Category: Networking

  • Mobile Device Management

    Mobile devices management is a powerful tool that a lot of enterprise environments use to make sure devices are secured and loaded with their in house content. What a lot of people also do not realize is that it can also be used as a powerful parental control management solution as well.

    This was accomplished using manage engine mobile device management plus. Their service allows for up to 25 devices to be managed for free. It is a good way to gain an understanding of the MDM platform.

    Setup is easier on some products than others. For example, with cellphones, android has a short setup guide you use during the setup of the phone to enroll it in MDM. With Apple products, however, you’ll need to own a Mac. This is because you will have to upload the blueprint with the MDM to the device before you begin configurations.

    Once you complete configurations, the controls are very granular. You can upload apps remotely, track the device through the platform, remote access it to troubleshoot it, and set a variety of restrictions. You can even go further and set it up to only open a specific web page or a specific app only. You can disable any feature or app that does not suit your needs.

  • Live Network Monitoring

    Image: Shodan.io Dashboard

    Shodan is one of my favorite platforms to date. It is a powerful platform that allows for you to find open ports and vulnerabilities. It will also list the CVE so that you can go and research it and how to patch it as well. You can add either a public IP address or even a domain as well. It will list all vulnerabilities and open ports whether you use the IP address or the domain.

    I had entered both into shodan to see what kind of report would come up. My public IP address did not yield any CVE reports or potential vulnerabilities. It did show the ports I had open at the time. Depending on what services you run on your server is what ports you will have open. At the time, I had ports 80, 443, and 8096 exposed to the internet. When I had xfinity internet, their gateway had a built in IPS. The port that caused my IPS to trip almost non stop was 8096. I was running my media server on that port.

    The biggest surprise was when I entered my domain, hbtechsolutions.com, into shodan. I never saw so many CVE vulnerabilities pop up in a single report. At the time I did this, my domain was hosted by go daddy. This was before I went down the self hosting route. You would think with a platform as big as them, they would have spent some money on securing their platform.

    Since I did this report, I had did some remediation. I decided to move my domain off of go daddy and use cloudflare. Not only did I save a lot of money on operating costs, it opened up more options for me to secure my stuff. I ended up getting better home internet and it helped using my wireguard VPN. You have to open 80 and 443 for that service and for the proxy manager I use as well. I didn’t have to expose 8096 anymore because I was able to use subdomains to access services outside of my home.

  • Local Server

    Image: Flame Dashboard

    This server is currently hosting a wide variety of services. This was my first server that I had put together and launched. Over the years I’ve been adding services to it and expanding my library of things I have been hosting in docker.

    The current services i’m running are:

    1. Audiobookshelf: This service hosts all of my audiobooks and allows for listening and downloading of audiobooks.
    2. Calibre and Calibre Web: This service hosts all of my ebooks. Calibre allows for me to upload my books to my server and Calibre Web serves up a good looking frontend to read, download, and browse my library of books.
    3. Cloudflare DDNS: This allows for me to automatically update my DNS settings for my domain. It is setup when my public IP address changes, my domain DNS registry is updated with the new address automatically. Currently using this for both of my domains.
    4. Octoprint: It serves up all of my 3d print jobs. This allows for me to upload gcode files and store them for print jobs. It also shows progress, temperature, and remaining time on the print job. This eliminates the need for sd cards for my 3d printer.
    5. Froodle: This allows for me to do anything related to a PDF file. I can sign PDF documents, save them, convert files, and anything related to PDF files.
    6. Guacamole: This allows for me to manage all of my remote connections all at once. It allows me to remote into a server from a web browser and manage my remote connections.
    7. My own website: I’ve created a docker container that hosts my professional showcase website. I’ve even written a script to update and relaunch my container when I make changes to my website.
    8. Immich: This hosts and stores all of my photos and videos. It syncs my content from my phone and stores them locally on my server. It is a good alternative for when you don’t want to deal with subscription fees.
    9. Linkwarden: This is my newest service I’ve added. This gives me a place to store links that I want to save and check out at a later time.
    10. Mealie: This stores all of my recipes. If done correctly, you can both import recipes from links or write you your own recipes and save them for future reference.
    11. Minecraft: This allows me to host my own personal Minecraft server. This is setup as a docker container and allows for me to play in my own Minecraft world.
    12. Mstream: This hosts all of my music files. It collects all of my saved music and allows for me to stream it in a web browser or app with no issues.
    13. Pi-Weather-Station: This shows a live weather map. It can be configured by location and it’ll allow for you to see live weather radar for up to the next hour.
    14. Jellyfin: This hosts all of my videos. All you have to do is configure the proper folders and sync it to this service and it is ready to go.
    15. Wireguard: This is my VPN tunnel I use to allow me to access local resources from the outside securely.
    16. WordPress: This very WordPress website is self hosted as well. It is also saved into a docker container and hosted there.

    I’ve created a large collection of services over the years. A lot of these services can be hosted on a very light hardware. There are a few of these services that need a bit more hardware power to operate efficiently, but for the most part, you can run a lot of these on a pi or something similar.

  • Windows Server

    Image: Windows Server 2019 Desktop

    This is my second server I have up and going. My original plan was to use this server to either self host my domain and website or to provision a virtual machine. I was also planning to install the core edition of windows server and just ssh into it like my Linux servers. It did not happen like that. I ended up installing the full version which also comes with the desktop interface.

    As of this writing, this server is currently running my local active directory as well as hosting network storage for my LAN network. It also was virtualized into my proxmox server. I’m using my NAS from windows server to store my ebook library for my ebook service that is currently running. It is also configured to resolve DNS requests as well.

    Windows server offers a 180-day free trial on their operating system. I started this project with the trial and ended up buying the OS for a reasonable price. It is currently operational and running the services stated above.

  • Remote Access Management Console

    Image: Guacamole Dashboard

    If you’re running multiple servers and you want to make your life easier, the best suggestion is to manage them from one place. If you want to keep it open source, this is the option for you. Guacamole is a dashboard where you can remote into all of your servers from one place.

    This centralized platform will allow you to manage all of your servers and remote connect to any server at any time. It will work on all protocols such as SSH, RDP, VNC and many others. It also supports certificate keys as well. Currently I have two servers setup for this but I will be adding my other servers down the line.

    The fundamental things it will ask for to setup your remote access to a server is:

    1. The IP address your server is currently using
    2. The credentials used to remote into the server
    3. The port used to remote into the server

    If everything is done correctly, all you will have to do is click on the image of the server you want to connect to, and it will serve you a remote connection to your server. There are a few things that need to be mentioned when using something like this. Once initial setup of this service is done, I would create a new admin user and delete the defaults. I would also highly suggest a strong password for this too. Password managers are your friend here. Another major point is do not expose this to the internet unless you have to. If you expose this to the internet and your password is not really good, you will be asking for someone to compromise your servers.

  • Virtual Machine Server

    Image: Proxmox Admin Dashboard

    This is my virtual machine manager platform. The operating system I am using for this is called proxmox, which is a type 1 hypervisor. The purpose of this server was to consolidate hardware and run many services that require different operating systems and settings.

    Currently, I am running 7 virtual machines and containers:

    1. Windows 10 Virtual Machine
    2. Windows Server 2019 Virtual Machine
    3. Linux Lite Virtual Machine
    4. Pfsense Firewall Virtual Machine
    5. Ubuntu Server 20.04 LTS Virtual Machine
    6. Debian 11 Virtual Container
    7. Debian 11 Virtual Container

    The windows 10 and windows server 2019 virtual machines were used in the Active Directory project. I had created the domain controller using windows server 2019 and the windows 10 machine was the end user computer that joined the domain. I created a few users and began configurations with roles and permissions. This will be a project that will be expanded when my kids get their own computers when they are older.

    The Linux lite virtual machine is used for a lightweight Linux distro on the go. This machine is used for very light activities such as accessing the tor network for example or loading and running something that’s exclusive to Linux.

    The Pfsense firewall is used for my guest network setup. I paired this with a raspberry pi 4b hosting Pi hole DNS sink hole so that it is more secured and will kill malicious traffic on a network level. It is separate from my main network and the two will not see each other.

    The Ubuntu server virtual machine is another server where I host a few other services. I was hosting the home assistant service, a secondary WireGuard and pihole configuration, and a secondary Minecraft server. I use this server to ease the load of my primary server.

    My two virtual containers each run one service on them. One runs my NGINX proxy manager, which handles my connections from the outside to my services. Between cloudflare and NGINX, I configure subdomains for my services so they’re available outside of my network without opening a bunch of ports. The other runs my secondary Pi hole DNS sinkhole. Overall I have 2-3 on my network that syncs with each other.

  • DNS Sinkhole

    Image: Pi Hole Admin Dashboard

    Getting tired of ads? Want to stop malicious things from entering your network? Want to block certain things at the network level? This may be the option for you then.

    Pi Hole is a DNS service that is setup to either resolve or deny based on ad lists and other settings. It does not require a lot of processing power to use. Most super light hardware will run pi hole without any issues.

    All you need to run Pi Hole are:

    • Hardware of choice. (This could be a lightweight pc, a Pi, or whatever you got.)
    • Your favorite Linux distro installed on the hardware or VM.
    • Installation instructions from their website.

    Most Linux operating systems will install Pi Hole via one command. It will do all of the work after that. It will give you the generated password and instructions on where to navigate to login into the admin dashboard.

    Once logged in, all you have to do is customize it to the level of security that suits your needs. After initial configuration is complete, you will need to edit your dns settings to resolve through the pi hole ip address. You’re ready to go after that.

  • Custom Email Domain

    Image: Zoho Email Platform

    There are a lot of options when it comes to email platforms and accounts. Sometimes it is a good idea to try something different. I decided to check out the zoho platform to see what it can offer. It did not disappoint at all. Even though this is not a self-hosted solution, I was still able to do a lot even on their free tier.

    The free tier allows you to:

    • Use one domain for custom emails.
    • Create up to 5 user accounts under one domain.

    Setup is extremely easy to do, and it requires a few steps. I currently host my domain through Cloudflare and all zoho asks you to do is insert a few records into your DNS resolver. After that, it will walk you through a few configuration steps and you are good to go.

    You can have a professional email address with this setup. Another idea would be to create email addresses for different situations such as having one for financial institutions, one for social media, etc. The options and opportunities are limitless. I would give it a shot if you’re hosting a domain and need something professional for email.

  • Active Directory Domain Controller and User Configuration

    Image: Local Machine Connected to Local Active Directory Domain

    Active Directory………….

    This particular topic is easy for some, harder for others to understand. Getting an understanding of it took some time, patience and many attempts but I’ve finally gotten it up and running. I have spent some time getting this completed, but it has become one of my prouder projects.

    Getting this up and running requires a few things:

    1. A computer running a copy of windows server (I setup windows server 2019 in a virtual machine using proxmox virtual machine manager).
    2. Another device or several devices running a copy of windows (I set up one other virtual machine running a copy of windows 10).

    You will have to configure some things in windows server such as creating users, registering devices, and setting up the AD domain itself. Some of this will seem frustrating and cause a lot of issues, but it is worth it in the end. A few notes would be to make sure you install a dns server on the windows server as well, make sure you register the device and users in windows server before you attempt to register the machine to the domain, and double check and make sure usernames, passwords, roles, and permissions have been configured properly.

  • Custom Secured Guest Network

    Image: PFsense Dashboard

    It is one thing to flip a switch on our router companion app and quickly make a guest network option, it is another thing altogether to build your own. Building and configuring your own guest network means you have more control over it. Using the ISP built in options is limiting and does not allow for additional configuration options.

    There are debates about setting up PFsense. Some people opt for 100% physical hardware while others opt for virtualizing the whole thing. Some people will buy equipment from PFsense directly while others will take more of a DIY approach to it. In my case, I virtualized PFsense and used existing hardware.

    Here is a list of items that were used for this project:

    • Proxmox Virtual Machine Manager
    • PFsense Installation Media
    • Netgear Nighthawk R8000
    • USB to Ethernet Adaptor
    • Raspberry Pi 4B
    • Pi Hole DNS Sinkhole

    There are a few configuration things that need to be done first if you are going to go down the Proxmox route.

    1. Before you create the virtual machine in Proxmox, you will need to configure the second NIC (Network Interface Card). This is done by going to pve > system > network.
    2. Raspberian Lite will need to be installed and ready to go on the Pi beforehand. Ideally, you’ll want to not only have the OS installed, but also have it updated and install pi hole as well.

    Once you have everything installed and ready to go, you should be able to find the Wi-Fi network and can test connectivity. The idea with this custom setup is to separate the main network from this one while securing it via using a DNS Resolver that kills malicious requests, blocks ads, and it keeps the kids safe online.