--[ Linux Network Namespaces for Privacy

Personal
$ getent passwd shart
.
└─ name: Stephen Hart
Experience
  • B.S. Mechanical Engineering – USMA
  • M.S. Computer Science – Georgia Institute of Technology
  • Army Cyber officer – 5+ years
Abstract

Linux network namespaces can effectively isolate and direct network traffic to create technical safeguards for privacy from snooping internet service providers (ISP). This presentation will demonstrate how to configure network namespaces with physical and virtual network interfaces, Wireguard Virtual Private Networks (VPN), The Onion Router (TOR), firewall rules, containers, and applications for privacy. “A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource,” (Linux Programmer’s Manual). This method is a novel use for Linux network namespaces, which isolate networking resources by process within the Linux kernel, by layering network namespaces with VPNs and TOR so that network traffic can be directed through a path designed for privacy. Finally, application level traffic is controlled by running applications within a network namespace, configuring containers with a network namespace, or connecting a virtual machine (VM) or physical computer to a network interface within a network namespace. A basic understanding of networking, virtualization, and Linux are required to comprehend the presented material.

Demonstrations:

  • Creating a Wireguard VPN to route all of a VM’s traffic through a network namespace
  • Configuring an application to use a network namespace
  • Configuring a Podman container to use a network namespace
  • Configuring TOR to use a network namespace
  • Connecting physical interfaces in network namespaces