Using VPN To Access All Local Services Without The Need To Open Up Unnecessary Inbound Ports

Before knowing much about VPN, I usually opened up many inbound ports for my computer firewall and the firewall that resided within the router so remote services such as APF (Apple Time Machine) would function correctly.  Obviously, these remote services (e.g., APF, FTP, CIFS, etc…) are also accessible within local area network, therefore one does not need to have to be outside a local area network to use these remote services.  For an example, one can just sit next to the APF server (i.e., APF which hosts on a network attached storage) and locally backup one’s Mac to the Time Machine service.  When using such services locally, one has to use local IP addresses, because one  is within a local area network (e.g., home network, office network, etc…).

The idea is to open up less ports to protect everything within a local area network better.  So, when one travels abroad, one cannot use local IP addresses to access one’s remote services (e.g., APF, FTP, CIFS, etc…), and one has to open up ports for these remote services so remote access would be possible.  Since one has to open up inbound ports for remote connections, one’s local area network might become more vulnerable.  The more open ports there are, the more exploits that hackers can use to test or attack against the services that rely on the open ports.

Luckily, we have VPN.  VPN stands for Virtual Private Network.  Big companies love to deploy VPN for their employees.  If you have ever met one of those employees from one of those big companies, you might see this person logins into a VPN network through a laptop when this person is away from the company.  Since big companies are using VPN, VPN must be for the elites only right?  Wrong!  Just about anyone can use VPN to protect oneself, and it doesn’t take a rocket scientist to do so.  If you watch other videos of mine within my YouTube channel, you will see how easy it’s to set up VPN server/service on Windows 8.  Anyhow, the whole idea is to open up less ports for a network so everything within a network can be somewhat more secure.

Using VPN, one can access local area network as if one never leaves local area network all along.  For an example, one can sit at a Starbucks and yet connect to remote services(e.g., APF, CIFS, FTP, SSH, etc…) with local IP addresses.  How is this possible?  Like I said, using VPN, one never leaves local area network!  This is why VPN is definitely a better option than just opening up whatever inbound ports there are for different remote services.  With VPN, all one has to do is to open up one port which VPN relies on.  Through the connection of VPN, one then can just access all services within a local area network as if one has never leave a local area network all along.  In case you don’t know, VPN encrypts data automatically.  This is just another reason why I think VPN is definitely a better solution for remote access.

Advertisements

How Much Are You Willing To Spend On Securing Your Data?

Network Attached Storage

Network Attached Storage (Photo credit: Wikipedia)

The actual cost of making sure your data is safe (i.e., redundancy) and secure can be quite ambiguous.  The ambiguousness is probably derived from the plethora of options that you can choose to go about making sure your data is safe and secure.  I guess it is all depending on how you want to go about making sure your data is safe and secure.  Nonetheless, if you insist on wanting to know an estimated price range for securing and backing up whatever data, I think you’re looking to spend around a little more than $1,000 or just about $0.  You see, the ambiguousness can already be found from just looking at the possible cost of implementing a solution for securing and backing up data.

Remember, we are speaking about implementing a solution in securing and backing up data for small business or home, therefore I think the cost of implementing this kind of data assurance solutions should not be too outrageous.  Let us just go over some possible data assurance solutions to see how much you might have to spend, OK?  Nonetheless, remember the cost will be ambiguous as each unique data assurance implementation might require unique data assurance solution.

Requisite elements for $0 spending in securing and backing up data:  Talking about spending $0 on securing and backing up data is totally possible.  This scenario requires you to have a spare computer which you will not have any other use for it besides of wanting to use it as a backup machine for this specific scenario.  You will definitely need to download an open source backup solution such as FreeNAS or a Linux distribution (an open source operating system which is similar to Unix type).  You also need to download TrueCrypt.  In the case if you want to protect database of passwords, you totally need an additional layer of protection such as password manager which is capable of encrypting its database (e.g., KeepassX, etc…).  A proper home or small business network needs to be setup correctly, therefore you need to have a working router.  Also, you need to know how to distribute a local, non-public, static IP address for your backup server.  In the case of backing up data from outside of the network, you definitely need to know how to open up ports on your backup server and forward ports on your router.

Piecing together the elements for $0 spending in securing and backing up data:  So basically, the spare computer can be setup with FreeNAS or Linux distribution as a backup server.  You will use TrueCrypt to encrypt data first before backing up the data onto FreeNAS or Linux server.  Linux server requires your knowhow of setting up a proper service which allows you to use proper protocol to backup the data.  One example of backing data to Linux would be using rsync.  FreeNAS is a lot easier to deal with as it’s designed to launch NAS (Network Attached Storage) services quick and fast.  In the case of digitizing saved passwords, you need a proper password manager which is capable in encrypting your passwords in an encrypted database, therefore I suggest you should try out KeepassX.  To make your digitizing saved passwords even more secure, you can totally use TrueCrypt to encrypt the KeepassX database.  On Linux server, you can totally download free firewall and free antivirus solution to protect your Linux server from hacks and viruses, consequently providing even more protection for your data.  In the case of a FreeNAS server, at the moment I don’t think you can install firewall and antivirus programs, therefore you should make sure the firewall of the router is properly configured (i.e., to protect the FreeNAS server from intrusions).  I think you might be able to use an antivirus solution on a PC to scan iSCSI drives of FreeNAS server, therefore I guess you can use an antivirus program with FreeNAS server if you have setup iSCSI drives on FreeNAS properly.  Nonetheless, you must know that this is a dirty fix antivirus solution for FreeNAS server as you can only initiate an antivirus program on a PC and not on the FreeNAS server itself, limiting you to scan FreeNAS iSCSI drives only and not the entire array of physical hard drives that reside within a FreeNAS server.  To backup data from abroad to your backup server at home or office, you need to rely on VPN (Virtual Private Network protocol).  VPN will safely encrypt and secure the data that is in transit (i.e., utilizing the Internet to transfer data from one network location to another network location).  I think you can set up VPN service on Linux server with some efforts, and this will not work if your ISP doesn’t allow VPN traffic.  I’m not sure if FreeNAS supports VPN or not, but if it’s you should use it to backup data from abroad.  Don’t forget to open up or port forward necessary ports for the router and the backup server to allow proper transfer of backup data, OK?

Requisite elements for $1,000 spending or more in securing and backing up data:  No specific recommendation on NAS (Network Attached Storage) hardware, but I have seen many NAS machine can be purchased as low as $100.  Nonetheless, I think you should choose a NAS machine that fits to your data assurance plan.  Firstly, you want to make sure the NAS machine you want to buy is regularly updating its firmware to combat vulnerabilities and software errors.  Usually, searching Google might reveal critical complaints on specific NAS machine that you are thinking of buying.  As long you don’t find any critical complaint about a NAS machine you want to buy, then go ahead and purchase the NAS machine if you think it’s the right solution for you.  Secondly, you want to know the NAS machine you are looking at is diskless or vice versa.  If it’s diskless, then you should know that you have to buy hard drives to install into the NAS machine.  If the NAS machine comes readily with hard drives, then you should not buy any additional hard drive.  Thirdly, you might want to check how many hard drive bays the NAS machine you’re looking at has.  The more hard drive bays a NAS machine has, the more RAID choices you can implement.  Nonetheless, the more hard drive bays a NAS machine has, the more money you might have to spend (e.g., the cost of more bays on a NAS, the cost of more hard drives to fill up the bays).  Fourthly, you want to check to see the NAS machine you’re looking at is capable of supporting all the software implementations that you have in mind (e.g., Time Machine, CIFS, VPN, NFS, FTP, rsync, etc…).  Fifthly, you want to make sure the NAS machine you’re looking at is capable of doing fast data transfer in terms of reading and writing speeds.  Obviously, this specification will not guarantee fast data transfer as other network and hardware bottlenecks must also be considered (e.g., slow hard drives, using slow RAID choices, slow local network, etc…).  Other things you also need to consider before purchasing a NAS hardware is a NAS temperature under heavy loads, the fan noise levels, the size factor, data encryption support, antivirus capability, security measures, and so on.

Piecing together the elements for $1,000 spending or more in securing and backing up data:  Putting a NAS machine to work is probably easier than having to configure a FreeNAS or Linux backup solution since many NAS machines are designed with NAS users in mind.  This means the NAS machine you have bought should be easily configurable, allowing you to setup proper NAS services with ease.  If your NAS machine is supporting Time Machine and you have a Mac, then you should setup Time Machine on the NAS machine to allow the Mac to backup to the NAS machine whenever.  If your NAS machine is supporting CIFS, NFS, rsync, FTP, iSCSI, and so on, then you can setup these protocols/services on the NAS machine to allow all major operating systems to backup the data to the NAS machine.  The major operating systems I’m referring to are Linux, Mac, and Windows.  Furthermore, if your NAS machine supports cloud type of service and mobile data, then you should setup these services to allow cloud type of usage and mobile data backup.  Nonetheless, you should only enable the services that you need on the NAS machine, because enable way too many unnecessary services might open up unwanted vulnerabilities (i.e., allowing hackers to exploit more than one vulnerable services in a machine).  Your NAS machine might be readily announced what ports you need to open on a router for network traffic to transfer data to the NAS machine correctly.  Also, your NAS machine might also allow you to change default port of a service easily.  To secure your data even more, you should consider the option of encrypt the NAS hard drives if the NAS machine supports encryption.  I think some NAS machines might have encryption programs installed by default.  If this is not possible for your NAS machine, you can use TrueCrypt to encrypt the data before such data get upload to the NAS machine.  To further enhance the security of digitizing saved passwords, you can totally use KeepassX as KeepassX automatically encrypts its password database.  Don’t forget to use TrueCrypt for the KeepassX database so digitizing saved passwords will be even more secure right after such passwords get backup to the NAS machine.  When backing up data from abroad, you need to setup VPN service on the NAS machine so the data can be securely transit from abroad to the NAS machine that resides in a home or an office network.

Some of you think backing up data to a third party backup service such as CrashPlan is a great idea, it might be so if you’re careful about encrypting the data.  Backing up to the cloud is definitely an additional layer for data redundancy, therefore it’s a plus for a complete data assurance scheme.  Nonetheless, when data leaves the local network and resides on someone’s else network (e.g., CrashPlan, Amazon Cloud Drive, etc…), the data is truly beyond your control.  This is why when encrypting the data before allowing such data to be uploaded to the cloud is a wise data security measure.  The cost of backing up data in the cloud can be varied as each cloud service will have different cloud plans.  Nowadays, I have found many cloud services are quite affordable, therefore it’s up to you to find out which cloud service is best for your data assurance plan.

Apple Needs To Implement Stronger Authentication For iCloud; Google Can Be A Great Teacher On This!

Before Mac OS X Mountain Lion roared its way into the market, iCloud was already a stir.  After Mac OS X Mountain roared its way into the market, iCloud is even a bigger stir.  iCloud is now more integrated into Mac OS X ecosystem evermore than before.  iCloud is better now as it allows so many more apps to have the option of saving data in the cloud.  One example would be TextEdit.  If you open up TextEdit on Mac OS X Mountain Lion, you would see a finder gladly greets you and asks you if you want to create a new document in iCloud or on the Mac itself.  This way, TextEdit clearly presents you the option of saving data in the cloud.  Many more apps on Mac OS X Mountain Lion are implementing this approach for iCloud too.

It’s great that iCloud is evermore readily available for many more apps on Mac OS X Mountain Lion, because it’s definitely a convenience for Mac users to be able to save data on the cloud for syncing and safekeeping (i.e., to recover when local data cannot be recovered).  Nonetheless, can one’s data be secure on iCloud?  Just recently I had read “The Dangerous Side Of Apple’s iCloud” Forbes article, and this daunted on me that if one isn’t too careful — one might save important information in iCloud and such information can totally be leaked by being hacked as iCloud’s password protection isn’t exactly strong at the moment.  Unlike Google which has 2 step password verification, iCloud only requires a user to enter password once to access iCloud data.  To add the insult to an injury, although iCloud does encrypt the data during the transit of data and on the iCloud itself, the encrypted data can still be decrypted easily as long the evildoer has the correct password which can be used to unlock the data from iCloud.

Then there is another issue of trust.  Can we trust Apple to be honest enough to not take a peek at our data?  Sure, the data are encrypted on iCloud, but is there a way in which Apple can ensure us that their employees won’t try to decrypt our data at will?  Perhaps, this is a concern for using any third party cloud service and not just only with Apple, because once the data reside on the cloud — such data are truly beyond our control (i.e., no longer in the control of the data owner).  Nonetheless, I think when one encrypts the data before sending such data onto iCloud, one might be able to sleep better even though one knows Apple is way more trustful than some unknown and untested third party cloud services.  This is why, one needs to keep TrueCrypt in mind even when Apple does assure one that iCloud is encrypting all data on Apple’s iCloud servers.

To end this blog post, I must say iCloud is a lot more attractive than ever before.  I definitely think iCloud is worth it, because it’s so integrated into Mac OS X Mountain Lion and onward (i.e., I hope it would be so integrated into Mac onward).  Knowing that you can always recover your data from the apps that are supported by iCloud is definitely a peace of mind when it comes down to that one extra layer of data redundancy.  You never know how unreliable the state of your data are until your data become unrecoverable, and by then everything is just too late.  Obviously, even with iCloud, one can never have too much data redundancy, therefore it’s still wise for one to backup their Mac to an external hard drive with the usage of Time Machine, regularly.  This to ensure and insure one in the case of having one’s iCloud account being wiped out by a hacker — just as how Forbes had mentioned how Mat Honan had his iCloud account wiped out by a hacker.  To really end this article, I wish Apple actually implements or at least giving Mac users a choice of implementing 2 step password verification, just like how Google is doing it now.

Sources:

Time Machine On Mac OS X Mountain Lion Allows Multiple Backups

Time Machine (Mac OS)

Time Machine (Mac OS) (Photo credit: Wikipedia)

Before the arrival of Mac OS X Mountain Lion, Time Machine was fixed on backing up a Mac to a single backup device.  Every time a Mac user wanted to backup a Mac to another backup device, he or she had to switch to another backup device manually before Time Machine would go on backing up a Mac.  Now, Time Machine on Mac OS X Mountain Lion is better, because Mac OS X Mountain Lion allows Mac users to just add multiple backup devices and Time Machine would know that it has to go about backing up a Mac to multiple backup devices.  Anyhow, check out the video right after the break to see Time Machine of Mac OS X Mountain Lion in action.  Enjoy!!!

How To Enable Time Machine On FreeNAS (Video)

Leopard Time Machine Ad

Leopard Time Machine Ad (Photo credit: Feras Hares)

I know, I keep on making boring videos, but here is another one…  The video right after the break will show you how to configure AFP so you can enable a Time Machine with FreeNAS.  With Time Machine on FreeNAS, you don’t have to backup your Mac laptop such as MacBook Air to an external hard drive any longer, because it’s very inconvenient if you have to carry both the laptop and the external hard drive around.  Just remember though, my method in the video is to enable one user per one Time Machine virtual volume.  This means, if you have two Mac laptops, you have to create two Time Machine virtual volumes (i.e., ZFS datasets).  You can configure the permissions for each Time Machine volume.  You can either give full access of the volume to everyone or just the user, but I suggest you should set 755 permission for the volume as user would have full access to the volume and the everyone else will only have read and execute permissions.  Enjoy the video right after the break…

I Don’t Need A World Backup Day To Remind Me To Do Backups, Because I Rely On Automation!

Time Machine's retrieval interface. Image from Wikipedia.

Slashdot’s Ask Slashdot: It’s World Backup Day; How Do You Back Up? post reminds us to not forget to do backups for our data even though the post somehow either sarcastically or just idiotically suggests that April Fool day might be even worse than the data corruption event itself.  Anyhow, my very own answer to world backup day is that I have been setting up my own backup solutions that rely on automation.  Nonetheless, these backup solutions as a whole — not as elegant as I would have like!  I will tell you why in just a moment, for now let us take a glimpse into how I keep my data safe so far.

I’ve couple laptops.  Nonetheless, none of them is as important as my work laptop which is the MacBook Pro.  So, I want to make sure the data in the MacBook Pro is safe.  But how?  Time Machine of course!  With Time Machine, you can do backup for Mac data as long you have formated an external hard drive or a partition or (creating) a network share partition that is compatible to Apple’s journaled HFS+ file system.  Obviously you can also use one Mac to be the receiver of the backup data of another Mac, because Mac is Mac and all Mac supports the same file system type and network protocols such as AFP (Apple Filing Protocol).  In my case, I only have one Mac (i.e., MacBook Pro laptop), therefore I had formated my external hard drive with journaled HFS+ file system so I could infrequently do backups of  the MacBook Pro.  Why I infrequent do backups of MacBook Pro onto the external hard drive?  Well, I hate how I have to physically connect an external hard drive to a MacBook Pro laptop, because it makes the laptop feels stationary.  I needed a solution for doing frequent backups of the MacBook Pro, but how?  I solved this problem by virtualizing FreeNAS on a desktop machine of mine.  As FreeNAS (which is free to install and use) supports AFP sharing, I can now just connect the MacBook Pro to FreeNAS AFP sharing volume once, choosing the volume as the Time Machine, and the MacBook Pro will automatically do frequent backups on an interval basis (incremental backup on automation).  With FreeNAS being virtualized as a VirtualBox virtual machine, as long FreeNAS is running when the MacBook Pro is on, I don’t really have to physically have the MacBook Pro connect to an external hard drive for doing a backup, because the backup will be done through a local network on an interval basis (i.e., automation) — consequently allowing me to move about with the MacBook Pro at all times.  Isn’t that how MacBook Pro was designed for?

I’ve a desktop which runs Windows 7, and I use this desktop a lot!  Mostly, I use this desktop for gaming and doing stuffs that Windows does best, but I do not keep anything important on this desktop.  Why?  Windows is well known for being susceptible to vulnerabilities in regarding to computer security problems.  This is why I prefer to work on the MacBook Pro.  Nonetheless, the desktop is more powerful than the MacBook Pro, therefore I have to use the desktop for encoding videos (the videos I make for uploading to YouTube) and what not.  Anyhow, since I do not ever want to have to reinstall Windows if it can be helped, because reinstate Windows to the condition as how it was before can be quite gruesome in my opinion.  I’ve to have a backup solution for my Windows machine.  How is reinstalling Windows can be gruesome?  I’m security paranoid, and so it’s not so surprise to see me to go through the process of reapplying all the Windows updates before I even dare to use the Windows machine, and this whole process takes awfully long and boring.  Additionally, I still have to reinstall all of the software onto the reinstated Windows machine.  So, what is the backup solution I use to keep the data on Windows machine safe?  Simple, really!  I use CrashPlan!  How come?  CrashPlan is a super sophisticated backup solution which is quite fitting for enterprise backup purpose, but amazingly CrashPlan puts this sophisticated backup technology in the hands of the regular users.  It’s also simple to use, and it also has free backup plan which requires no fee or whatsoever.  Nonetheless, I use the paid CrashPlan plan and allow CrashPlan to locally and remotely do incremental backups for the Windows machine on an interval basis (i.e., automation).  Since CrashPlan is so intuitive and easy to use, I don’t really have any complain — setting it up once and the data on the Windows machine suddenly become more resilient.  For your information though, CrashPlan also supports Mac and Linux.

So, as you can see I do have backup solutions on automation, but why I still feel like I’m missing something here.  Well, it’s because I’ve more than one backup solutions for all of my data, including Mac, Windows, and Linux machines.  When my data are residing in different physical media locally, it just makes the whole shebang seems somewhat inelegant.  Part of the blame to this problem has to be me!   I trust the backups of a Mac with Time Machine more than anything else, therefore I have not used CrashPlan to do the backups for my MacBook Pro laptop.  I think I will eventually arrive at a better answer for all of my backup problems.  This will have to do with the combination of using CrashPlan and a physical NAS box which will utilize FreeNAS.  I plan to create a network attached box with enough storage space to hold all of my data locally; this NAS box will use FreeNAS as its OS.  FreeNAS talks to all major operating systems, therefore I should not have a problem of setting FreeNAS up to accept backups from Mac, Linux, and Windows.  So, locally, when NAS box is in play, doing backups locally seems much more elegant.  Keeping the local data even more safe (hopefully also secure), I have to have a plan for storing the local data in a remote location.  This is where CrashPlan comes into play!  I’ll use CrashPlan to slowly upload my local data to CrashPlan network (i.e., remote location).  One problem though, CrashPlan cannot be installed on the top of FreeNAS.  Solving this problem is easy enough!  I’ve to rely on VirtualBox and Linux!  So basically, Linux will be the host OS for the NAS box, and VirtualBox will run a virtual machine for FreeNAS.  I can configure Linux to run RAID 5 to prevent data failure on the NAS box itself .  FreeNAS will then be configured to just host as a storage attached network with software or without software RAID (i.e., depending on how much fun I want to have).  FreeNAS will see Linux’s RAID volume which consists of at least 3 hard drives (i.e., each hard drive has data capacity of 2 terabytes) as one single large volume.  Since I can install CrashPlan onto Linux OS, therefore I can use CrashPlan to do backups for my FreeNAS (VirtualBox) virtual machine.  This allows all the local data within the NAS box to be uploaded to CrashPlan’s network (i.e., keep data in remote location for data redundancy purpose).  Since CrashPlan encrypts all data, therefore I don’t have to worry about my data being easily access by uninvited guests.

In summary, in a way, you can say I don’t need a world backup day to remind me to do backups, because I rely on automation.  Automation?  Yes, because as you can see I don’t have to remember when my MacBook Pro laptop will use Time Machine to do a backup, because I had set the MacBook Pro to automatically allow Time Machine to upload the backups to the virtualized FreeNAS (VirtualBox) virtual machine.  Also, I don’t have to remember when I have to do a backup for my Windows machine, because CrashPlan is also doing this automatically for me on an interval basis.  My backups essentially run on automation.  Nonetheless, I prefer to have a physical NAS box so I can centralize my data locally (i.e., more elegant this way).