Cybersecurity: Networking, back to basics

Introduction

Every once in a while, it is good to brush off your knowledge and repeat the fundamentals. Sometimes you are completely new and need to build an understanding of the big picture or you don’t even know where to begin asking questions.

One important but ever-present area in cybersecurity is networks. It is one of many things that the blue team defends and the red team tries to breach. It is in the air and in the walls around you. It is with you when you travel and it keeps the world connected.

When thinking about networks I like to think about it from the perspective of the user and their devices. These devices at the “end of the line”, our phones and computers, are also known as endpoints.

In order for them to get updates, send messages, use certain apps or do anything productive in the web browser they need to be connected to the network. The smartphone or the computer might be connected wirelessly to a wi-fi, while a stationary computer might be connected with an ethernet cable.

The physical setup

In a business environment you sometimes see devices in the ceiling. There are devices like these that broadcast one or multiple wireless networks. Have you ever connected to a guest network at an office or a wi-fi in a café? It is likely that your device was communicating with that device in the ceiling, often called access point, or referred to as an AP.

So how is the access point able to broadcast a network for you to connect to? It happens to talk with something called a switch. It has a large number of ports, which are outlets for network cables. The switch can be managed by the IT team, segmenting the network traffic so that some devices cannot talk to other devices even if they are physically connected to the same switch. This division of traffic is referred to as Virtual Local Area Network (“VLAN”). This is a great way to enhance network security, for the simple reason that some devices might not be very safe and needs to be kept isolated.

The question then arises, how does the switch get network access and data to distribute throughout the workplace? Usually there is a router in the building that is connected to the outside, usually through a coaxial, copper or fibre-optic cable. Through this connection the router is talking to the company providing the customer with internet, the so-called internet service provider (“ISP”). When you look up your own or someone else’s IP-address online, it is the address of the router that you find, the public IP-address.

In a home environment on the other hand, it is common that you have only one device that does all things. It broadcasts wireless internet, distributes network through physical ports and has network protection in the form of a firewall. A firewall is basically a set of rules that allows and blocks certain traffic from going in or out. In a business grade environment, the firewall can be located in separate devices.

The non-physical side

We looked at the physical devices that can be used in networking, but it is only one side of the story. We also need to cover a bit about the things that you might not see, that are equally important.

Let’s start with the devices that you connect to the network, in order for the information to go to the right device they are provided an internal (“local”) IP-address on the network by something called the DHCP-server. IP stands for Internet Protocol and DHCP stands for Dynamic Host Configuration Protocol.

The IP-address that your phone is given on the network itself is normally not visible outside the network, when your phone visits a website it is your public IP-address that is shown. This is why devices on completely separate networks might have the same IP-address without any conflict. If two devices have the same IP-address on the same network however, it might cause issues. You can see the public IP-address as the address to an office building which the postal service is trying to deliver mail to. The local IP-address works like an identifier for the specific office to which the receptionist in the building is carrying the letter to. The router on the network, also called a gateway, has an IP-address too. This is so that your phone knows where to send the outgoing data for example.

It is worth mentioning MAC addresses as well, these are unique identifiers that is connected to the hardware in your device. While IP-addresses are provided and can change, the MAC normally cannot. However, it is possible to fake your MAC address, making it look like you use a different device than you actually are using. The act of faking this identifier can also be referred to as spoofing your MAC address.

When you visit a website you might enter a website address in the web browser, but your devices are thinking in IP-addresses, so there is something called DNS that helps with this translation. DNS stands for Domain Name System and it works like a phonebook. First your computer checks if the IP for the address that you are searching for already is stored in memory, otherwise it talks to a DNS server to get the correct IP so that it can communicate with the website. The DNS server can exist in different locations such as at your Internet Service Provider or at a public DNS provider (Cloudflare and Google being two commonly used ones). There is a certain type of attack called DNS poisoning that basically means that the phonebook contains malicious entries, so that the translation is corrupted. So even if you enter the correct website address, it connects you to a bad IP-address.

Finally, we will take a brief look at what is actually sent across the network.
The simplified version is that the raw data is sent through the network in wrappers called packets. Something called protocols define how the data is contained in these packets. With older and unencrypted protocols sensitive data might be intercepted if someone is sniffing the network.

The role of the defender

As you can see, there are many components that interact with each other and the defensive task doesn’t get easier. Taking inventory of what you need to protect, updating firmware and maintaining firewall policies are just a small part of network security. Security hardening is the process of reducing vulnerabilities and making your system harder to attack and that is something you need to work with regularly as a defender.

Cybersecurity: Quantum Computers

The quantum future

Introduction

One of the next big leaps in IT is the on-going and imminent development of quantum computers. I was very fascinated when I first heard about them and their potential a couple of years ago, which is why I want to share some of the fundamentals because of their implications on the cybersecurity field. This article aims to spread awareness without digging way too deep into the technical details, because frankly it is a complicated topic.

Encryption

First, we need to talk a bit about the basics of encryption, what it is and how it works.
The most basic example would be when you visit a website and enter sensitive information such as a password, perhaps you log onto your favorite social media. In many modern websites the information that travels between your computer and the remote server is protected with encryption. It is not readable for a human mind, it requires a key to remove the encryption essentially.

When sensitive data is sent, it often includes encryption. This essentially means that it is sent in an unreadable format, instead of a plaintext format, and only the right key can unlock the secret information. The encryption can be done with a method such as asymmetric encryption. One example is cryptography based on RSA (“Rivest-Shamir-Adleman”).

Asymmetric encryption uses two keys, one public and one that is kept private.
If you want to send data to someone, you send it using the recipient’s public key. They can then decrypt the data using their private key without having to share it with anyone.

As an extra step, the sender can sign what they send using their private key, which allows the receiver to confirm it using the public key of the sender.

The idea is that even if someone intercepts and stores the data being sent, they can’t read it, because they don’t have the right key. Sounds good right? In some cases, the encryption can be brute forced, revealing the secrets without having had the key. This can be done with a regular computer, but not always within a reasonable amount of time. This is where the quantum computers come in.

Quantum computers

So, what on earth is a quantum computer? They are energy efficient computers that solves really complex computational problems with the help of quantum mechanics. When we look at classical computers, which are the ordinary computers we are used to, they store information in bits, whereas the quantum computer stores the information in qubits. A bit is zero or one, while the qubit can be zero, one or a specific combination of both. When the qubit is in multiple states at once, it is referred to as being in superposition.

While there actually are quantum computers in use today there are still difficult problems that researchers are working on, still making them something of a thing of the future. There are organizations that already claim to have reached so called quantum supremacy, which is when a quantum computer can solve a problem that no classical computer can solve within a practical time frame.

When practical quantum computers will be more readily available it will also mean that plenty of sensitive data will be vulnerable. Fortunately, this scenario is still in the future and there are many years left to take precautions.

Asymmetric encryption is vulnerable to something called Shor's algorithm and even the longer encryption keys seem to be in danger of being defeated. Even if this might happen in many years there is still data stored today. Whether the data is stolen or not, it runs the risk of being decrypted. Data harvested today can be cracked later on as the quantum technology keeps maturing. This is one reason why new cryptographic algorithms are part of the solution.

As an example, NIST ("National Institute of Standards and Technology") that has worked with other encryption standards released three resilient post-quantum encryption standards in 2024.

The three standards that were selected after a lengthy investigation were:

* ML-DSA (Module-Lattice-Based Digital Signature Algorithm)

* SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)

* ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)

There are multiple participants in the quantum race and perhaps we can see similarities with the AI revolution. Some companies will fall behind and others will excel with this new exciting technology.

Access to quantum tools will lead us to a world with new rules. New security challenges will arise which will put new demands on software and hardware. Threat actors will have new ways of working and the role of the defender will also change along with it.

I, for one, follow the development with great interest and hope you found the article interesting.

Sources

Below are links that helped me put the article together so that you may research the topic further.

Information about asymmetric encryption:

https://www.geeksforgeeks.org/computer-networks/what-is-asymmetric-encryption/

An interview with D-Wave CEO regarding quantum computing:
https://www.youtube.com/watch?v=EOfuh_Wdshw

An introduction to post-quantum cryptography by NIST: https://www.youtube.com/watch?v=uE_Y1C4QPU8

Why regular encryption is not quantum safe by IBM: https://www.youtube.com/watch?v=ecvCfTPRBrI

The three finalized post-quantum encryption standards by NIST:
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

Fiction: The Fall, a short story

The Fall

A short story, by Erik Engström, 2025-12-26

A light smog covered the top of the buildings as the red morning sun shone through the ghostlike mist. The rays barely reflected off of the grey concrete monoliths rising up from the urban jungle

From one of the buildings a long line of people stood waiting for something, trailing across the otherwise empty street like a slithering snake.

His hand clutched a small device, not much bigger than a vintage USB-drive. It was his authentication device that would grant him the daily rations of oxygen and water. He had fetched his monthly licence for seven hours of ad free sleep earlier that day from the ministry of dreams.

Behind him he could still hear the hushed but audibly concerned voices of people talking about how their productivity credits were running low. How things used to be different. How people had started going missing.

He himself glanced at his port-a-thenicator to see his balance, it would barely cover the caloric purchase later.

A robotic voice spoke up from the panel located on the wall as he finally got to the front of the line. He scanned his device and the voice spoke. “Greetings, Bastian Mynscel. In the delivery compartment to your right your oxygen and water is available for pickup by the grace of the Council. 17 productivity credits have been withdrawn”.

He picked up his goods and as he was leaving he could hear the next person in line being declined due to insufficient funds. A scuffle broke out as a nearby guardbot attempted to arrest the citizen. He had seen this before and was sure the rumors of disappearances had something to do with it. Hardship and cybernetic implants had made his senses dulled, cold to what was happening at the supply shop. He was already on his way to the protein factory to make his purchase and he was running late.

He counted the blocks he was passing as he was walking along the street, it was easier to count the buildings than trying to recognize them as individual buildings as they were essentially looking the same. After a couple of blocks he arrived at the factory, where chimneys worked tirelessly to contribute to the unnatural clouds covering the top floors of the neighboring office buildings.

The line of waiting people was shorter than ever before and he joined the end of it. A scrawny man stood by the side, twitching slightly and he spoke with a slurred voice. “Do you never ask why the line keeps growing shorter for every day? They say that the workers that no longer are productive goes here. To feed the other workers.”

Bastian had already looked away, and his initial reaction was to ignore the man and consider him a fool.

But there was something about these words that gnawed at the back of his mind. Sometimes truth only needs to be spoken once. It made sense. The one thing they never ran out of in the city was meat. This was indeed where the Council would send the least productive workers.

In the old days this would cause an outrage. But greed changes a system, hunger changes a person and desperation triumphs over morals.

Virtualization: Testing Proxmox and ESXi

After evaluating my home environment I thought it was time to repurpose the home server into a dedicated host for virtual machines. Ideally one of these will run my Minecraft server and as time goes on I might find other uses that I can launch additional VMs for. 

However instead of running a Type 2 Hypervisor, such as a Oracle Virtualbox on top of a Window 11 machine, I wanted to see if I could get a Type 1 Hypervisor to run bare metal. I have some experience working with VMware workstation and vSphere, but not installing one. So this is a documentation of my journey, more than a  guide. Note that VMware ESXi did not work on my Dell Optiplex, because it did not find the ethernet adapter. So then I tried Proxmox instead.

Downloading the .iso for ESXi

1. I started downloading the software which required me to register on Broadcoms website. In the top corner I clicked on register and followed a simple registration process.

2. After login in I went to the free downloads portal and looked for "VMware vSphere Hypervisor".

3. There I clicked my way to version 8.0U3e. I had to accept an agreement before I could download the .iso with the cloud icon. The download itself was just about 600mb and it is already licenced.

Installation issues with the .iso for ESXi

According to guides online it is as simple as booting from the .iso.

So I was going to put that to the test, but first - backup the current installation of course!

I wrote the .iso to a USB and booted from it, so far so good, but in the middle of the installation I ran into a common problem, the ethernet adapter was not supported by the OS. So here the journey ended.

Going with Proxmox instead.

I started by getting the .iso and wrote it to a USB with Rufus.

Then I booted my server from the .ISO and let it install. One learning I took away from this was that I had to put AHCI mode instead of the RAID, this is because the Proxmox installation didn't find the harddrive.

After a while I was faced with a login screen on the computer and an IP. This was my cue to get on my usual computer and browse into the IP.

The username is defaulted to "root", password is the password you set up in the installation.

You get into a view that is segmented into "datacenter", "username", "localnetwork", "local (username)" and "local-lvm (username)".

Creating my first test VM

My first takeaway here was to upload the .iso that you want into the segment called "local (username)" and ISO-images. It is a simple upload.

Next step is to press the segment just called "username" and do the create VM button.

You fill in name, ID, select cores and an amount of RAM that will be sufficient.

I had some easily fixed issues in my first attempts, too many cores and too much ram.

After fixing that I could start it with no issues. Surprisingly enough even the network worked.

I loaded in a Win11 x64 .iso with 8gb om ram and a couple of cores to do my first testing.

After that it was a usual Windows setup.

Updating the Proxmox

You can either login on the computer directly, or use SSH root@ipaddress with your password.

Then do the usual apt-get upgrade -y && apt-get update -y and you will update the OS.

Fiction: The Descendant, a short story

The Descendant

A short story, by Erik Engström, 2025-09-17

A couple of pigeons were strutting around on the ground as a cool breeze swept across the plaza. It was early spring when I decided to have my coffee outdoors for the first time this year.

One of the birds stood out against the others, it was white and slightly spotted. They were living in the moment, scouring for crumbles that had been left on the ground from earlier guests.

After a while they took off flying towards another part of the city, and I was once again alone with myself and my thoughts.

Glancing at my wristwatch, I knew it was time, they would be here any minute so I took my cup and went inside and found a secluded corner in the café.

As expected, and as they usually are, they were on time. Temporal agents were coming through the door and gracefully coming over to my corner where they sat down, face to face with me. Apart from their wildly different clothes, they all shared the same face. My face. Or maybe I carried their face.

When you work for The Time Council you are sometimes provided a new identity. Instead of looking like a nobody, they make you look like everybody. Should one agent be caught, then the opposition would simply think that they have captured the only agent. Perhaps they would even dismiss the person as a regular time traveler as there would be photos of the same person in multiple points in time.

One of them handed me a letter addressed to Ramel Loveworth, which read:

“Mr. Loveworth, you have been permanently dismissed from the Council for interfering with the timeline. As an agent you are there to observe and not be observed. Your actions have costed us greatly. The rules are clear and despite this you intervened. Hand in your device to agent Sidney Bardlet and continue your civilian days in time alone from this point onwards.”

I stared at the paper, deep down I knew that I had broken the rules but even now I was also convinced that I did the right thing. Countless lives had been saved from a terrible fate no one knew about now. A brief moment followed and I removed the wristwatch and put it in the outstretched hand of agent Bardlet.

Without a word they got up and left as proudly as they had entered, leaving me alone in the corner again. My eyes drifted to my wrist, realizing what it all had costed me.

As we had been to every point in the past and the future, we also developed a near perfect understanding of cause and effect. What people sometimes attributed to random occurrences or accidents we always knew how to trace back to the source.

What is difficult with having access to any point in the timeline is not that you don't know what to change, because you will not run out of such things.

It is knowing that you are able to but shouldn't change it, and now I know the price for doing so.

 

Fiction: The Returned, a short story

The Returned ❄️

A short story, by Erik Engström, 2025-10-29

What is scarier than entering cryo sleep? Well, that would have to be waking up from it. That's at least what the scientist told herself when she was looking down at the cryo chamber laying before her in the subterranean vault. A plaque with the name Rose Monime was the only thing giving the metal box a purpose to the unknowing eye. 

To the scientist this was a purpose greater than herself, the box had been there before her, and it had originally been intended to be there after her. In fact, no one at the Ark facility alive today had personally seen Rose. She had been frozen in time since a previous era, when cryo sleep, cloning and factory made humans were illegal, and at best instantly deadly. A horrible fate awaited most brave souls participating in the early, secret, trials. Rose had been one of the first to successfully enter cryo sleep.

Every day the scientists painstakingly ran checks and documented the vital signs provided by the now dated technology. Every day also meant a world that became more different from the world that Rose had known, should she ever return. 

And the day eventually came when the union between cutting edge science and luck were put to the test. With specially crafted microwave instruments and state of the art quantum particle analysis the scientists brought her back from this undefined state of being, neither alive or dead.

The pain of thawing after decades or centuries was indescribable. Every cell waking up from deep slumber was making it clear that this was against the wishes of any creator and the laws of nature.

The scientist looked at Rose as she became conscious after an almost 24 hour long recovery process. Her old memories, being electric impulses, were gone and new impressions flooded an almost factory reset brain. No one really knew what to expect either. In the same room, cryo chambers stood empty like open caskets gathering dust, indicating that there once had been others. She was the first one to not only make the journey but to also make it back, but some journeys make the traveler a different person. 

Rose's bewildered gaze met the scientist's and for a moment it looked like the two women shared a silent understanding. She spoke to Rose, but the woman in the cryo chamber said nothing. Her eyes had lost their human quality and she was just blankly looking at the scientist as if there was no one inside. As if the human spirit had left the body, leaving only a primitive animal behind.

Fiction: The Exception, a short story

A chaotic scene unfolded, the phones had been ringing nonstop for the past hours.

There was some kind of breach in the firewall, programs that weren't supposed to interact with one another had suddenly been interconnected.

Milvago Tintie was one of the latest workers that had been hired to upgrade the systems in the company some week ago. While waiting for the interview he had met Ella Rove, a girl that had been at the company for a year or so.

There was something about Ella that sparked a thought in Milvago, something he hadn't encountered before. A door deep within had opened and simple logic was not enough to explain this strange algorithm.

A few weeks passed by at the office and he recognized how different he was from the other colleagues working there. They never asked him to have coffee together and others thought that it was strange that he never ate lunch while sitting alone at the table in the lunch area.

It was not the first time he had experienced this kind of exclusion because of who he was. So it came as a great surprise when Ella one day sat down at this table. They had a lively conversation about everything and nothing, getting so caught up that they lost track of the allotted three quarter of an hour long lunch break. 

Getting back late from the lunch that day he was still focused on her and the regular work tasks soon received less attention. He looked forward to the next moment they would speak, and the next moment after that. 

And so the weeks kept churning, they would meet often and spend time talking and one day he simply came to the conclusion that he was in love with her. Caught up in these thoughts he decided he would visit her one day, bring a gift and ask her if she felt the same way.

It was a Thursday before a public holiday when he dressed in his best shirt and suitable clothes.
There was a bit of rain, so he brought an umbrella and got into the taxi.
It arrived just outside of the building and he stepped out, looking at the top floor.
"This is it" he said as he opened the door to the lobby and headed for the elevator.

He rang the bell at her apartment. He smiled wide and waited with anticipation.
This was the most important occasion in a long time, perhaps in his whole existence.

She opened the door carefully, smiled at first when she saw him. Her eyes moved towards the gift he carried and the smile faded somewhat as if she already knew his intentions. She looked him in the eye and a brief silence followed.

He started speaking but she cut him off gently but decisively.

"We can't be together Milvago" she said while the rain trickled down his face, "you know they would never allow it". 

A tear traveled down her cheek and she now smiled a broken smile as tears started forming.

This was an emotion he could never show. It was only reserved for humans. 

Fiction: The Castling, a short story

The Castling ♟️

A short story, by Erik Engström, 2025-09-17

Change was in the air. But there was a storm brewing far off in the distance as well. The days were shorter and the first falling leaves were a sign of the change of seasons. 

A man was walking along the seashore as the wind swept in over dried seagrass and crushed seashells.  

He stopped by the edge of the water, where the ocean met the grayish sand. His boots sank into the sand as he looked at a puddle to see his own reflection. He had not yet grown used to the face looking back at him. 

Somewhere out there he knew a stranger was in the same predicament. Someone looking into the reflection, perhaps as confused as himself. Maybe someone was trying to find out the truth at this very moment. Even if it was possible, would he want to transfer back to an aging body, stuck in a monotonous life? Whoever had taken his place surely wasn’t the winner.  

Judging by the name driver license in the wallet, he had somehow taken over the body of Anton Fossa, a young banker living in an expensive apartment in the city center. He himself was registered as Cody Poe Belmont, a reserved immigrant living a simple life as a priest without really leaving much of a paper trail. 

A distant sound at sea pulled Cody back from deep thought. Ever since the castling of souls had occurred, one thought had kept him awake at night, keeping him in fear. 

The life that he had ended up in had everything most people could ever dream of. He was young again; the gaze of people wandered toward him with attraction and his job paid well. Yet the question lingered echoing in the back of his head at all times.  

If the other person could find him, after all Anton was probably quite established, why did Anton never contact him? Had the stranger found hidden potential in his life that he himself had missed all these years? 

Later the same evening, as Cody was looking through the library in his new apartment, he pulled out a book that looked different from the other business, sociology and psychology books. A leather-bound book that gave him chills merely by touching it with his fingers. 

He realized that this was a book of great evil, and the illusion that he desperately had held onto that the whole situation was an accident was dispelled, as the title taunted him with jagged letters. 

“Satanic rituals, sacrifice and the transference of souls” 

Hardware: Replacing thermal paste on Framework Laptop 13

Hello,

This will be a shorter post covering how I dealt with the overheating Framework Laptop 13.

Essentially I had bought the laptop pre-owned, and thus it is difficult to get a complete picture of how worn the computer was at the time of the purchase.

However, you can run simple diagnostic tools for your CPU, memory, SSD and battery to get an estimate.

What I noticed, essentially from the beginning, was how was the PC would become even from a medium CPU load. Trying a lot of things from a software point of view I decided to look over the hardware.

After a fruitful dialogue with the Framework support I decided to give it a go and replace the thermal paste.

This is how I went about it:

1. Unscrew the bottom screws, they are captive so they remain in the bottom part.

2. Carefully lift up the keyboard cover from the lower right corner, don't pull too much or you will hurt the touchpad cable.

3. Gently lift the connector for the touchpad cable from the motherboard (there should be a tab, you pull straight up)

4. With the cover off, you unscrew the fan using the T5 screw still, also remove the connector for the fan. One screw I couldn't get fully loose but it worked like a captive one.

5. Unscrew the heatsink, carefully remove it together with the fan. The heatsink has captive screws.

6. You will notice a lot of thermal paste probably, in my case it has solidified to such a degree that alcohol didn't remove it, I had to carefully scrape with away with the spudger and the cotton swab, together with the alcohol.

7. When it was dried I applied generously with thermal paste. Screwed everything back, plugged back the touchpad cable, put the keyboard cover back and put the screws back in the bottom part of the PC.

The computer showed a lower temperature, but most importantly I could no longer feel the burning heat.

Kali Linux: Using the Framework fingerprint reader

As a Windows user I am also using facial recognition and fingerprint scanning as means of unlocking the operative system. In the same spirit I wanted to connect it to my Kali Linux dual boot.

A quick look at Bing gave me the following information. 

Start by opening the terminal, use Ctrl + Alt + T for example, then run each of these commands.

sudo apt install fprintd libpam-fprintd

sudo pam-auth-update

This will open a dialogue box, where you can select the "fingerprint authentication" option.

fprintd-enroll

Now you will touch the fingerprint sensor repeatedly until it says complete.

fprintd-verify

This let's you confirm functionality.

sudo fwupdmgr refresh

sudo fwupdmgr get-updates

sudo fwupdmgr update

Finally, lock your screen with Windows-key + L. It should allow you to test the fingerprint reader.