Free LAN Canaries to monitor your home network.

What is a canary? 

A canary is a warning device that alerts you when something bad is about to happen. The reason it's called a canary is kind of macabre. In the past, people who worked in mines would often accidently stumble into areas of the mine that were toxic and die. Some of them started bringing literal canaries with them into the mine, since they were much smaller and sensitive to the gasses that might be present, if the canary died, that indicated the presence of a dangerous gas - the miners would then rush out of the mine. 

Today, the meaning has shifted to anything that could give you an early alert that something has gone wrong. If you're wondering if someone may have breached your local network, these canaries will give you an alert, hopefully before the really bad stuff happens. 

The Solution?
While there are any number of paid solutions, one very popular one is from a company called Thinkst. They sell a drop in device that can emulate all sorts of things, and look like a very desirable target to an attacker. If someone is on your network, and see it, they will almost certainly activate it, at which point you will receive an alert and know that someone is in your network. Thinkst also releases their software as Open Canary. Open Canary allows you to create your own device based canary that can do much of what their paid offerings do, although there are many tutorials out there, they're not for the timid. 

However, as a profitable company, they also have other 'freemium" services that they allow us to use, free of charge,  to create much of the functionality of their premium canary without the cost utilizing their Canary Tokens


What are Canary Tokens?
A Canary Token is basically just a specific URL that you setup on the pre-mentioned link. Hitting that URL will send you an email to the address you gave them with the message you wrote when you create the token. There are lots of options to explore, but one of the easiest to create is an Excel file. After you create the Excel file, you can put it anywhere, or even email it to yourself. If anyone opens that excel file, you will get an email notifying you that it was open, effectively alerting you to the fact that someone has breached your network, or snooped around where you don't want them to be. To that end, you will also choose the name of this excel file. I named my Credit Cards.xlsx and put it in my web folder on my server, but you can choose any name you want. Just make sure it looks juicy to someone who doesn't know that it's a canary.  If someone were to get access to the root folder of my web server, they will see that file and be hard-pressed to not open it. When they do - bam - I'm almost certainly going to know. 

Let's create an Excel Canary!
First, go to `https://canarytokens.com/`, and find the Microsoft Excel card on the page, then click it. 






 

Next, you add your email address, and the notification that you'd like to receive. Don't worry about the file name yet, we're going to change the file name later. 
When you click "Create Canary Token", you'll get the download page. You click the "Download your  MS Excel File" button here, but don't close this page yet



First, click the "Manage Canary Token" button. This will bring you to the page where you can manage this token. Make sure to bookmark this URL, or save it somewhere that you will be able to find it again. You don't create any account or other way to manage the tokens you create, so you must manually manage them with their URLs. 

On the manage page, you will be able to download the special excel file. Once you do that, you simply rename it, and put it where ever you would like. If someone opens it, you will get an alert in your email, and the canary token management page will also tell you that the alert has been triggered. 




That's all there is to it!
There are other options to explore on this page. The Microsoft Word token is essentially identical. 

However, you can also use an ESP32 or ESP8266 to create a hardware based canary that pretends to be a completely open FTP server on a SynologyNAS, if you happen to have an ESP8266 or ESP32 device laying around.

If you'd like to know about how to do that, leave a comment and I'll write the blog!
Until then, Happy Coding!
~tom~










Comments

Post a Comment

Popular posts from this blog

Setting up MongoDB in Docker on Synology NAS

Image
 First, you need to install Docker Container Manager, do this by searching for "docker" or "container manager in the Synology Package center.  Once that's installed, open it and click on "Registry", which will allow you to find Docker images.  An "image" is basically the recipe to create the Docker app, not the app itself. There are many different versions of mongo available. The process to use them all will be similar, but they may not be exactly the same. I'm using mongodb/mongodb-community-server.  Double click it, then choose the version you want, and click "Download".  I'm using "latest" which is just whatever the last released version is, but there are other versions available, should you need them. Now, you will need to create a "Container", which is the actual running app on your system.  Click Container->create to start creating the new container.  Choose the image that you downloaded, give it a na...
Read more

Limiting a Wacom Stylus to one screen in Ubuntu 24.04

Image
 I've been trying to switch from Windows to Linux, because Windows 10 is going out of support soon and they refuse to let me keep using my older, but perfectly functional PC. Much of my day-to-day development can be done on Linux with no problem. However, some of my tools need to change.   To that end, I have a Wacom stylus tablet that I like to use for writing notes. In order to use it properly, it needs to be limited to one screen. I have 5, and I'm using an NVidia driver, so many of the online solutions to make this work, did not work for me.  This did.  To find the active Wacom devices, make sure you either plug your Wacom device in, or configure it with a bluetooth adapter.  Then, open a terminal and type xsetwacom --list devices This will give you a list like this.  Yours will look different.  Next, you might want to see a list of your monitors.  To do that, you us xrandr --l...
Read more

Using GIT with Arduino

Image
  What is GIT? The term GIT doesn't actually mean anything. It was made up. But what it is, is a "version control system". That sounds complicated, but really all it boils down to is that it saves versions of your files, and gives you a way to revert back to old versions - if necessary.  It also provides a way for multiple developers to work on the same project, and even to keep the same project 'in sync' between computers no matter where they are. Where do I get it?  In order to use GIT, you need to install it. Many IDE's come with it pre-installed, but unfortunately, the Arduino IDE does not. You can find downloads for Windows, Mac, or Linux here: https://git-scm.com/downloads I will note, however, that GIT is generally a Command-Line tool. There are GUI's also available on the same website. If you need a GUI, then you can get one there. You should first learn the basic commands for GIT before using a UI though.  Once you download and install it, you can...
Read more