Secure Network Access

My former elementary school asked me to design a secure network access system for their local heating system.

Hero image of Secure Network Access

But... I'm not a network engineer

Since I'm not a professional network engineer, I had to learn a lot about network security and how to implement it practically. I started by researching the latest security protocols and best practices, then designed a system that would meet the school's needs while maintaining robust security.

I do however have some experience with network engineering and have worked on several projects that involved network design and implementation. This was however some time ago during my university years.

An old thin client that I opened up and repurposed.

An old thin client that I opened up and repurposed.

Coding and documenting the system

Coding and documenting the system

The solution

After discovering there was no existing server infrastructure in place, I decided to implement a simple yet effective solution using a Raspberry Pi and a few other components. The Raspberry Pi acts as a Docker host and runs a Cloudflare Tunnel instance that creates secure outbound-only connections.

Key components:

  • A Docker container running Cloudflare Tunnel for secure outbound traffic only
  • An automated startup script that launches the Docker container when the Pi boots
  • SSL/TLS encryption for all (unsecured) HTTP traffic
  • Cloudflare's security features to monitor and protect the network

After monitoring the Raspberry Pi's temperature, I noticed it was running hot. While not critically overheated, we relocated it to a cooler spot for optimal performance.

I also keep a backup Raspberry Pi on hand for testing and development. This allows me to quickly switch between the two devices in case of issues or when deploying updates. In the past I have had some issues with the Raspberry Pi's hardware, which led to the need for a backup device.

v1: Inside this mess (I should go back to fix this).

v1: Inside this mess (I should go back to fix this).

v2: Relocated to a cooler location.

v2: Relocated to a cooler location.

Working together with AI

A great opportunity to use AI to expand beyond my foundational knowledge

This project provided an excellent opportunity to collaborate with AI to enhance the network's security. I used AI to verify potential security threats, asking questions like: "What are the potential security vulnerabilities of a Raspberry Pi running Docker containers?" This approach significantly improved the overall security of my implementation.

The project marked my first time using AI as a technical assistant, and it proved invaluable for learning new concepts and validating my approach.

Local web server inside the heating system

Local web server inside the heating system

The humble Pi doing its job

The humble Pi doing its job

Mission accomplished

And there we have it: a secure network access system that meets the school's operational needs while maintaining strong security protocols. This was an enjoyable project that pushed me to learn new skills and apply them in a real-world setting.

Special thanks to Jorgen for his invaluable assistance throughout the project!