IT Security

Recently the Internet privacy is hot topic and people simply just dont like the idea that Big Brother can look into their files.
Of course there are levels of security that you can have.

My Grandpa always told me that "What is known by at least two persons, is no longer a secret"

- If you running your own private cloud server at your home gives relatively high security (see my Seafile Cloud installation article)

- You still need to reach your private cloud over the Internet which can be monitored. Here, the solution is an encrypted VPN tunnel towards your private Cloud server

- While you are surfing the Internet, you don't want "everyone" sees your connections (your home server location/IP). It is better to use a proxy server which will hide your real location/IP address.
Here you can use this service, the best in the world based on customer reviews: http://hidemyass.com/vpn/r15739

Security Tools

1 CCleaner
CCleaner is the number-one tool for cleaning your Windows PC. It protects your privacy online and makes your computer faster and more secure

2. AdwCleaner
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.

3. Avast!
Avast! is an antivirus computer program available to Microsoft Windows, Mac OS X and Linux users
The software has received a number of awards from Virus Bulletin for 100% detection of "in-the-wild" viruses, and also won the Secure Computing Readers' Trust Award. The central scanning engine has been certified by ICSA Labs and West Coast Labs' Checkmark process.

HowTo build a SSH Tunnel

Security Issue
A secure shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel. SSH stands for Secure SHell. The difference to other Login programs is that the password is encrypted before being sent. Everything sent (and received) to the tunnel is encrypted as long as you are within that SSH session.

Connection Issue

Another important reason to use an SSH tunnel is to overcome firewalls in hotels, corporated and service provider networks. One of the great capability of SSH is Port Forwarding. You can specify that the SSH client on you computer listen to certain ports and forward the connections (via port 22) to any ports of the (Seafile) server. Even better, you can access to other computers that the server has access to.


Firewall between Client and Server

Remark:
Seafile cloud access to the home server is almost always possible by mobile devices via the data network because the mobile providers usually don't block the used ports.


The Server Side
First, the computer you want to connect needs to be running an SSH server. This is described in the application pages.

The Client Side
You need a client on your computer installed in order to connect to the SSH server. In our case, you want to access your private Seafile cloud at home via an SSH tunnel. PuTTY is a very popular SSH client and runs on Linux, Windows and MacOS. PuTTY offers several options for connections. You will select SSH so your communication is totally encrypted.


Step 1: Download PuTTY
You can download the free PuTTY client on http://www.putty.org/

Step 2: Configure PuTTY
Select Category 'Session'
Host Name: remote.destination.com (example of a DNS server)
Saved Session: Seafile via SSH Tunnel (example)
Port: 22
Connection type: SSH

Select Category 'Connection' -> 'SSH' -> Tunnels
Enter the port number that your computer is going to listen to:
Source port: 8000 (example for Seafile ports)

Enter the computer name and port that the remote (Seafile) server will forward the connection.
Destination: remote.destination.com:8000 (example)
Press Add

Source port: 10001 (example for Seafile ports)
Destination: remote.destination.com:10001 (example)
Press Add

repeat for all ports used by the server

Don't forget to save your settings:
Select 'Session' and click Save


Remark:

In many cases, the remote server is the only one to be accessed. Then it is possible to enter 'localhost:8000' instead of 'remote.destination.com:8000' as an example.


Step 3: Start Connection
- Start PuTTY
- Select Session Seafile via SSH Tunnel (examole)
- Open
- Login/Password

Now you are connected to the remote server (Seafile in our example).
Keep it open while communicating with the Seafile server !

Screen of the remote server


Once you reach the Raspy via SSH, you can reach any other devices inside your LAN, e.g. a second Raspy by a simple SSH call.

ssh root@192.168.xyz.yzx






Seafile access via SSH
Two thing are still needed:
- foxyproxy and to add a port e.g. 6666 (screenshot 1)
- create a port forward in putty to the remote raspy on port 6666 (screenshot 2)

Screenshot 1: foxyproxy



PuTTY Configuration:
Session: nickname
Host Name: hostname/IP address
Port: 22

Connection/SSH/Tunnels:
Enter source port: 6666
Set: Dynamic

Screenshot 2: PuTTY Configuration


Then it should work to see the remote machine in the firefox via SSH.



Seafile client via localhost/port 22

Admin