Users and Security

Research from Dartmouth College Computer Science regarding users and security:

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems.

Source: Mismorphism: a Semiotic Model of Computer Security Circumvention by Sean W. Smith, Ross Koppel, Jim Blythe, Vijay Kothari

Setup Pi-Hole in Azure

Pi-Hole is a network wide DNS sinkhole that can be setup on multiple software/hardware configurations. Originally, I was going down the path of setting up Pi-Hole on a Raspberry Pi 3, but decided to explore the Azure VM path based on some posts from others.

Below are the high level steps I followed to setup Pi-Hole on my home network.

1.Create a VM in Azure and keep track of the public IP. (I picked the Ubuntu 18.04 LTS version with 1 CPU and 1 GB of RAM.)

2. Create an inbound firewall rule to enable SSH traffic (i.e. TCP Port 22) from your home network

Home > Virtual machines > Connect to virtual machine > Networking

3. SSH to the VM and update the package database

sudo apt-get update

4. Install Pi-hole

curl -L https://install.pi-hole.net | bash

5. Configure Pi-hole for your environment. Some suggested configuration options are below[2]

6. Create an inbound firewall rule to enable Web traffic (i.e. TCP Port 80, 443) from your home network

8. Confirm you can access the Admin page of Pi-Hole by going to <VM IP>

9. Create an inbound firewall rule to enable DNS traffic (i.e. TCP/UDP Port 53)

10. Update your home router’s DNS to point to the public IP of your VM by following instructions at How do I configure my devices to use Pi-hole as their DNS server?

11. Test that Pi-Hole is properly configured by visiting the Pi-Hole Ad Pages Test Page.

[1] Post Implementation Notes:

  • Under the VM, check Operations > Auto-shutdown to confirm the settings match the shutdown behavior of the VM you want
  • Under the VM, check Operations > Update Management to confirm the settings match the OS automatic update behavior you want

[2] Related Links:

The following blogs posts were extremely helpful with the steps required to setup Pi-Hole in Azure and modifying some Pi-Hole settings to work for most home needs.

Sky-Hole Revisited [Pi-Hole in a cloud VM for easy DNS-based ad-blocking]

A New PiHole in the Sky

Network-wide blocking of Ads, tracking cookies and popups