Sorry about Dusty from the Government Cabinet Network. We can’t use them for our business, so we have to use a hotspot solution. Now that I have a tablet, I connect it to a Type C hub using Ethernet. Then, my tablet connects to the WAN port on the router. Then I went to tablet settings and turned on tethering. Now our Router will get Internet via tablet. The hotspot MiFi only sees one device because my router is doing the job for us. So cool project to figure out. I couldn’t use the Wi-Fi extender, it won’t work… If the tablet goes off and is not used for a while, it will turn off the tether. I found another solution, I went to Developer Mode in Tablet Settings and turned on Stay awake when power charge then brightness dark all the way to save battery life spans.
Thank you for inviting us to participate with you. It was a beautiful day and a wonderful time, which we all enjoyed every year.
Love you, mom
I am grateful that Navi is there for my mom, no matter what. Teaching my mom how to operate a scooter is truly incredible. Despite being 5 years thick and thin, you’ve been with my mom.
First time see my mom on a scooter, so coolbeautiful beach and water is not that cold but it chilling and feel good.This flat of beach is so beautiful.Richard and Jasmine <3mom drain corn and putting on bean chips, BTW she making bomb and it yum.My mom put Bean chesse and corn and etc… and it still yummmy
I’m learning that if they enable auto-update, then some bugs happen. And then the best solution is to go back to safe mode and remove one driver. But I feel bad about all these TV apps that can’t remote control due to being blue screen death. And so few IT members in each business to do all TV. Unfortunately, my stores do have Windows 11 and 10, but they’re not enabled for autoupdate. I prefer to update my computer monthly in person. As of today, July 19th, 2024, all my stores are still working with Windows 10, 11. And they’re working pretty well. With last month’s update , i left it alone until Windows released the next update that fixed, but it fixed today. whew.That scary moment when you suddenly get a blue death screen all over your store at once during the middle of the night when you’re sleeping, and that nightmare comes true.
All my Google Drive accounts are migrated to my Nextcloud. I had built my Nextcloud on my server and finished it. I love that Nextcloud allows me to put private data where I can store to my Server instead of Google, OneDrive, or Apple Cloud Server data. We had to pay them to hold our data. I had the office installed on Nextcloud, and now we can do word, PowerPoint, spreadsheet, and draw. And also have Nextcloud Talk on Nextcloud, which is benefits to have all in one app.
If you want to build your own server, you can! 🙂 Here link.
The reason we came and swapped the shelf network to the cabinet network was to ensure that our network is secured within the cabinet network and to reduce the number of visible power plugs.
I installed a mini BOSGAME computer that was enough for speed internet and the performance was excellent with a multiserver firewall. Furthermore, I have also installed WireGuard VPN on the firewall to enable remote access to my server from a single IP address. I won’t get attacked or hacked from ssh.
Firewall to protect our server to avoid any hacking, malware, ransomware and more… Our firewall had Phishing Blocker and spam blocker for our Email server. Very benefits for our business.
I also like bandwidth control for our server to improve performance.
Testing Speed Test with WireGuard with mini PC.
With WireGuard VPN
without VPN
I am happy with the speed because I had Server at location was 600mbps download and 200 uploads from Comcast business. So My firewall can handle VPN and firewall and many features. Now our Server and Web hosting is safe again. My home is 300 and 35 from Xfinity, So My Upload is perfect.
I finally got this to work with cloudron AdGuard Home because it won’t work just use DNS port or encryption until you add IP or Client ID in allowed Clients, so I am using Client ID. This will show you how to set up DOH AdGuard Home with TpLink Omada DNS Proxy.
This explains to us what Client IDs are, and I found DNS over HTTPS is useful for our networks, since I had a wildcard certification.
Open AdGuard home and log into your admin account. Navigate to the DNS settings and find allow clients. I put laketapp that I would use for our stores nickname. Then make sure you save it.
Then go to TpLink Omada Controller Webgui and Login your admin, then select the location you want to set DNS over HTTPS with cloudron AdGuard Home.
After you select Location, go to Services on the left side.
Then go to DNS Proxy then go enable DNS proxy then DoH then add your AdGuard Server, mine is https://laketapp.dns195.richardapplegate.io.
Now go check AdGuard Home, see if there are any queries,
yep, it’s working, Now My Router is communicating with my DNS Server secured.
I built another mini computer for Sunrise Village and added another network card to my mini computer for internal and external network. Not only that, but I also set Internal to “bridge” and set my Modem wire to firewall “external” and then firewall “internal” to a 1 gigabit switch. So I can put more Server in one 1gig switch. We had static IP, and we’re using these on our server, so My Firewall will not protect my server until I create rules and firewall and Threat Prevention and virus Blocker.
We can upgrade to 2.5Gig or 10gig speed on our server and firewall, but our plans are 600mbps and 200mbps uploads, so it is enough for all my server to hosting on switch.
Not only that, but we have Three locations that require a firewall. I set up a firewall at Sunrise Village a few days ago, and it is working well. We need to protect where our server is that runs all of our store network and slack alternative and cloud storage.
User 1: Omada TpLink Router Hosting User 2: Web and Email Hosting User 3: all apps in one server solution.
A firewall serves as a safeguard against distributed denial-of-service attacks on the Internet. The firewall on our modem is weak, and we’re still getting DDoS attacks. We need a better firewall, so we can’t worry about our server and network systems.
Fail2Ban is a Python program that helps safeguard Linux systems and servers from brute-force attacks. This program can be configured to provide SSH protection for your server. With it, you can be sure that your server is secure from attacks that employ brute force. It also enables you to see how strong the attacks are in terms of how many authentication attempts are being made.
Brute-force attacks can be powerful and may result in thousands of failed authentication attempts each day. Understanding how to safeguard your server against these attacks and how to block IP addresses is essential.
Fail2Ban makes it easier to block brute-force attacks by restricting the number of failed authentication attempts a user can make before being blocked.
This is extremely useful for servers that have user accounts that utilize passwords for remote authentication, rather than SSH key-pair authentication.
First, update and upgrade your server to Ubuntu.
sudo apt update && sudo apt upgrade
Installing and Configure Fail2ban
Fail2Ban is completely free and works with most of the most popular software package managers.
Please install Fail2Ban by running the following command:
sudo apt-get install fail2ban
2. Please use the following command to ensure that Fail2ban runs at system startup:
sudo systemctl enable fail2ban.service
3. After you have installed Fail2Ban, you can start setting up Fail2Ban to create a jail for your SSH server. The configuration files for Fail2Ban are in the directory /etc/fail2ban.
Fail2Ban uses the default configuration in the jail.conf file, but it’s not recommended to use the default configuration files. This is because the default configuration files can be overwritten by new updates to the Fail2Ban package. The preferred approach to creating configurations for a particular service is by creating a new configuration file in the /etc/fail2bandirectory with the .local extension. For example :
path is /etc/fail2ban/jail.local
Creating SSH Jails With Fail2Ban
Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail.
sudo nano /etc/fail2ban/jail.local
2. You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service. Fail2Ban Configuration Options:
Configurations
Function
enabled
Jail status (true/false) — This enables or disables the jail
port
Port specification
filter
Service specific filter (Log filter)
logpath
What logs to use
maxretry
Number of attempts to make before a ban
findtime
Amount of time between failed login attempts
bantime
Number of seconds an IP is banned for
ignoreip
IP to be allowed
3. With the information in the table above, you can create the jail.local configuration for OpenSSH server (sshd). The values used in this guide example are listed in the sample file after you have entered the configuration options and I created file: /etc/fail2ban/jail.local and configured it for SSH ban if wrong Password 3 times.
4. After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:
sudo systemctl restart fail2ban.service
5. After you restart the OpenSSH server service, Fail2Ban uses this new configuration, and the jail for the sshd service is activated and runs.
The amount of wiring and stacking up each other wasn’t a good idea for the long term. So I asked my boss to upgrade and make it secure and long-term because the cabinet network will help reduce dust and overheat. A cabinet network exhaust fan pulls all the hot air out of the cabinet network. It will also assist in cooling the system. 3 more stores to go to finish up the network cabinet.
Before
I intend to rewire and cable everything next month to ensure proper cable management.
After.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.AcceptPrivacy Policy