Geek rant: Network level up!
Sunday, December 16, 2012
After 2~3 days of continuous tinkering with my network and computer. I have final-fuckingly create a setup where I can access anything from the internet. Here are the services that I've set up for myself.
- Music streaming server
- (S)FTP File server
- HTTP File server
- SSH tunneling
- Home VPN
That's pretty much all the connectivity that I need for the moment. There is still VM streaming through browser and other more technical things that I haven't quite figure out yet. If you remember me being frustrated about my home network, I've fixed that as well, I can finally pass through all traffic to and from the internet without any problems.
So, all those services, what are they and what can I do with it?
1. Music server allows me to serve up all the music in my 2TB RAID-1 NAS (network attached storage) with a simple interface that downloads a playlist and starts playing. Of course, there is user account authentication with it.
2&3. Allows me to download files from my network through the internet. SFTP being secure, and HTTP being insecure, but easier to setup and I can allow friends to upload/download to my computer.
4. It's basically a more secure version of a proxy server. (redirects traffic to my home network securely*)
securely* not as secure as a VPN
5. VPN (Virtual Private Network), once I'm connected it, my computer will think it's in my home network. So I could access any network devices through it's private IP.
Of course, all of this traffic is directed to my desktop behind R3.
|simplified network diagram|
That's pretty much how my network is right now.
*R = router
R2 is bridged to R1.
R3 is linked to R2 wirelessly.
R1 and R3 are serving WIFI
This configuration necessary as whatever experiments I do wouldn't affect any one else at home using their internet. I'm sitting on R3, everyone is on the same Logical network but different physically.
Now, the security part. I am not that confident but I try my best. With R1 blocking DoS, R2 and 3 will drop invalid packets or large amounts of SYN connections. It's not that great in theory but I'm working on it. Now for the fun part, all of my services are hosted on Virtual Machines running Linux. So there's an added layer of Sand-boxing security.
SSH is secure, mostly. It can do better.
Just using passwords isn't secure enough. All my routers uses private key encryption. (requires a file to log in, and you can see who the user is) Since I'm going to log into my Linux server most of the time, I went with a 2 Factor-Authentication. It requires me to enter my account password, followed by a verification key. The verification key is automatically generated on my phone using the Google Authenticator app and the verification key changes every 30 second. You need both to log in.
This isn't perfect of course, there are still ways and loopholes into it, but it'll deter script kiddies from trying to hack me for no fucking reason.
Why the fuck am I doing this?
Because it's interesting isn't it? Having full control of all your computers & files wherever you are in the world. Being able to share files with friends without uploading to some random service. Being able to stream music and videos online from your own network. Most importantly, security. I can be at peace using some public wifi hotspots because my connections will be encrypted.
All these will probably help me in my work in the future. Now, if only if I had a friend who does these as well...