{Wire}guard from your ISP

People are getting into a recent uproar about entities like facebook and cambridge analytica while willing putting their information into these ecosystems. We should instead be considerably more concerned about the unwilling surveillance we’re a part of from our ISP. Recently the guardian and some discussion pushed me to finally look into applying wireguard to something like the home network design. So in this we're going to install wireguard on an edgemax router, bring up a wireguard tunnel to a VPN service, send all DNS queries over that tunnel, and send selective hosts or subnets Internet bound traffic over that tunnel.

ECC Certificates and mTLS with Nginx

If you want to be truly paranoid about authentication to services, you can implement your own Public Key Infrastructure (PKI). Many large organizations that are privacy focused have developed a digital/physical PKI strategy, for example the DoD’s Common Access Card. OpenSSL is a software that can be used to setup a “simple” PKI, however it’s command complexity is easy to get lost within. In this guide we’ll set up a “simple” PKI that we’ll use to authenticate users with, while still using the legitimately issued Let’s Encrypt Domain Validation certificates.

Home Network, a novice Design

When you jump beyond the use of a monolithic router/switch to separates it can be a daunting task. Often it is easy to settle into using non-managed switching, which doesn't allow for isolation. In todays age with IoT running rampant having different domains of isolation can be an essential for limiting untrusted but useful devices from ex-filtrating data from your household. Moving to a managed switch platform allows you to do a variety of interesting things for your home network, yet getting started can be a bit daunting.

Limiting Exposure via ssh ProxyJump

ssh is an amazingly prolific tool that is used extensively by anyone who manages systems. It's a tool that many of us trust to provide the ultimate command and control access to devices we manage, and on many commercial systems it can be marginalized by being updated infrequently. If you're able to run modern openssh you have access to a new feature named ProxyJump, which makes using a jumphost much simpler.

Network Hardware Selection

After several deployments of varying size and complexity, an offered opinion on the advantages and disadvantages of choosing Ubiquiti hardware for your next project. Originally written in early 2017, there are some updates from early 2018 relating to technical/ideological facets that have come up in the last couple years of operating Ubiquiti equipment.