Setup on Shield
How to set up data collection on Shield?⚓︎
This guide is only for Turris Shield. If you want to set up another Turris device (Omnia, MOX or Turris 1.x) please use the appropriate guide.
Data collection is enabled by default. We strongly encourage to keep it enabled because it helps to protect all Sentinel users against security threats. But if you don’t want use it for some reason you can disable it.
The only thing you have to do is to disagree with our EULA. You can find it at the Sentinel -> Data Collection tab in reForis. Switch the radio button to I do not accept… and press Save.
When done, you can see at the Overview page that data collection is disabled.
HaaS is not operational by default because it requires a few steps:
- Register on our website - HaaS.nic.cz.
- There, in section My Honeypot click on Add new device. After naming it, you will get a token.
- Insert the token into the HaaS token field at the Sentinel -> HaaS page. Ensure that the Enable HaaS proxy checkbox is checked and press Save.
Important note about Internet Service Providers⚓︎
Some Internet Service Providers (ISPs) actively detect potentially vulnerable services running by their customers. If they find such services they send notification or even block external access to such ports.
The same applies for some community, municipal or other networks as well.
Some parts of Sentinel (Minipots and HaaS) may be detected as such vulnerable services because they emulate them to catch potential attackers without any risk (the attackers do not enter any real environment).
What to say to your ISP if you receive such warning:
- Those services are operated intentionally as a part of the Sentinel security research project.
- They are provided by honeypots and not vulnerable software.
- The results of the project are instantly deployed to routers and improve security of the routers and the networks beyond them.
- You want to keep those ports/service accessible from the Internet.
Please let us to know (email@example.com) if your ISP sends you such warning or event applies some “protective” measures on your Internet connection.
Some ISPs silently block access to some ports (they do not declare that they do so). It is useful to ask explicitly which ports are blocked.