Converting AD UserAccountControl to its properties with Powershell

By YellowOnline on Wednesday 25 November 2015 12:03 - Comments (0)
Category: Powershell, Views: 4.064

The human way to translate these is usually to look at the largest decimal value the given value fits in and repeat that process for the remainder (say, 11 would be 8 HOMEDIR_REQUIRED + 2 ACCOUNTDISABLE + 1 SCRIPT). After trying for one hour to put that into code, and miserably failing, I went for another approach that no human would use but is actually very easy for a computer.

Read more »

R.I.P. nl

Door YellowOnline op zondag 15 november 2015 13:57 - Reageren is niet mogelijk
Categorie: Personal, Views: 4.686

° 20 december 1937 - † 15 november 2015

Vaarwel oma.

DIY Firewall: Sophos UTM: The Basics

By YellowOnline on Saturday 7 November 2015 14:05 - Comments (15)
Categories: Hardware, Networking, Views: 20.510

Warner Bros extorted €1 000 from me a while ago because of a 3 second upload of Vampire Diaries - that rubbish, of all things ... - from my network. If I wouldn't pay, they threatened to sue me into bankruptcy for the rest of my life with their army of lawyers.

I hope to have my revenge on them, or at least on the bloodhound lawyers they send to me, one day; but in the meantime I just want to avoid this very unfortunate episode from happening again.

Looking for a way to block torrents on my network, that includes myself, my visitors and most of my neighbours, I decided to install a real firewall.

Firewalls are expensive. We're not talking about a software application blocking traffic on specific ports on your computer, but about a dedicated hardware device capable of analyzing in real time all traffic going over it. Most of these devices cost upwards from €500 or even €10 000+, depending whether you need a SOHO product or a full-blown enterprise level firewall. And all of this needs an expensive yearly license on top of the hardware

So what options do "prosumers" have? Well, the Sophos UTM seems to fill that gap. Sophos sells its own hardware for the SOHO market, but made the software free to download plus gives you a full license for up to 50 users for free. That also includes their antivirus for up to 12 users.

Basically, you can build your own hardware, install their image and have a professional, highly customizable firewall with free antivirus on top of it for free. I'm skeptical about altruism from big companies, so I wonder what their long-term strategy is. Getting a bigger share of the market? Anyway, for the time being, this is an unbeatable deal. For protecting my own 5 devices plus server with ESET I paid €200 last year - the server license is 75% of that price. For half the price in hardware as a one-time investment, I've got a lot more bang for my bucks now.

A short overview of its advantages and disadvantages:

  • Full network control
  • Options galore, including your own VPN
  • Dirt-cheap
  • Very documented and community-supported (Astaro forums)
  • You'll need to be knowledgeable about networking or at least ready to invest time in it
  • Expect a performance hit, depending on hardware
  • Wifi not directly manageable, except if you use Sophos Wifi (€€€) - but you can just connect an AP of course
Talking about hardware: the hardware you need for your own UTM can be as heavy as you make it. I kept mine light for both financial and ecological reasons; and because I seldom expect more than 10 concurrent users. Still, a minimal machine will cost you about €300 in parts. Fortunately, I found a great deal on e-bay.

More on my hardware and a step by step guide for getting the Sophos UTM's basic functions working right away. Before continuing, however, be aware that this page contains about 50 (resized) screenshots and you might consider twice before opening it on your mobile phone. :)

Read more »