Since 1999 I have been involved in a number of both professional and hobby security and infrastructure projects.
Below are some highlights of this experience.
|Summary||Description||Tools and Skills|
|DMZ and Security Upgrade||Recently I decided to upgrade my network to support the 200Mbps connection I have to the internet. My raspberry pi internal firewall / router was only capable of approximately 90Mbps. I was looking for something that would be as secure and regularly updated as my Linux system and settled on the openSource project Pfsense, which is a modified version of FreeBSD with a web based configuration interface as well as SSH for shell access. The project provides regular updates to the Kernel and software and has partnered with Netgate to supply reasonably priced hardware pre-installed with Pfsense. Their SG-2220 appliance provided the robustness and capabilities that should be sufficient to last a number of years.
After installing the new pfsense appliance I decided to move the Raspberry Pi into the DMZ in order to act as the SSH server that would be exposed to the external network. This ensured that neither Router Firewall could be directly access from the external network for configuration and provided a low cost, low energy and reliable solution.
|Custom Linux Firewall Router||Built a custom Linux Firewall using an old Power Mac G5 with Dual Gigabit Ethernet and Gentoo Linux. Firewall’s purpose is to serve as a perimeter firewall, protecting the DMZ. This server replaced a Netgear ProSafe firewall/router that was not capable of processing data through the firewall at more than 30Mbps. The new firewall is theoretically capable of supporting traffic up to 1Gbps.
|Raspberry Pi internal Firewall Router||Created a low cost firewall router using a Raspberry Pi 3 Model B and a USB ethernet dongle. Used the Raspberry Pi as internal firewall for approximately 1 year, until its approximately 90Mbsp max throughput became a bottleneck for the network.|
|Raspberry Pi WiFi Access Point||Experimented with using the Raspberry Pi as a low cost wireless access point by running the WiFi in adhoc and bridging the ethernet and wireless networks. Unfortunately this configuration had very poor performance and range.|
|Amazon EC2 Web Server||Migrated a hosted website to Amazon’s EC2 infrastructure in order to reduce cost and gain increased flexibility.
Used EC2 running Amazon Linux to host a WordPress blog.
|Amazon WorkSpaces||I have been a mac user for many years, since approximately 1990. Every once in a while it is necessary to use a Windows based machine and unfortunately when it comes to a desktop in the cloud Amazon Workspaces and Windows Server 2008 is the only viable solution at a reasonable price. I was curious to see if it was possible to combine an iPad with a virtual desktop and completely replace a laptop.|
|Office 365 For Business||Migrated from G-Suite to office 365 for business. Primary reason for migration was due to the availability of SharePoint to manage documents. Implemented mandatory 2 factor authentication for additional security.||
|email Server||Around 2000 I began running my own email server. Over the years as problems with SPAM began to grow it became more and more difficult to send email from your own mail server, as large email hosts began white listing or black listing various IP ranges and servers. In 2007 I began outsourcing my email, first to a hosted Exchange solution, then to a hosted IMAP solution, then to G-Suite, and then Office 365.||
|Proton Mail / Encrypted email||Over the years I have experimented with secure email, such as using PGP to encrypt messages. Unfortunately I have never found a solution that was easy to use for recipients, who were generally a bit less tech savvy then myself. The most recent solution I experimented with was Proton Mail, a mail server hosted in Switzerland. Proton mail delivered on the promise of secure email, as long as you were only concerned about where the email was stored after you received it. Proton Mail also provided a method for sending a secure message to another person, but that person either had to use Proton Mail too, or they had to access the message from a web browser.|
|Beowulf Cluster||Built a 48 node Sun compute cluster for the solving of computationally intense problems.|