Using VPN To Access All Local Services Without The Need To Open Up Unnecessary Inbound Ports

Before knowing much about VPN, I usually opened up many inbound ports for my computer firewall and the firewall that resided within the router so remote services such as APF (Apple Time Machine) would function correctly.  Obviously, these remote services (e.g., APF, FTP, CIFS, etc…) are also accessible within local area network, therefore one does not need to have to be outside a local area network to use these remote services.  For an example, one can just sit next to the APF server (i.e., APF which hosts on a network attached storage) and locally backup one’s Mac to the Time Machine service.  When using such services locally, one has to use local IP addresses, because one  is within a local area network (e.g., home network, office network, etc…).

The idea is to open up less ports to protect everything within a local area network better.  So, when one travels abroad, one cannot use local IP addresses to access one’s remote services (e.g., APF, FTP, CIFS, etc…), and one has to open up ports for these remote services so remote access would be possible.  Since one has to open up inbound ports for remote connections, one’s local area network might become more vulnerable.  The more open ports there are, the more exploits that hackers can use to test or attack against the services that rely on the open ports.

Luckily, we have VPN.  VPN stands for Virtual Private Network.  Big companies love to deploy VPN for their employees.  If you have ever met one of those employees from one of those big companies, you might see this person logins into a VPN network through a laptop when this person is away from the company.  Since big companies are using VPN, VPN must be for the elites only right?  Wrong!  Just about anyone can use VPN to protect oneself, and it doesn’t take a rocket scientist to do so.  If you watch other videos of mine within my YouTube channel, you will see how easy it’s to set up VPN server/service on Windows 8.  Anyhow, the whole idea is to open up less ports for a network so everything within a network can be somewhat more secure.

Using VPN, one can access local area network as if one never leaves local area network all along.  For an example, one can sit at a Starbucks and yet connect to remote services(e.g., APF, CIFS, FTP, SSH, etc…) with local IP addresses.  How is this possible?  Like I said, using VPN, one never leaves local area network!  This is why VPN is definitely a better option than just opening up whatever inbound ports there are for different remote services.  With VPN, all one has to do is to open up one port which VPN relies on.  Through the connection of VPN, one then can just access all services within a local area network as if one has never leave a local area network all along.  In case you don’t know, VPN encrypts data automatically.  This is just another reason why I think VPN is definitely a better solution for remote access.

Advertisements

Let Run VPN Server On Windows 8 To Allow You Securely Transmit Data At Any Public Place Which Relies On A Public Internet Connection

Using VPN (Virtual Private Network), one can securely transmit data back and forth in a public place which relies on a public Internet connection.  Wait, what is a public Internet connection?  It’s just an Internet connection in which just about anyone who has a computer can tap into and use.  A good example would be at a Starbucks.  Transmitting data in a public location is a very dangerous thing to do (i.e., only if you’re connecting to the public Internet connection), because you never know someone might do something nefarious nearby.  He or she might sniff the network traffics, and this means anything you transmit through a public Internet connection can be intercepted by such a person.  With VPN, it will be a lot harder for such an evildoer to actually get hold of your data in a public place.

Why using VPN can safeguard your data better when you’re connecting to a public Internet connection?  VPN will create a safe connection between your computer and a VPN server, and whatever gets transmitted through a VPN connection will be encrypted.  Nonetheless, VPN isn’t an end to end encrypted connection.  What this means is that when your data leaves VPN server so it can go to a server which hosts the web service on the Internet, the data will become unencrypted.  How come?  The Internet isn’t opening up an encrypted channel with your VPN server!  To put this in another way, it’s only the computer which you use to connect to a VPN server can actually open up an encrypted channel with the VPN server.  This is why you need a VPN client.  Nowadays, you don’t have to install VPN client much, because most operating systems (i.e., Linux, Mac OS X, Windows) come with a VPN client by default.  You might have to install a VPN client if you’re connecting to a non-standard, third party VPN server/service.

You can imagine the VPN encrypted channel as in a VPN tunnel or just a tunnel where cars travel through.  When a car got out of a tunnel, the daylight will hit the car in every direction.  Got the gist?

VPN is definitely a good thing to have when you are using the Internet in a public location.  Even though VPN isn’t an end to end encrypted connection, it’s still going to prevent the hackers in a public location from hacking you.  Of course, he or she can try, but it won’t be easy!  Let say, the hacker cannot magically insert himself or herself between the VPN server and the web service (which locates somewhere on the Internet and you want to connect to).  If the hacker wants to hack you in a public spot when you’re using VPN, he or she must hack your VPN connection first, and then everything else would be secondary.

To be even more secure, you can totally transmit all data within HTTPS protocol (a secure/encrypted hypertext transfer protocol), and this way the hacker is going to work even harder.  This means, a hacker must first hack your VPN connection, and then your HTTPS connection afterward.  VPN connection itself is already a difficult thing to tamper with.

Right after the break, you can check out a video I made on how to allow Windows 8 to host a VPN server/service.  Running a VPN server/service on Windows 8 allows you to go just about anywhere and connect back home for a VPN connection.  Of course, if your home network isn’t secure and already being infected with hackers’ exploits, then your VPN connection might as well be rendered insecure.  So, make sure your home network is actually well guarded.  A well guarded home network will definitely ensure your home devices such as a Windows 8 computer — which runs VPN server — won’t be tampered with.  I think a well guarded network equates to deploying all security elements within a network, and this means something as a strong firewall, strong antivirus software, strong network security policies, and the list would go on.

How Much Are You Willing To Spend On Securing Your Data?

Network Attached Storage

Network Attached Storage (Photo credit: Wikipedia)

The actual cost of making sure your data is safe (i.e., redundancy) and secure can be quite ambiguous.  The ambiguousness is probably derived from the plethora of options that you can choose to go about making sure your data is safe and secure.  I guess it is all depending on how you want to go about making sure your data is safe and secure.  Nonetheless, if you insist on wanting to know an estimated price range for securing and backing up whatever data, I think you’re looking to spend around a little more than $1,000 or just about $0.  You see, the ambiguousness can already be found from just looking at the possible cost of implementing a solution for securing and backing up data.

Remember, we are speaking about implementing a solution in securing and backing up data for small business or home, therefore I think the cost of implementing this kind of data assurance solutions should not be too outrageous.  Let us just go over some possible data assurance solutions to see how much you might have to spend, OK?  Nonetheless, remember the cost will be ambiguous as each unique data assurance implementation might require unique data assurance solution.

Requisite elements for $0 spending in securing and backing up data:  Talking about spending $0 on securing and backing up data is totally possible.  This scenario requires you to have a spare computer which you will not have any other use for it besides of wanting to use it as a backup machine for this specific scenario.  You will definitely need to download an open source backup solution such as FreeNAS or a Linux distribution (an open source operating system which is similar to Unix type).  You also need to download TrueCrypt.  In the case if you want to protect database of passwords, you totally need an additional layer of protection such as password manager which is capable of encrypting its database (e.g., KeepassX, etc…).  A proper home or small business network needs to be setup correctly, therefore you need to have a working router.  Also, you need to know how to distribute a local, non-public, static IP address for your backup server.  In the case of backing up data from outside of the network, you definitely need to know how to open up ports on your backup server and forward ports on your router.

Piecing together the elements for $0 spending in securing and backing up data:  So basically, the spare computer can be setup with FreeNAS or Linux distribution as a backup server.  You will use TrueCrypt to encrypt data first before backing up the data onto FreeNAS or Linux server.  Linux server requires your knowhow of setting up a proper service which allows you to use proper protocol to backup the data.  One example of backing data to Linux would be using rsync.  FreeNAS is a lot easier to deal with as it’s designed to launch NAS (Network Attached Storage) services quick and fast.  In the case of digitizing saved passwords, you need a proper password manager which is capable in encrypting your passwords in an encrypted database, therefore I suggest you should try out KeepassX.  To make your digitizing saved passwords even more secure, you can totally use TrueCrypt to encrypt the KeepassX database.  On Linux server, you can totally download free firewall and free antivirus solution to protect your Linux server from hacks and viruses, consequently providing even more protection for your data.  In the case of a FreeNAS server, at the moment I don’t think you can install firewall and antivirus programs, therefore you should make sure the firewall of the router is properly configured (i.e., to protect the FreeNAS server from intrusions).  I think you might be able to use an antivirus solution on a PC to scan iSCSI drives of FreeNAS server, therefore I guess you can use an antivirus program with FreeNAS server if you have setup iSCSI drives on FreeNAS properly.  Nonetheless, you must know that this is a dirty fix antivirus solution for FreeNAS server as you can only initiate an antivirus program on a PC and not on the FreeNAS server itself, limiting you to scan FreeNAS iSCSI drives only and not the entire array of physical hard drives that reside within a FreeNAS server.  To backup data from abroad to your backup server at home or office, you need to rely on VPN (Virtual Private Network protocol).  VPN will safely encrypt and secure the data that is in transit (i.e., utilizing the Internet to transfer data from one network location to another network location).  I think you can set up VPN service on Linux server with some efforts, and this will not work if your ISP doesn’t allow VPN traffic.  I’m not sure if FreeNAS supports VPN or not, but if it’s you should use it to backup data from abroad.  Don’t forget to open up or port forward necessary ports for the router and the backup server to allow proper transfer of backup data, OK?

Requisite elements for $1,000 spending or more in securing and backing up data:  No specific recommendation on NAS (Network Attached Storage) hardware, but I have seen many NAS machine can be purchased as low as $100.  Nonetheless, I think you should choose a NAS machine that fits to your data assurance plan.  Firstly, you want to make sure the NAS machine you want to buy is regularly updating its firmware to combat vulnerabilities and software errors.  Usually, searching Google might reveal critical complaints on specific NAS machine that you are thinking of buying.  As long you don’t find any critical complaint about a NAS machine you want to buy, then go ahead and purchase the NAS machine if you think it’s the right solution for you.  Secondly, you want to know the NAS machine you are looking at is diskless or vice versa.  If it’s diskless, then you should know that you have to buy hard drives to install into the NAS machine.  If the NAS machine comes readily with hard drives, then you should not buy any additional hard drive.  Thirdly, you might want to check how many hard drive bays the NAS machine you’re looking at has.  The more hard drive bays a NAS machine has, the more RAID choices you can implement.  Nonetheless, the more hard drive bays a NAS machine has, the more money you might have to spend (e.g., the cost of more bays on a NAS, the cost of more hard drives to fill up the bays).  Fourthly, you want to check to see the NAS machine you’re looking at is capable of supporting all the software implementations that you have in mind (e.g., Time Machine, CIFS, VPN, NFS, FTP, rsync, etc…).  Fifthly, you want to make sure the NAS machine you’re looking at is capable of doing fast data transfer in terms of reading and writing speeds.  Obviously, this specification will not guarantee fast data transfer as other network and hardware bottlenecks must also be considered (e.g., slow hard drives, using slow RAID choices, slow local network, etc…).  Other things you also need to consider before purchasing a NAS hardware is a NAS temperature under heavy loads, the fan noise levels, the size factor, data encryption support, antivirus capability, security measures, and so on.

Piecing together the elements for $1,000 spending or more in securing and backing up data:  Putting a NAS machine to work is probably easier than having to configure a FreeNAS or Linux backup solution since many NAS machines are designed with NAS users in mind.  This means the NAS machine you have bought should be easily configurable, allowing you to setup proper NAS services with ease.  If your NAS machine is supporting Time Machine and you have a Mac, then you should setup Time Machine on the NAS machine to allow the Mac to backup to the NAS machine whenever.  If your NAS machine is supporting CIFS, NFS, rsync, FTP, iSCSI, and so on, then you can setup these protocols/services on the NAS machine to allow all major operating systems to backup the data to the NAS machine.  The major operating systems I’m referring to are Linux, Mac, and Windows.  Furthermore, if your NAS machine supports cloud type of service and mobile data, then you should setup these services to allow cloud type of usage and mobile data backup.  Nonetheless, you should only enable the services that you need on the NAS machine, because enable way too many unnecessary services might open up unwanted vulnerabilities (i.e., allowing hackers to exploit more than one vulnerable services in a machine).  Your NAS machine might be readily announced what ports you need to open on a router for network traffic to transfer data to the NAS machine correctly.  Also, your NAS machine might also allow you to change default port of a service easily.  To secure your data even more, you should consider the option of encrypt the NAS hard drives if the NAS machine supports encryption.  I think some NAS machines might have encryption programs installed by default.  If this is not possible for your NAS machine, you can use TrueCrypt to encrypt the data before such data get upload to the NAS machine.  To further enhance the security of digitizing saved passwords, you can totally use KeepassX as KeepassX automatically encrypts its password database.  Don’t forget to use TrueCrypt for the KeepassX database so digitizing saved passwords will be even more secure right after such passwords get backup to the NAS machine.  When backing up data from abroad, you need to setup VPN service on the NAS machine so the data can be securely transit from abroad to the NAS machine that resides in a home or an office network.

Some of you think backing up data to a third party backup service such as CrashPlan is a great idea, it might be so if you’re careful about encrypting the data.  Backing up to the cloud is definitely an additional layer for data redundancy, therefore it’s a plus for a complete data assurance scheme.  Nonetheless, when data leaves the local network and resides on someone’s else network (e.g., CrashPlan, Amazon Cloud Drive, etc…), the data is truly beyond your control.  This is why when encrypting the data before allowing such data to be uploaded to the cloud is a wise data security measure.  The cost of backing up data in the cloud can be varied as each cloud service will have different cloud plans.  Nowadays, I have found many cloud services are quite affordable, therefore it’s up to you to find out which cloud service is best for your data assurance plan.

TunnelBear Is The Simplest VPN Ever?

Virtual Private Network site to site and from ...

Image via Wikipedia

TunnelBear is probably the simplest VPN I’ve ever used!  I might be wrong but I think TunnelBear is partly using OpenVPN technology.  I noticed TunnelBear had asked me once to allow a component of OpenVPN to access the Internet so TunnelBear could start correctly.  Anyhow, using OpenVPN technology or not, TunnelBear is doing a very good job in simplifying the VPN experience.  Users do not need to have any knowledge of how to use VPN or setting up one, and yet they can simply install TunnelBear to experience VPN right away.

TunnelBear requires users to download its software at its official website.  TunnelBear supports Mac and Windows.  After the download of TunnelBear software is finished, users can install it onto their appropriate system.  After the installation of TunnelBear, users simply just have to start TunnelBear software, create an account as the software would instruct at first start, and then log in to TunnelBear through the software itself.  After logging into TunnelBear, users can begin using VPN by switching the Off button on TunnelBear software to On.

Windows users might experience unpleasant installation of TunnelBear software if they have customized their default text size (DPI).  With custom text size (DPI) in effect, Windows users might not be able to create a new TunnelBear account or log into TunnelBear through TunnelBear software, because the TunnelBear software will glitch and hide part of the software.  Fixing this complication is easy enough, Windows users just have to go to Control Panel > Appearance and Personalization > Display and pick the Smaller – 100% (Default) text size; click Apply button and then restart the computer to have default text size (DPI) to take effect.  Windows users now can start TunnelBear software again and follow the now working onscreen features to begin using their TunnelBear software for the first time.  As TunnelBear software is working, Windows users can now enjoy VPN effortlessly.

Mac users who install TunnelBear software might have to accept the option which requires Mac to install Java.  Other than that, I think the installation of TunnelBear on Mac is pretty straight forward.

Users don’t have to pay monthly fee or yearly fee for using TunnelBear, but using TunnelBear for free does have limitation.  One standout limitation of using TunnelBear for free is bandwidth cap.  The last time I checked TunnelBear, free users could only use TunnelBear up to 500 MB of VPN bandwidth a month.  TunnelBear has two other plans that will lift the bandwidth limitation away, but users have to pay either a monthly or a yearly fee.  By the way, TunnelBear does not annoy users with advertising banners (free users or not).

I notice that TunnelBear for iPhone and iPad is still in beta.  This means there might be some instabilities still for iPhone and iPad users who use TunnelBear.  Surprisingly, I’ve found using TunnelBear for my iPhone is rather stable, therefore I definitely recommend iPhone and iPad users to try out TunnelBear.  To use TunnelBear on iPhone and iPad, users can follow the instruction here to set up TunnelBear on their devices.

In conclusion, TunnelBear has made it super easy for people who have no VPN knowledge to start using VPN on their laptops and desktops right away.  With TunnelBear, people can now have more privacy and be even more secure as their data will be encrypted.  The privacy part is all too apparent, because TunnelBear users can just activate TunnelBear, go to Google and type in the search box “What’s my IP” — this allows users to click on appropriate top links within Google’s search result to show the VPN IP address.  So, by using TunnelBear, not only the connection is encrypted, the real IP address is also masked by the VPN IP address, thus users’ privacy can be protected better.  The best of all, TunnelBear is so simple and easy to use as users do not need to configure their firewall or router at all — TunnelBear just works!