Hi, this is my first official blog post. If you’ve visited my main website, then you would already know that I’m a hacker(the good kind). I know the about page looks a bit sketchy, but eventually I’ll fill it. 🙂 I’ve made this blog so that I can share my knowledge about a lot of different things spread across different industries. In the future, when I’ll be a very famous person, then I’ll use this blog as a means to spread awareness about social, environmental and political issues. But for now, I’ll focus mainly on #privacy and #security.
I think everybody should’ve access to cost effective solutions to protect their online #privacy. Privacy must be a human birthright and should not be controlled by some corps like the way it is today. Recently, I took steps to take full control of my online life which I’ll share with you. To learn whats in store for you read on! On the #security side, over the years I’ve gained a lot of knowledge on IT security best practices. And now, I’ve decided to share some of it with the world.
Recently, I learnt a lot of server side security best practices which greatly complemented my existing knowledge. I’ve a lot of cool things to share, especially with tech-savvy people like me. If you want to take full control over your online privacy, then I’ll show you how it can be done for just $5 per month. Here is a list of things that we’ll build within our $5 budget:-
- First, we’ll start off with building an OpenVPN server, which we’ll later use to restrict other services on our server to our vpn connection only. We’ll then secure the server to fit our needs.
- Next, we’ll learn how to restrict SSH to the OpenVPN(UDP) connection. SSH over UDP is as fast as SSHing to another machine over the LAN! Optionally, we’ll look into other ways of securing SSH.
- Then we’ll learn how to restrict all the services(currently running and those added in the future) to only one single port! To prove my point, I welcome you to try your “pro” nmap skills on my server and see what you can find. 😎
- Next, we’ll do the standard LAMP installation and adhering to the principle of least privilege, we’ll install Nextcloud on top of it. We’ll then configure nextcloud as our own End to End Encrypted(e2ee) file server. You’ll be able to keep your most precious files secure without anybody knowing about it. 🙂
- Then, we’ll look into ways of speeding up our apache webserver so that our installation is fast and responsive. After that we’ll follow the recommended practices to secure apache and tidy up things.
- Optional but recommended, we’ll install and configure a send-only email server to send us email notifications on system alerts and on succesful completion of cron jobs. Optionally, if I get many requests on making a post about how to set up SPF, DKIM and DMARC records, then I may even write one.
- Next, we’ll install WordPress keeping server security in mind and will try to keep our wordpress installation as secure as possible. Note, installing wordpress is purely optional. But, as you’ll be paying for this better put your money to its best use by setting up that blog you always wanted to.
- Next, the most fun and coolest part of our server will be installing a Password Manager Server(Whats that? Don’t use a password manager yet? Yikes!. I mean what year is it? 2010? Ew.). We’ll host the rust based fork of Bitwarden server on our server. 🙂
- After all this has been setup and only one port remaining open on our server, we’ll look into advanced and powerful security features like adding a WAF(Web Application Firewall) and an IDS(Intrusion detection system) in our server.
- And finally, after all this is setup, I’ll conduct a full system audit and do regular security assessments(If I find time) and fix the security issues found therein on my server. I’ll make posts about the major issues I find in my server, which’ll benefit you if you’ve built a setup following my tutorials.
I’ll try to make a different post for each software mentioned above so that things are easier to grasp. All of the above mentioned softwares are popular and open source and are completely free to use. I know many small business or company may pay in upwards of a thousand dollars for such a secure setup, but as I said, we’ll build all that’s mentioned above and more for just $5. 🙂 Remember, my goal is not to give you the guide to the cheapest and most cost effective server setup on the internet, but to teach you to stand up and take control of your online privacy! I’m going to cover some intermediate level networking concepts and will try to describe them as easily as possible so that everybody can understand. And just think about the plethora of security topics I’ll cover, which, if you were able to understand easily, will mean that by the end you’ll be a security pro! And by the way, I can bet that you’re going to enjoy this setup if you chose to stick to my tutorials. And yeah, Nextcloud is not just a file server, you can do much more with it. If you’re a tinkerer and technophile like me, then you’d be able to do so many coool things with this setup that you can boast about and share with others so that people can learn from you. So, for all of that and more, see ya on the internet.