hbtechsolutions

Blog

  • Hello world!

    Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

  • Mobile Device Management

    Mobile devices management is a powerful tool that a lot of enterprise environments use to make sure devices are secured and loaded with their in house content. What a lot of people also do not realize is that it can also be used as a powerful parental control management solution as well.

    This was accomplished using manage engine mobile device management plus. Their service allows for up to 25 devices to be managed for free. It is a good way to gain an understanding of the MDM platform.

    Setup is easier on some products than others. For example, with cellphones, android has a short setup guide you use during the setup of the phone to enroll it in MDM. With Apple products, however, you’ll need to own a Mac. This is because you will have to upload the blueprint with the MDM to the device before you begin configurations.

    Once you complete configurations, the controls are very granular. You can upload apps remotely, track the device through the platform, remote access it to troubleshoot it, and set a variety of restrictions. You can even go further and set it up to only open a specific web page or a specific app only. You can disable any feature or app that does not suit your needs.

  • Security Operations Center

    Image: Security Onion Solutions

    This platform was my first project to learn about cybersecurity platforms and how they work. I launched it on a Linode cloud virtual machine. At the time, I did not have the hardware specifications to host this in-house, but Linode was offering credit for signing up on their cloud platform. I jumped at the opportunity to give this a test run.

    Security Onion Solutions is a free platform for both beginners and cybersecurity professionals. It is a platform that allows someone to detect, investigate, and respond to a variety of cyber threats. It allows for network security monitoring, intrusion detection, log management, and threat hunting. It can be deployed both locally and on the cloud. It will even work in a virtual machine.

    It also collaborates with other services such as Elastic Stack, Grafana, Suricata, and many more. With so many tools and collaboration abilities, it makes it a solid choice for anyone looking to set up a SOC operation. It is also scalable so it can work for home labs, small businesses, and large corporations.

  • Live Network Monitoring

    Image: Shodan.io Dashboard

    Shodan is one of my favorite platforms to date. It is a powerful platform that allows for you to find open ports and vulnerabilities. It will also list the CVE so that you can go and research it and how to patch it as well. You can add either a public IP address or even a domain as well. It will list all vulnerabilities and open ports whether you use the IP address or the domain.

    I had entered both into shodan to see what kind of report would come up. My public IP address did not yield any CVE reports or potential vulnerabilities. It did show the ports I had open at the time. Depending on what services you run on your server is what ports you will have open. At the time, I had ports 80, 443, and 8096 exposed to the internet. When I had xfinity internet, their gateway had a built in IPS. The port that caused my IPS to trip almost non stop was 8096. I was running my media server on that port.

    The biggest surprise was when I entered my domain, hbtechsolutions.com, into shodan. I never saw so many CVE vulnerabilities pop up in a single report. At the time I did this, my domain was hosted by go daddy. This was before I went down the self hosting route. You would think with a platform as big as them, they would have spent some money on securing their platform.

    Since I did this report, I had did some remediation. I decided to move my domain off of go daddy and use cloudflare. Not only did I save a lot of money on operating costs, it opened up more options for me to secure my stuff. I ended up getting better home internet and it helped using my wireguard VPN. You have to open 80 and 443 for that service and for the proxy manager I use as well. I didn’t have to expose 8096 anymore because I was able to use subdomains to access services outside of my home.

  • Local Server

    Image: Flame Dashboard

    This server is currently hosting a wide variety of services. This was my first server that I had put together and launched. Over the years I’ve been adding services to it and expanding my library of things I have been hosting in docker.

    The current services i’m running are:

    1. Audiobookshelf: This service hosts all of my audiobooks and allows for listening and downloading of audiobooks.
    2. Calibre and Calibre Web: This service hosts all of my ebooks. Calibre allows for me to upload my books to my server and Calibre Web serves up a good looking frontend to read, download, and browse my library of books.
    3. Cloudflare DDNS: This allows for me to automatically update my DNS settings for my domain. It is setup when my public IP address changes, my domain DNS registry is updated with the new address automatically. Currently using this for both of my domains.
    4. Octoprint: It serves up all of my 3d print jobs. This allows for me to upload gcode files and store them for print jobs. It also shows progress, temperature, and remaining time on the print job. This eliminates the need for sd cards for my 3d printer.
    5. Froodle: This allows for me to do anything related to a PDF file. I can sign PDF documents, save them, convert files, and anything related to PDF files.
    6. Guacamole: This allows for me to manage all of my remote connections all at once. It allows me to remote into a server from a web browser and manage my remote connections.
    7. My own website: I’ve created a docker container that hosts my professional showcase website. I’ve even written a script to update and relaunch my container when I make changes to my website.
    8. Immich: This hosts and stores all of my photos and videos. It syncs my content from my phone and stores them locally on my server. It is a good alternative for when you don’t want to deal with subscription fees.
    9. Linkwarden: This is my newest service I’ve added. This gives me a place to store links that I want to save and check out at a later time.
    10. Mealie: This stores all of my recipes. If done correctly, you can both import recipes from links or write you your own recipes and save them for future reference.
    11. Minecraft: This allows me to host my own personal Minecraft server. This is setup as a docker container and allows for me to play in my own Minecraft world.
    12. Mstream: This hosts all of my music files. It collects all of my saved music and allows for me to stream it in a web browser or app with no issues.
    13. Pi-Weather-Station: This shows a live weather map. It can be configured by location and it’ll allow for you to see live weather radar for up to the next hour.
    14. Jellyfin: This hosts all of my videos. All you have to do is configure the proper folders and sync it to this service and it is ready to go.
    15. Wireguard: This is my VPN tunnel I use to allow me to access local resources from the outside securely.
    16. WordPress: This very WordPress website is self hosted as well. It is also saved into a docker container and hosted there.

    I’ve created a large collection of services over the years. A lot of these services can be hosted on a very light hardware. There are a few of these services that need a bit more hardware power to operate efficiently, but for the most part, you can run a lot of these on a pi or something similar.

  • Windows Server

    Image: Windows Server 2019 Desktop

    This is my second server I have up and going. My original plan was to use this server to either self host my domain and website or to provision a virtual machine. I was also planning to install the core edition of windows server and just ssh into it like my Linux servers. It did not happen like that. I ended up installing the full version which also comes with the desktop interface.

    As of this writing, this server is currently running my local active directory as well as hosting network storage for my LAN network. It also was virtualized into my proxmox server. I’m using my NAS from windows server to store my ebook library for my ebook service that is currently running. It is also configured to resolve DNS requests as well.

    Windows server offers a 180-day free trial on their operating system. I started this project with the trial and ended up buying the OS for a reasonable price. It is currently operational and running the services stated above.

  • Sherlock

    Image: Sherlock Script showing accounts found

    In today’s world, it’s almost scary how easy it is for someone to be found on the internet. This is why we all must do our best to practice best internet safety practices. This is one of my favorite recon tools to date.

    I present sherlock. This tool is a python script that checks to see what sites a particular username is registered on. I decided to install this on my local server and keep it in house. It also saves the results into a .txt file so you can reference it later.

    Setting this up is done in a few steps.

    1. Download the script and save it to your machine
    2. Use the CD command to go into the sherlock folder
    3. Run the command python3 sherlock (username)

    This will generate the list and save the file as username.txt. If done correctly, it will generate a list of sites where that username is registered.

    Disclaimer: This was done ethically using my own usernames or having permissions from friends for demonstration purposes. Please do not use this for malicious intent or purposes. Use at your own risk and discretion.

  • Live Weather Map

    Image: Pi Weather Station Dashboard

    The weather is probably one of the most discussed general topics out there. People use it to start a conversation, they inquire about it for day-to-day activities, and many more reasons. Some people like to stare at the weather map too. What if you could have a live weather map that is hosted in house and open source?

    This is the Pi Weather Station. Setup is really easy, and configuration only takes minutes. It has options to be hosted in a docker container as well. Some of the features of Pi Weather Station are:

    1. Choose between light and dark mode
    2. Shows current temperature
    3. Shows live radar for up to the next hour
    4. Configure current location

    This was created by a guy named Sean Riggs. His instructions are straight forward and well written out. Click here to check out the GitHub repo and try it out for yourself.

  • Remote Access Management Console

    Image: Guacamole Dashboard

    If you’re running multiple servers and you want to make your life easier, the best suggestion is to manage them from one place. If you want to keep it open source, this is the option for you. Guacamole is a dashboard where you can remote into all of your servers from one place.

    This centralized platform will allow you to manage all of your servers and remote connect to any server at any time. It will work on all protocols such as SSH, RDP, VNC and many others. It also supports certificate keys as well. Currently I have two servers setup for this but I will be adding my other servers down the line.

    The fundamental things it will ask for to setup your remote access to a server is:

    1. The IP address your server is currently using
    2. The credentials used to remote into the server
    3. The port used to remote into the server

    If everything is done correctly, all you will have to do is click on the image of the server you want to connect to, and it will serve you a remote connection to your server. There are a few things that need to be mentioned when using something like this. Once initial setup of this service is done, I would create a new admin user and delete the defaults. I would also highly suggest a strong password for this too. Password managers are your friend here. Another major point is do not expose this to the internet unless you have to. If you expose this to the internet and your password is not really good, you will be asking for someone to compromise your servers.

  • Virtual Machine Server

    Image: Proxmox Admin Dashboard

    This is my virtual machine manager platform. The operating system I am using for this is called proxmox, which is a type 1 hypervisor. The purpose of this server was to consolidate hardware and run many services that require different operating systems and settings.

    Currently, I am running 7 virtual machines and containers:

    1. Windows 10 Virtual Machine
    2. Windows Server 2019 Virtual Machine
    3. Linux Lite Virtual Machine
    4. Pfsense Firewall Virtual Machine
    5. Ubuntu Server 20.04 LTS Virtual Machine
    6. Debian 11 Virtual Container
    7. Debian 11 Virtual Container

    The windows 10 and windows server 2019 virtual machines were used in the Active Directory project. I had created the domain controller using windows server 2019 and the windows 10 machine was the end user computer that joined the domain. I created a few users and began configurations with roles and permissions. This will be a project that will be expanded when my kids get their own computers when they are older.

    The Linux lite virtual machine is used for a lightweight Linux distro on the go. This machine is used for very light activities such as accessing the tor network for example or loading and running something that’s exclusive to Linux.

    The Pfsense firewall is used for my guest network setup. I paired this with a raspberry pi 4b hosting Pi hole DNS sink hole so that it is more secured and will kill malicious traffic on a network level. It is separate from my main network and the two will not see each other.

    The Ubuntu server virtual machine is another server where I host a few other services. I was hosting the home assistant service, a secondary WireGuard and pihole configuration, and a secondary Minecraft server. I use this server to ease the load of my primary server.

    My two virtual containers each run one service on them. One runs my NGINX proxy manager, which handles my connections from the outside to my services. Between cloudflare and NGINX, I configure subdomains for my services so they’re available outside of my network without opening a bunch of ports. The other runs my secondary Pi hole DNS sinkhole. Overall I have 2-3 on my network that syncs with each other.