I don't think you're so careless but maybe you thInk, that setting up a secure network environment is expensive and really difficult. Don't be afraid in this article we will see how to create a network gateway with a firewall, DHCP and DNS server, and a Network Intrusion Detection System (NIDS), entirely based on a Raspberry Pi.
After this instructable we will have a small security system with the following features:
- Enforce network traffic policies
- Ensure that abnormal packets does not get out or in our network
- DHCP server to distribute network parameters to your LAN
- DNS cache/server to speed up DNS requests and filter out bad DNS queries
- NIDS to detect malicious traffic, such as malware or vulnerability exploits
- Central network monitoring node to watch and debug network traffic
Some may now say "Hey wait, the Raspberry hs only one network port, how should this act as a gateway?". This is done by a small trick. Of course you could buy an USB to ethernet device to get a second network card. But to keep it as simple as possible we just use the Raspi as our gateway, this works really nice. Traffic flows in both ways trought it. Of course it requires some additional configuration, but it's not a problem.