in a wireless access | |
point scan; the wifi radios have been repurposed only for checking the number of packets being transmitted per second. | |
- How is the whitebox device secured? (i.e. Is my home network secure) | |
The Whitebox has no frontend interface and cannot be browsed to. There is an SSH daemon running on a non-standard port, which is | |
only reachable if you have set up a port forwarding (which may happen for troubleshooting purposes), and the root account uses an | |
SSH key, not a password. There is no other way to access the Whitebox. | |
- Can I operate the SamKnows Whitebox in a DMZ (https://en.wikipedia.org/wiki/DMZ_(computing))? | |
You should still be able to configure a DMZ host using the LAN-side IP address of the device (or devices) you want to run in the | |
DMZ. The Whitebox does not do any NAT'ing at all, so the real IP addresses of the device will be visible to the router. | |
As long as the devices going through the Whitebox are able to live outside the DMZ then it's fine. | |
- Is it possible for anyone to (remotely or otherwise) connect to my home network using the whitebox? | |
No, this is not possible. | |
- Does the SamKnows whitebox automatically install software/security/configuration updates from over the internet? | |
SamKnows will push out security updates as and when required and the Whitebox will automatically install them. These updates do | |
not happen often and only if there's a security vulnerability that can actually be exploited without already having local access | |
to the device. As the Whitebox is only accessible via SSH and with the correct key, local vulnerabilities are not critical. | |
- Are there any security steps (e.g. firewall rules) I can put in place, to lock down inbound/outbound traffic to/from the | |
whitebox? | |
It won't be necessary to do this as the only traffic coming to and from the Whitebox will be generated from tests. There is | |
no other traffic coming from it. Note that trying to firewall the Whitebox further may interfere with the operation of the | |
device as it uses a number of ports and protocols for its test suite. | |
- Is my browsing history (/or any other data, personally identifying or otherwise) stored? | |
No, this is neither recorded nor stored anywhere. | |
- If so, what data, is it anonymised, and can I request for it to be removed? | |
As above, we don't record or store this information. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment