SYNwall v0.4.1 releases: zero-configuration (IoT) firewall
Zero config (IoT) firewall.
SYNwall is a project built (for the time being) as a Linux Kernel Module, to implement a transparent and no-config/no-maintenance firewall.
Usually, IoT devices are out of central control, with low profile hardware, tough environmental conditions, and…we have no time to dedicate to maintain the security. So, maybe we can not patch our IoT infrastructure and it will be very hard to maintain “firewall-like” access control.
The idea is to create a de-centralized one-way OneTimePassword code to enable the NETWORK access to the device. All the traffic not containing the OTP will be discarded. No prior knowledge about who need to access is required, we just need a Pre-Shared Key to deploy. The protection will be completely transparent to the application level because implemented at the network protocol level (TCP and UDP).
Everything has been implemented to be used on low-end devices, with very low resources. The choice of Quark hashing for the crypto hash has been done for this reason. The overhead added by the OTP computation is almost invisible in regular usage:
whilst you can see a consistent CPU saving when a lot of traffic is sent to the device:
- removed references to
module_mutexfor kernels > 5.12
Copyright (C) 2020 Sorint.Lab