section tag Linux-based Active Directory management

| Pekka Helenius |  December 2, 2021 
post header image

Upcoming article. Delayed.

Managing & controlling Windows client computers is possible not only with a Windows Active Directory domain controller but also with a Linux-based Active Directory domain controller. However, is the setup viable in real life scenarios? There are multiple factors which should be taken into account when considering a non-standard Active Directory approach. To seek the answer, multiple data analysis methods and various Active Directory scenarios in a simulated network topology are used.

The article is based on my Business Information Technology thesis work.

section tag Enforced, encrypted, self-hosted DNS solution for Android devices

| Pekka Helenius |  July 23, 2021 
Updated:  July 2, 2022 
post header image

Did you know all internet addresses you browse on your Android mobile phone or tablet are resolved by Google DNS servers (8.8.8.8, 8.8.4.4, 2001:4860:4860::8888 and 2001:4860:4860::8844) as plain-text traffic, and due to that, your ISP may also know your browsing or application use habits?

The newest Android versions have feature known as private DNS. However, it accepts and uses only domain names instead of raw IP addresses, so I wouldn't trust the feature too much. Quite obviously you can use VPN. However, you are dependent on an external VPN provider service - and you hardly get useful DNS query logs at all.

So, no use either for built-in private DNS feature or VPN. What then? My answer: use a self-hosted DNS server with encryption support, running on your Android tablet or phone. Enforce every single DNS query by Android applications via that server. How? Keep reading. You need a rooted Android device.

section tag Kerberos-secured network file shares - practical guide for kerberized NFSv4

| Pekka Helenius |  February 12, 2021 
Updated:  November 9, 2021 
post header image

Sharing sensitive data in secure manner is important on many critical network environments, and Kerberos security provides much needed security layer for insecure NFSv4 file sharing. This article focuses on setting up, configuring and testing MIT Kerberos V5 + NFSv4 file sharing on Linux environment.

Unlike many blog articles, I take one step further and explain how to set-up such environment with not just two but four individual Linux computers: Combined Kerberos LDAP back-end and user database server, Kerberos KDC & Administration server, NFSv4 server and NFSv4 client.

section tag How to: RaidSonic Icy Box remote control

| Pekka Helenius |  November 29, 2020 
Updated:  December 1, 2020 
post header image

Recently I was greatly frustated by the fact I couldn't remotely power up or shut down my RaidSonic Icy Box storage box. These consumer-level boxes are basically local control only, no WOL or any remote functionality.

I decided to change the situation. As a half-day project, I made a simple Raspberry Pi + relay control to add remote network-accessible control for my Icy Box IB-3640SU3. There are also security and privacy aspects involved that might interest you.

section tag HikinGrounds: A website for outdoor people

| Pekka Helenius |  November 27, 2020 
post header image

I recently opened website HikinGrounds.com. The website is for people looking for various outdoor activities in multiple parts of the world. Currently, the website is in an early stage of its development cycle.

The website is powered by modern Java back-end technologies: Spring framework and Thymeleaf template engine.

First development phase of HikinGrounds.com took a month, and implements user sign up & access control and a SQL database with nearly 30 tables. Although I heavily focused on back-end development in the first phase, I also use some front-end technologies such as JQuery & Bootstrap to provide necessary UI functionality.

section tag Why does security matter?

| Pekka Helenius |  October 26, 2020 
Updated:  October 29, 2020 
post header image

At the time of writing this post, my home country, Finland, is widely shocked by successful attacks against a private psychiatric center Vastaamo from which a black hat hacker(s) obtained thousands of sensitive patient records by gaining access to an unprotected database server and network infrastructure. And the data is leaked in Tor network in steps, bitcoin payments are demanded, threatening emails are being sent to victims who panic.

section tag OpenNTPD - now with OpenSSL support

| Pekka Helenius |  August 2, 2020 
Updated:  January 21, 2021 
post header image

For a few weeks, I've been working on implementing OpenSSL support and vastly improved configurability to OpenBSD-based NTP daemon OpenNTPD. Both of which I have done now. OpenNTPD is written in C. See the implementation on GitHub - openntpd-openssl.

I run a Linux server infrastructure with time-critical daemons such as Kerberos and Bind9 DNS server. Therefore, I see it's essential to have a local, secure NTP server software.

section tag USB authentication for Linux computers and users

| Pekka Helenius |  June 23, 2020 
Updated:  June 28, 2020 
post header image

Are you looking for a cheap and trustworthy two-factor authentication solution for your Linux computer or computers? You should take a look at USB PAM authentication module which let you to establish either a simple or complicated authentication rules and actions for each Linux user depending on your needs and environment. The module stacks on top of your existing solutions such as basic password or LDAP authentication and adds extra layer of security.

section tag Run Android apps on Linux desktop with LXC

| Pekka Helenius |  June 13, 2020 
Updated:  October 24, 2022 
post header image

Many of us have heard about or tried out GenyMotion Android Emulator. Did you know running Android applications is also possible on a regular Linux desktop computer without any virtual machines, with modern container technologies?

In this post, I guide you through one good solution I came across with quite a short while ago - Anbox.

section tag TinyForest - Self-developed automation system for home

| Pekka Helenius |  April 9, 2020 
Updated:  April 20, 2020 
post header image

Home automation is a large field with many market products available. TinyForest is another home automation system, developed and designed from scratch for various target environments, written in Python 3 and ReactJS. In time writing this article, TinyForest core system is fully functional, and further improvements are planned. It adapts to multi-sensor and multi-device configurations, and can handle everything from irrigration and heating to light controls.

section tag SQL database planning, development & usage

| Pekka Helenius |  February 2, 2020 
Updated:  February 11, 2021 
post header image

Excel spreadsheet data processing is a familiar approach for everyone to handle local client data sets. However, for server-side data handing, centralized SQL databases are used. More modern NoSQL techniques are even better for big data due to horizontal server scaling possibilities.

In this post, I cover a basic SQL database lifecycle from client requirements specification to detailed database use and data analytics, using a fictional game tournament service as an example platform.

section tag Fighting dotfile pollution on Linux

| Pekka Helenius |  January 3, 2020 
post header image

Have you ever got sick of mess in your Linux home folder(s)?

The mess is usually caused by countless random dotfiles, generated by multiple applications over time. In Unix world, these dotfiles are also known as hidden files or hidden folders.

The dotfile pollution issue exists due to three main reasons: non-standardization of dotfile locations in a home folder, the way software developers treat user home folder locations in their application code and, unlike system-wide application packages, user-specific application files are usually not centrally managed at all.

section tag Malicious trojan for Steam installer

| Pekka Helenius |  December 13, 2019 
post header image

Imagine a popular and widely spread Microsoft Windows application you'd like to exploit or create a backdoor for? Problem is: Many applications, such as setup program of Steam gaming platform by Valve Corporation is protected against common tampering or injection attempts.

However, there is a way to add malicious content into such programs. In this post, I demonstrate a simple attack approach and countermeasures which you should remember in any software environment.

section tag SaltStack automation for Android phones & tablets

| Pekka Helenius |  November 19, 2019 
post header image

Do you want to gather data from multiple Android devices remotely at the same time or control the devices? Absolutely possible. Although digital markets have solutions already, I wanted to do the task bit differently with common server management tools: SaltStack.

It turned out to be possible: Android devices can successfully be controlled with SaltStack.

section tag Experiments with RAM adapters

| Pekka Helenius |  November 2, 2019 
post header image

Do you have extra laptop RAM sticks lying around your house or workplace? Do you want to re-use them before throwing them into a trash bin? Well, there is a solution which might take your interest.

section tag Automating Windows Active Directory deployment

| Pekka Helenius |  October 8, 2019 
post header image

Have you ever wanted to take a cup of coffee while installing Windows Active Directory?

I recently had one this kind of task which is why I decided to give control for semi-automated PowerShell modules & scripts, written from scratch. System administrator should supply parameters for the installation process to use. Otherwise, deployment of the whole AD: fully automated.

section tag Fan Noise Reduction of HP Procurve 2650 Switch

| Pekka Helenius |  September 18, 2019 
post header image

In the earlier post I mentioned noisy fan of my recently bought HP Procurve 2650 L3 Switch. Today, I have a solution to the problem.

Actually, noisy fans seem to be quite common in rack/server room targeted network devices (switches, routers). According to my observations, the problem covers Cisco Catalyst 2960-S switches, as well. This is a major problem if any of these switches are installed at otherwise silent office or school environments.

There are basically two methods to work around the noisy fan problem.

section tag Emergency control for servers

| Pekka Helenius |  September 6, 2019 
post header image

Need a remote control for your physical servers but WOL (Wake-On-Lan) doesn't fit to your plans? Exactly my case!

In a case of emergency, such as a server not responding, I must have ability to control power states of my remote servers. Basic solution in such case is to physically reboot the server computer. But how to do it without physical access, and without WOL?

section tag Home Lab - First steps

| Pekka Helenius |  August 31, 2019 
post header image

Home lab? Yes, first steps taken! This has been in my mind for some time. Why? First for learning purposes but it has potential for more in the future. Home network lab is not a same thing than large corporate network with multiple inter-connected sites, but it is a good start, anyway!

Home lab gives me an opportunity to get my hands on real stuff to see a blink of the physical side of network planning, giving more perspective for the whole process rather than only playing with logical (or virtually simulated) network topologies in network simulation software.

section tag Adventures in cloud

| Pekka Helenius |  August 13, 2019 
post header image

One of the first goals for Fjordtek was setting up a basic cloud environment for clients to use. Security in mind, the network connections must be encrypted and trusted which is why self-signed certificates were out of question, not talking about plain HTTP connections.