Dragonfly's Cybersecurity and IT Blog

These are future and current projects I am working on. 

Azure SIEMS Experiment (Future)

Setting up a SQL database.

Week 3-4 Centralized Logging and SIEM Installation & First Alerts

My next focus was to centralize all logs on my Ubuntu Server and begin building out my security monitoring environment using Wazuh as my SIEM. I also planned to create a few test users and deploy a Kali Linux machine to simulate potential attack activity.

I built a new VM and installed Ubuntu Desktop, enabling SSH logging and configuring the firewall. On the Ubuntu Server, I created a separate non-root user account following the principle of least privilege. I then allowed SSH access through the firewall on port 22, but only from the specific IP address of the Ubuntu Desktop user.

 To start, I created a new standard user that would serve as my baseline active user. This user was assigned to an Ubuntu Desktop virtual machine and would represent a normal, non-administrative user interacting with the environment.

Next, I set up a Kali Linux VM and updated all installed packages. From Kali, I attempted to SSH into the Ubuntu Server. The connection was denied due to the firewall rules restricting access to only the trusted desktop user’s IP. I checked the Ubuntu Server logs and confirmed that the attempted connection was detected and logged, including the source IP, which matched the Kali machine.

The goal was to monitor their activity, capture both successful and failed login attempts, and observe how the system logged and responded to these events.

I then set up the firewall to allow from the ubuntu user IP address and port 514 and set up a configuration file to transfer all the logs from my Ubuntu user to the Ubuntu server.

Then I did the same thing to my Kali Machine, except for the allowing SSH from it. I did this to also monitor activity on it as well.

I then checked that all the logs were being sent into the Ubuntu server and I could see that both the Kali and the Ubuntu users logs were being sent.

Once everything was configured, I logged into the server from the desktop user and reviewed the logs to confirm successful authentication. After that, I intentionally entered an incorrect password multiple times to generate failed login events. As expected, Fail2Ban triggered after five failed attempts and temporarily blocked further SSH attempts from that IP. I reviewed the logs to verify that both the failed logins and the Fail2Ban action were properly recorded and centralized.

This setup allowed me to validate that my firewall, authentication logging, and centralized log monitoring were working as intended before moving forward with Wazuh integration. I then Installed the Wazuh Manager on my Ubuntu Server, and then put a Wazuh Agent on my Ubuntu User and on my Kali and soon they were reporting on events that were happening in My Lab.

I know it has been forever since I have written anything here, but I am finally back at it. I now have a lab and have been going through the setup process. Making my own Virtual network and running my lab. So let's start, the first week,

I built an Ubuntu server and began to harden it.

I started by installing using VirtualBox and installing the ISO onto my lab.

Booting up the Ubuntu server, I set up the first admin user. Then began to work on upgrading and learning the ins and outs of the server.

SSH login user rules

Then setting up SSH, establishing rules for logging in, and least privilege with the user.

I did this by editing the sshd_config file

permitrootlogin no

PasswordAuthentication yes

pubkeyauthentication yes

maxauthtries 3

login grace time 30

Then, I just restarted the ssh.

I made a non-root user and assigned them a password.

2. Firewall access

Moving into the UFW (Universal Firewall), I wanted to isolate my network as much as possible.

First, I started by denying all incoming and allowing outgoing, making sure everything was secure.

Enabled my wired connection on port 1999. For when I install Netdata.

I then allowed connections from my main lab to other things I use for remote access, but still kept it secure.

3. Install Automatic Security Updates

I understand that patch fatigue can be a major problem, and setting up automation is key. Things will be missed.

I installed Unattended-Upgrades, then enabled them and verified the config files.

4. Basic Audit and Verification

I then went back and started to work on basic Verification

Checked that the Systems were running.

Checked and made notes about the current users

Finally checked the Auth Logs.

This was the end of my first week. I am trying to work at least a few hours a week on my lab.

Cyberlab Fail2Ban, & Netdata Install

Installed Fail2ban

I installed Fail2ban and made sure it was running.

Then I made a new Jail.local file for fail2ban.

Installed Netdata

I installed Netdata so I could have a GUI to be able to look at the data as it moved through my system.

After everything was succesfuly I logged into the Web Interface of Net Data and ran a stress test.

So the other day I was at work and was wondering if there was a way to check all the PC's on the network and find out when the last time they were active.

I then began to write something in PowerShell. I also wanted the Computer name and the last user who was logged into the PC. Just to make a list of older PCs on the network, and users we need to clean up in AD.

Using AD, I could get most of the information I needed, and then using SSH to reach out to every PC and update the latest information. How it would work is it would ping the pc to see if it was active, then using SSH to get the information I wanted. I also wanted it to be placed into a spreadsheet to be able to send it to the Sys Admins.

Now, to use this, you will need to run PowerShell as an administrator.

Here is the code

$computers = Get-ADComputer -Filter * -Property Name, LastLogonTimestamp

$results = @()

foreach ($computer in $computers) { $compName = $computer.Name $lastLogon =[DateTime]::FromFileTime($computer.LastLogonTimestamp)

Write-Host "Checking $compName..." -ForegroundColor Cyan

# Set a default value

$lastUser = "Unknown or Offline"

# Try to ping and connect if the machine is online

if (Test-Connection -ComputerName $compName -Count 1 -Quiet) { try {

# Try to grab the last logged-on user

$sysInfo = Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $compName

$lastUser = $sysInfo.UserName $model = $sysInfo.Model } catch { $lastUser = "Access Denied" } } else { $lastUser = "Offline" }

$results += [PSCustomObject]@{ ComputerName = $compName LastLogonToAD = $lastLogon LastLoggedInUser = $lastUser SystemModel = $model } }

Display

$results | Sort-Object LastLogonToAD -Descending | Format-Table -AutoSize

Optional: export to CSV

$desktop = [Environment]::GetFolderPath("Desktop") $path = Join-Path -Path $desktop -ChildPath "PC_LastLogonAndUser.xlsx"

Lately, I have been working to try and make my skills better or more employable. But I need to get my linux skills up.

I started working on making Backdoors with Kali Linux, and how to see if there is something in the system. Without using a GUI.

Setting up a couple of Virtual Machines I got started,

First to set up the back door.

I made a file using the mknod backpipe p. Then used NetCat to listen using the greater than and lesser than symbols to show where the information would flow.

Command

/bin/bash backpipe 0<backpipe | nc -1>backpipe

I got the IP address off my other session and set NetCat to begin listening to the files on port 2222, using ls command to make sure that backpipe was running.

Command

nc 10.10.126.139 2222

I begin to look at the machine I am invading, this time as the defender.

Running the command lsof -i -P I begin to look at the current open files on the infected system. Looking through the information, you will see that Something is listening on the port of 2222. on the PID number of 2211. Something to look into.

So to get more detail of the full proccess I put in the command of ps aux.

Looking at what I can find, it looks like Netcat is running under root and still listening to port 2222. However, this could be something else running, so I need to dig a little more to find out what is going on in the program is doing. So I used cd /proc/2211 to move into the folder and then ls to look directories.

But I will need more information if I want to know what it is doing. So I run the strings command with a focus on the executable library strings ./exe | less.

This brought up some interesting things running. Unix Connection, IPv6 traffic, and finally, password information all things that could be a threat.

Yeah this would be a major red flag and would require much more digging.

Lately I have been playing with TCP Dump, I prefer Wireshark when it comes to monitoring network traffic using a packet sniffer. But a person in IT Cybersecurity should be able to work with multiple different Programs.

TCP dump is available on the Kali Linux program set used to monitor traffic on a network. Often used by both SOC personal and attackers alike.

Now this lab was created by the Group Black Hills Info Sec. A very good company that not only offers Cybersecurity services, but also they have a love for teaching and have many classes available for pay what you can. I will link there site. This set of classes are part of the SOC Entry Level Class.

Lets look at the lab.

I started by getting into root, then running TCP Dump. This is what showed up first.

Looking at the information provided, I can see the time stamp, the Protocol, IP address and source IP address. Most of this information can be very useful when your trying to look for anything out of the ordinary on your system.

Next I went ahead and added a port number, port 80. A common port used offten by threat actors to compromise networks.

The command I used was tcpdump -n -r magnitude_1hr.pcap host 192.168.99.52 and port 80

and this is all the information that came up.

Now when I saw this I really felt over whelmed with information. There is a lot being tossed at you and most of it is encrypt and I can not read it. But you can pic out some information, such as the HTTP and normal IP Addresses.

Next I turned to the ASCII to decode the packets. Running, tcpdump -n -r magnitude_1hr.pcap host 192.168.99.52 and port 80 -A

This narrowed down the flow of information also cleared up the encryption and I could physically sort through the data and noticed a few things.

Looks like something is running Powershell $ signs. Now powershell is not normally something that you would see running on an average users PC. Maybe if they were IT but I would not be to sure about this. What really make me have to think was when I saw the Base 64.

Now at first I will confess I had no clue what Base 64 is or what it is used for. So I had to do some googling this is what I found, Base 64 is used to encode binary data as printable text. So I have to ask my self, “What does that mean?” Well looking deeper it is used to transport binary over protocols that normally would not be able to. This would allow someone with access to send commands to say run Powershell.

File Scanner

This program is more of a scanner to search a server and find all the older files. I set it up to scan for older files that are over 7 years old and compile them into an excel file so they can be reviewed before deletion. This is a good program for users for file retention policies. Also to find those information hoarders.

Now the program will ask you for a file path, then ask where you want to store the excel folder.

import os import datetime from openpyxl import Workbook from tkinter import filedialog import tkinter as tk

def get_file_creation_time(file_path): """ Get the creation time of a file. """ print("File path:", file_path) #Debug Print try: return datetime.datetime.fromtimestamp(os.path.getctime(file_path)) except OSError as e: print("Error:", e) #debug print return None

def get_file_size(file_path): """ Get the size of a file. """ return os.path.getsize(file_path)

def list_old_files(folder_path, output_directory): """ List files older than 7 years in a folder and store their information in an Excel file. """ # Initialize Excel workbook wb = Workbook() ws = wb.active ws.append(["File Name", "File Path", "Creation Date", "Size (bytes)"])

# Get current date current_date = datetime.datetime.now()

# Traverse through files in the folder for root, dirs, files in os.walk(folder_path): for file in files: file_path = os.path.join(root, file) creation_time = get_file_creation_time(file_path) if creation_time is None: continue #Skip files that could not be retrived

file_age = current_date - creation_time if file_age.days > 7 * 365: # Check if file is older than 7 years file_size = get_file_size(file_path) ws.append([file, file_path, creation_time.strftime('%Y-%m-%d %H:%M:%S'), file_size])

# Save Excel file to the specified directory output_excel = os.path.join(output_directory, "old_files.xlsx") wb.save(output_excel) print("Old files listed and saved to", output_excel)

if __name__ == "__main__": # Initialize Tkinter root = tk.Tk() root.withdraw() # Hide the main window

# Ask for folder path folder_path = filedialog.askdirectory(title="Select Folder")

# Ask for output directory output_directory = filedialog.askdirectory(title="Select Output Directory")

list_old_files(folder_path, output_directory)

------------------------------------------------------------------------------

Older file Scanner and Delete

Working in the IT field, you will find that the users will fill up the space on the servers with older files.

Especially if you work within an industry that needs to have document retention policies where you can not keep some documents longer than a certain amount of time or you just have hoarders on your network. You will know those people who do not delete anything and save everything.

So I wrote up a program that will search through a selected server and find all empty files, older files, and delete them.

import os import datetime import tkinter as tk from tkinter import filedialog

def list_files_and_empty_folders_to_delete(folder_path): # Get the current date current_date = datetime.datetime.now()

# Calculate the date seven years ago seven_years_ago = current_date - datetime.timedelta(days=7*365)

files_to_delete = [] empty_folders_to_delete = []

# Iterate over files and folders recursively for root, dirs, files in os.walk(folder_path, topdown=False): # Collect files older than seven years for file_name in files: file_path = os.path.join(root, file_name) # Get the modification time of the file file_modified_time = datetime.datetime.fromtimestamp(os.path.getmtime(file_path)) # Check if the file is older than seven years if file_modified_time < seven_years_ago: files_to_delete.append(file_path)

# Collect empty folders for dir_name in dirs: dir_path = os.path.join(root, dir_name) if not os.listdir(dir_path): # Check if directory is empty empty_folders_to_delete.append(dir_path)

return files_to_delete, empty_folders_to_delete

def delete_files_and_empty_folders(files_to_delete, empty_folders_to_delete): # Print files to be deleted print("Files to be deleted:") for file_path in files_to_delete: print(file_path)

# Print empty folders to be deleted print("\nEmpty folders to be deleted:") for folder_path in empty_folders_to_delete: print(folder_path)

# Confirmation before deletion confirmation = input("\nDo you want to proceed with the deletion? (yes/no): ") if confirmation.lower() == "yes": # Delete files for file_path in files_to_delete: os.remove(file_path) print(f"Deleted file: {file_path}")

# Delete empty folders for folder_path in empty_folders_to_delete: os.rmdir(folder_path) print(f"Deleted empty folder: {folder_path}") else: print("Deletion canceled.")

def get_folder_path(): root = tk.Tk() root.withdraw() # Hide the main window

folder_path = filedialog.askdirectory(title="Select Folder") return folder_path

# Ask for the folder path using a dialog box folder_path = get_folder_path()

# Check if the folder path is provided if folder_path: # List files and empty folders to be deleted files_to_delete, empty_folders_to_delete = list_files_and_empty_folders_to_delete(folder_path) # Delete files and empty folders if confirmed delete_files_and_empty_folders(files_to_delete, empty_folders_to_delete) else: print("No folder path provided.")

______________________________________________________________

Batch File Mod

This program is used for when you need to mod Batch files. Any person in IT that has had to manage Batch files for a large company can think how annoying it would be to go through each one and make a single line change.

Well this program is made to search through all the batch files and you can write in a line, and it will replace it with another line you choose.

import os

def find_files_with_text(directory_path, text_to_find): files_with_text = [] for root, _, files in os.walk(directory_path): for file_name in files: if file_name.endswith('.bat'): file_path = os.path.join(root, file_name) with open(file_path, 'r') as file: if any(text_to_find in line for line in file): files_with_text.append(file_path) return files_with_text

def remove_line_from_file(file_path, text_to_remove): try: with open(file_path, 'r') as file: lines = file.readlines()

with open(file_path, 'w') as file: for line in lines: if text_to_remove not in line: file.write(line)

print(f"Removed lines containing '{text_to_remove}' from {file_path}.")

except FileNotFoundError: print(f"Error: The file {file_path} does not exist.") except Exception as e: print(f"An error occurred: {e}")

def process_directory(directory_path, text_to_remove): files_with_text = find_files_with_text(directory_path, text_to_remove)

if not files_with_text: print(f"No files found containing the text '{text_to_remove}'.") return

for file_path in files_with_text: print(f"Found '{text_to_remove}' in {file_path}") user_input = input( f"Do you want to remove the line containing '{text_to_remove}' from {file_path}? (yes/no): ").strip().lower() if user_input == 'yes': remove_line_from_file(file_path, text_to_remove) else: print(f"Skipped {file_path}.")

The amount of traffic on a network has always fascinated me. I know when you set up a new Windows PC on of the first things it dose is send out a message looking for anything out their. Looking to connect and discover what kind of network its on and where it can go.

This is neat and all, but it leads to a few other things. Watching my network, using Wireshark I cant but help and see all the things trying to get into my network. This is normal, but what got me was the amount trying to get out of my network.

Now I am not talking about the normal request, like when you use Youtube, or any website. I am taking about my smart TV sending messages out. My kids tablet, sending packets out when its in sleep mode. Worst of all my ISP keeps sending packets back and forth, that have nothing to do with my internet.

Inside all of these packets is nothing but information on me and my family. Our watching habits, things we like. All being sent to advertisers. Well I needed to put a stop to this.

So I did some looking around and found out about Pihole. Its a DNS server set up by a group of people who had the same problem I had. So they set up this DNS server that runs on a Raspberry Pi.

Well after some research, I had to have this and I found a very good guide to set things up.

After following along. Soon everything was set up and I was already seeing results. All those pesky packets stopped, in the GUI I can see everything that was being blocked and everything that was getting through. The only thing I wish it would do is block the adds on Youtube, but that would mean blocking all of Youtube as they send the adds through there domain.

So the other day I was thinking about what else I could do to make my cyber life safer. So I started to looking into a Password Manager. Now you can buy a subscription to a password manager service and there are some good sites out there, but the problem is two things the subscription and security.

By security I mean you look around and you see leaks every where. Corporations getting hacked or they use the info to sale your info and all the user data is under there control. All it would take is someone to hack the password manages and then all the passwords could be out there and your rushing to change everything before they get in.

I don't have the money to do something like that, so I started to dig into making my own Password Manager using Python.I started looking into what I would need.

First would be encryption, one of the standards of the cybersecurity world. Using a mix of hashing through the SHA256 algorithm, and always salting your hashes you can make your stored passwords even more secure.

The code

# Setting up crytogtaphy from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.backends import defult_backend import base64

def derive_encryption_key(master_password, salt): kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt, iterations=100000, backend=defult_backend() ) key = base64.urlsafe_b64encode(kdf.derive(master_oasswird.encode())) return key

Then encryption and decryption, the method of the program will use to keep the passwords encrypted and then decryption when they need to be executed. Writing this code was more challenging but there some amazing resources out there. With quick google searches you can find them.

The Code

# Encryption and Decrptions from cryptography.fernet import Fernet

def encrypt_password(password, key): fernet = Fernet(key) encrypted_password = fernet.encrypt(password.encode()) return encrypted_password

def decrypt_password(encrytped_password, key): fernet = fernet(key) decrypt_password = fernet.decrypt(encrypted_password).decode() return decrypted_password

Next up I wanted Random Password generation, at least 12 chars long, with letters, numbers and special chars.

The Code

# password generation import string import random

def generate_secure_password(length=12): char_pool = string.ascii_letters + string.digits + string.punctuation password = ''.join(random.choice(char_pool) for _ in range(length)) return password

Finally it would be needing a data base to store the passwords. Through googling, and research. I would need to set up a SQL Data base. This would be something new for me. But first I could set up the code and the key for the user. Later I will add the SQL data base.

Now part of this would be setting up a Master Password and user name. This worried me abet, because anybody could just hop in and take a look at the code and see the Master Password and then get access to all my passwords and such. So to keep your code safe, it is all about restricting your code. Location, keep your code in a safe locked files, away from prying eyes and encrypted, and access to the source code should be restricted to just you and who ever you trust.

The Code

# Seting up SQL database. def setup_database(): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute('''CREATE TABLE IF NOT EXISTS Uer_keys (user_id TEXT PRIMARY KEY, key BLOB)''') conn.comit() conn.close()

def main(): # setup database setup_database()

#create a key for the user master_password = input("Enter your master password: ") salt = b' some_salt' # Generate secure salt for each user key = derive_encryption_key(master_password, salt)

#Simulate user intreaction user_id = "[email protected]" #user ID user_password = "Password1234" #user password to encrypt

# Encrypt the users password encrypt_password = encrypt_password(user_password, key) print(f"decrypted password for {user_id}; {decrypt_password}")

# Placeholder for intrgrtating the password storage and retriecal logic # This would inculde calls to interact with the SQL database.

if __name__ == "__main__": main()

Now I have much more to do to the program, I need to set up a SQL data base for storage this will be its own can of worms. Learning SQL will be a new challenge for me.

Also I wanted to add more features to the program, I was thinking about setting up an auto fill feature. Now the program will just display the requested password and you have to manually put it in. I want to see if there will be a way to auto fill it.

Lately I have been playing with more advanced Python programing. Looking around for projects I found bringing up an IDS (Intrusion Detection System). So I started to dig around found a few examples and wrote up a simple program.

Took some trial and error, and debugging, but I wrote up something. Started with setting up a directory and logging directory.

# Define the log directory and file log_dir = os.path.join(os.path.expanduser("~"), "logs", "PasswordManager") os.makedirs(log_dir, exist_ok=True) log_file = os.path.join(log_dir, 'intrusion_detection.log') print(f"Logging to: {log_file}") # Print the log file path

# Configure logging logging.basicConfig(filename=log_file, level=logging.INFO, format='%(asctime)s %(message)s')

Then I worked on setting up what the program should be looking for all the known malicious signature, I know of.

# Known signatures for detection known_signatures = [ {'src_ip': '192.168.1.1', 'dst_port': 80}, # Example of a known malicious signature # Add more signatures here

I need to add more Known Signatures, This will need more research.

Next packet capture, and identifying if any of the packets match the known malicious signatures.

def extract_features(packet): """Extract features from a packet.""" if IP in packet: features = { 'src_ip': packet[IP].src, 'dst_ip': packet[IP].dst, 'src_port': packet.sport if packet.haslayer('TCP') or packet.haslayer('UDP') else None, 'dst_port': packet.dport if packet.haslayer('TCP') or packet.haslayer('UDP') else None, 'protocol': packet[IP].proto, 'packet_length': len(packet) } return features return None

def detect_intrusion(features): """Detect if the packet features match any known signatures.""" for signature in known_signatures: if all(features.get(key) == value for key, value in signature.items() if key in features): return True return False

def alert(message): """Log and print an alert message.""" logging.info(message) print(f"ALERT: {message}")

def packet_callback(packet): """Callback function for each captured packet.""" features = extract_features(packet) if features and detect_intrusion(features): alert(f"Suspicious activity detected: {features}")

# Start packet sniffing sniff(prn=packet_callback, store=0)

The code is simple at the moment and I plan on adding more code Here is the code all together.

import os import csv import logging from scapy.all import sniff, IP

# Define the log directory and file log_dir = os.path.join(os.path.expanduser("~"), "logs", "PasswordManager") os.makedirs(log_dir, exist_ok=True) log_file = os.path.join(log_dir, 'intrusion_detection.log') print(f"Logging to: {log_file}") # Print the log file path

# Configure logging logging.basicConfig(filename=log_file, level=logging.INFO, format='%(asctime)s %(message)s')

# Known signatures for detection known_signatures = [ {'src_ip': '192.168.1.1', 'dst_port': 80}, # Example of a known malicious signature # Add more signatures here

def extract_features(packet): """Extract features from a packet.""" if IP in packet: features = { 'src_ip': packet[IP].src, 'dst_ip': packet[IP].dst, 'src_port': packet.sport if packet.haslayer('TCP') or packet.haslayer('UDP') else None, 'dst_port': packet.dport if packet.haslayer('TCP') or packet.haslayer('UDP') else None, 'protocol': packet[IP].proto, 'packet_length': len(packet) } return features return None

def detect_intrusion(features): """Detect if the packet features match any known signatures.""" for signature in known_signatures: if all(features.get(key) == value for key, value in signature.items() if key in features): return True return False

def alert(message): """Log and print an alert message.""" logging.info(message) print(f"ALERT: {message}")

def packet_callback(packet): """Callback function for each captured packet.""" features = extract_features(packet) if features and detect_intrusion(features): alert(f"Suspicious activity detected: {features}")

So a lot has happened in the time between post. First things is I landed a job working as an IT service desk pro... that lasted only about six months. Before it was outsourced to Bangladesh or some other country.

Then on getting my server setup with Microsoft Server 2016, setting all the partitions up, making a virtual network to run experiments on. Using Microsoft Azure.

I get a job 600 miles away. This dose not seam like much but after the whole Service Desk job the area I was in was not looking good for jobs in the IT field. So I looked out of state and found something then packed up a server and a 3 bedroom house and moved everything 600 miles. SO MUCH FUN....

Well now were settled into a two bedroom apartment and with a new ISP, I broke down and bought a new ARRIS - SURFboard DOCSIS 3.1 Multi-Gig Cable Modem & Wi-Fi 6 Router Combo.

So far color me impressed, the set up was easy. Just had to call my new ISP and get everything registered and I was up and running. I then went into the set up and made the settings I needed for my home server. Getting into the fire wall and setting up the ports, and port forwarding was a breeze and no ISP charge.

I also learned a lot about moving a server. One when you get everything plugged in. Do not expect it to just run like nothing is happening. The switch in IP's and ISP's threw some of my settings into error mode.

Working for a good three hours, I managed to get everything running smoothly. Including a test with the family when I had them VPN into my server and download pictures and with the new Modem/Router I am able to port forward and let my friends play Minecraft on our sever.

So there maybe some more things down the line. Right now I am taking the Google Cyber Security cert. I have to say I am impressed. I have taken the Security+ and have found this to be much more impressive. My plan is to have it completed by December 2023.

So it has been a while since I updated the Blog, Got a new job so I have been distracted for awhile with the learning and taking up a IT Service Desk. Well the server is up and running. I went with Microsoft windows 2016, I set up the local storage drive for everything important. That includes isolating the drive to only access to certain IP’s in the house and encryption. 

As for remoting into the server, I did try a remote set up and set up a Microsoft Azure VD and tried to remote into it. However I ran into an old problem. The ISP provider I use dose not allowing port forwarding with the router, So I still need to get my own Router and modem. I have been looking at a Netgear Nighthawk Cable Modem CM1200 and a Netgear Nighthawk WiFi 6 Router (XR1000), 6 stream AX5400 Wireless. But the usual problem is the price tag. Now I could go with something slower, but my thought is I should with something I will not have to upgrade for awhile so I will get to the saving for the new stuff. 

Now I did get a new setup, I got two new Monitors, desk and Monitor mounts. So far I am loving the new set up. Makes things easier for my work from home and any of my cyber studies and some of my gaming. 

So without a new router and modem, I will not be able to give people outside my network access. However I can still set up my server. So looking at the software's that are available. I got lucky and found a free version of Windows Server 2016. I quickly downloaded it and got ready to install the new OS onto my server. 

First I need to transfer my Minecraft server over. I simply copied over all the files to a flash drive and began the insulation, then installing it on the server when I was done. Installing the software was easy and it ran without any problems. 

While waiting for my server software to install I began to make a list of things I wanted to do. First off need to get all the computers in the home on the network, that would be mine and my wife’s. I also wondered if I could put our cell phones on the network, maybe the video game concles. Also I would have to worry about how the game systems would behave with the new network. I plan on running the DHCP through my new server would this cause a problem for them, I think if I keep the ports they communicate with open everything should be fine, something to make a note of. 

Then I will need to set up two separate partitioned drives, the main drive will handle basic operations and just store data. The other will be set up as a record for all the families pictures, and important records. I also wanted to look up some file monitoring software, I am defiantly encrypting all the documents.

Once the software has been installed I relies my mistake. My PC I am using for the server had all its internet access to the router through the WIFI network in my house. There maybe a workaround, but I think it would be better to wire my PC directly into my router.

Now the Router is located in the other room, my wife’s craft room... talking to her I asked if I could move the PC server into her art room. She is ok with me locating the server in her room. However I would be using this as my IT Lab, and I haven't set up remote access, yet.. (another note) and I would be in there a lot of the time and she dose not want that.  

So I am still trying to make up my mind for an operating system, I decided to do a test run on my home server. My wife wanted to play Minecraft so I installed the Minecraft server on to my computer and set it up. 

It was very simple, just download the required software, make a few changes to the code and run. Then set up Minecraft Java edition on the computers and log them into the server its self with the IP number. 

The server ran well, but I did learn that I needed to turn sleep mode off on my computer, this slowed everything down and caused the game to kick the players. 

Next I wanted to see if someone outside my network could long into the server. Calling a friend from Kansas and seeing if they could log on to my server. They tried but were unable to get in. Doing a little research I need to make sure port forwarding was running. 

This should be an easy fix, all I needed to do is log into my Router and open the port for Minecraft ( TCP Port: 25565. UDP Port: 19132) and allow forwarding from my friends IP address. But something odd was happing my router would not allow me to open port forwarding. Now my Router is rented from my ISP and they wanted me to use there internet based router settings.

So I logged onto there website and I would be hit with an extra charge on my bill if I wanted to port forward. This I could not except, and it kind of made me angary. So I did some more research, and I will need to buy my own Modem and Router. 

This would be the biggest problem, I looked around for routers and modems and made the decision, I could buy a cheep router and modem, but I do want more speed in the Wi-Fi in the house something that can take up to 1Gbps. I decided on the  NETGEAR Nighthawk 6-Stream AX5400 WiFi 6 Router, and  ARRIS SURFboard SB8200 DOCSIS 3.1 Cable Modem. 

Now I will need software to run my server. Now at school we mostly used Windows Server 2016. Looking at the Windows websites, I see the cost of Windows Server software, it can run anywhere from $35.00 USD, for a very basic set up to $350.00 USD for the more expensive and more options software. The basic set up dose not seam to have some of the settings I wish to have, like a VPN and such. As for the more expensive Windows set up, I just do not have the money to spend.

So some research will be needed some Googling should give me some results.  

After Googling and looking around there are a few software’s that are available found an interesting website that gave me many suggestions. I went through and picked out three contenders for my new software.    

1. ClearOS looks like an interesting software it holds up and gives me most of the things I am asking for free and the larger edition is at a reasonable price. However the whole system is Linux based and I am not all that familiar with Linux systems and this one seems to be made for experts with Linux. This could be a problem but it could also be learning experiment.  

2. TrueNAS is a free software that if the website is to be believed is to be completely free, thus saving my budget, they also have more secure and protected with built in encryption also it is community supported. It also looks like the best software.

Starting out I need to think about what I would like this server to do. This all starts for me with how much I can afford and what I want the server to do. First off Hardware I have an old computer I believe can be used for the server. So I will need to look over the Hardware that is currently on my Computer. Its an old LENOVO Desktop PC, with 16 Gigs of DDR3 Ram, with a SATA 1 Terabit Hard drive. So I have plenty of memory and hard drive space it also has a AMD A12-9800 RADEON R7, 8 Gigs, 4 core processer with built in graphics card.

Well looking at a home server, I would like to have a DHCP, & DNS server, there is one built into my router however my router is also the same router given to me by my ISP and I do not entirely trust it.

Data Storage, I would love for a place to store pictures and other important documents. But mostly pictures of the family this will alow people to access my server for to get to them, insteed of email and texting the pictures. this then brings up another thing.

A VPN would be nice, for  one thing this would give long distant family and friends access to my server remotly, also alow me to get into my own server from locations other than my own home.

My own IT Lab, this will be the main place I wish to access, setting up virtual machines for one. Second it will alow me a safe place to run experiments and improve my cybersecurity and IT knowledge.