Virtual Private Network

Nowadays, web hosting has introduced many kind of internet traffic, which we can classified into 3 categories:

1. Clean/good traffic
2. Bot/crawler traffic
3. Threat/bad traffic

Threat or bad traffic can harm the website and also can bring serious effect to the server, if you not have security in mind. Following example explained how bad traffic can bring consequences to your website:

• You receive so many spam comments in your blog post with different IPs
• Your website is being targeted by DOS or DDOS attack
• Your website being injected with malicious code. This will usually happened if you have Javascript embedded in your HTML code.
• Your website being tagged as ‘The site may harm your computer’ by Google Safe Browsing
• You being accused by the web browser to be hosting malware

What we really want is to accept only clean traffic to our website. The most easiest way to achieve this objective is to use Cloudflare service. Cloudflare will convert your ‘naked’ and ‘exposed’ website into a protected website. The concept is they will route every single web traffic into their cloud network to filter out bad and good traffic, then just forward the good traffic to your website. This service is FREE for life!

1. Go to cloudflare.com and register
2. Follow the installation wizard online
3. Change your domain name server to their name server at the domain registrar
4. Wait for the propagation complete
5. Done. You are protected!

Since the connections is routed to their network (because we will using their name server), they can log almost full information of our website traffic, not like Google Analytics or Quantcast, where they do tracking using Javascript which embedded into your website. Their reporting is also informative and we can see daily report on what is going on to our web traffic. Example as below:

From the screenshot above, you can see that I have report on how many good, bot and bad traffic to my website, how many bandwidth has been saved, how many processed request can be saved (by eliminating bad request) and so on.

I am not doing this for their behalf as promotion or what. It is worth to try. I just want to share with you on how to achieve best result with simplest and most effective way!

In this tutorial, we will use pptp as protocol to connect to VPN server using a username and password, with 128 bit MPPE encryption. Variable as below:

OS: CentOS 6 64bit
VPN server:  209.85.227.89
VPN client IP: 209.85.227.90 - 209.85.227.100
VPN username: vpnuser
Password: ourVPN#99

1. Install ppp via yum:

$ yum install ppp -y

2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this websitehttp://poptop.sourceforge.net/yum/stable/packages/ :

$ cd /usr/local/src
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

3. Once installed, open /etc/pptpd.conf using text editor and add following line:

localip 209.85.227.89
remoteip 209.85.227.90-100

4. Open /etc/ppp/options.pptpd and add DNS resolver value:

ms-dns 8.8.8.8

5. Lets create user to access the VPN server. Open /etc/ppp/chap-secretsand add the user as below:

vpnuser pptpd ourVPN#99 *

The format is: [username] [space] [server] [space] [password] [space][IP addresses]

6. We need to allow IP packet forwarding for this server. Open/etc/sysctl.conf via text editor and change line below:

net.ipv4.ip_forward = 1

7. Run following command to take effect on the changes:

$ sysctl -p

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

9. Turn on the pptpd service at startup and reboot the server:

$ chkconfig pptpd on
$ init 6

There are several advantages associated with broadband VPN. These include:

• Bonding DSL – one of the main advantages of using a broadband VPN through Managed Communications is the ability to bond ADSL at multiple office locations to deliver a point to point connection. This broadband VPN solution offers resilience as well as increased broadband capacity for downloading at both sites.
• Reduced cost of internet breakout – another advantage of a broadband VPN is that it cuts the cost of internet breakout. Typically, a point to point leased line requires at least one additional internet connection. If the network contains many sites, internet breakout can become very expensive. If traffic is backhauled over leased lines to save costs on internet access, you need to route that traffic through the point to point link. This reduces the available bandwidth for other applications. With a broadband VPN, you can manage internet breakout cost effectively on a site by site basis without reducing available bandwidth for applications.
• Get an excellent service level agreement (SLA) – with an ADSL VPN from Managed Communications, you get a private network and negate the need for leased line internet breakout. But importantly you also get a 99.9% SLA so you can be totally confident about the level you will receive.
• Get expert advice and keep track of the latest technological breakthroughs – our engineers are experts in Cisco VPN, Checkpoint VPN and Netscreen VPN hardware. And with their years of knowledge and experience in the field, you know that you will be getting the best possible outcome for your business. Nobody knows more about VPN networks than Managed Communications.

A high degree of reliability in the core network is achieved through a redundant network configuration using dual nodes and duplicated lines.

Arcstar Global IP-VPN covers 159 countries and regions, with original IP-VPN nodes in the major cities all over the world especially in the Asia-Pacific region.

*includes countries/regions with IPSec access.

New cloud services are a major opportunity for service providers, but they also have created new testing challenges, according to test vendor Spirent Communications plc (NYSE: SPM; London: SPT).

Spirent recently landed a contract with Chunghwa Telecom Laboratories , the research and development arm of Chunghwa Telecom Co. Ltd. (NYSE: CHT), to validate its cloud computing environment, and is actively promoting its test capabilities for the cloud.

The test equipment is used to create conditions in the lab that exist in the real world, such as Internet-based attacks, and to validate what Spirent calls the PASS of cloud environments: performance, availability, security, and scalability.

Service providers hoping to sell cloud-based services to enterprises must be able to prove the security of those services in the virtual environment, says Ankur Chadda, senior product marketing manager for application and security at Spirent.

“In a multi-tenant situation, the service provider has to make sure there is not a proliferation of traffic between two virtually hosted services, which are just on a single physical infrastructure,” Chadda says.

Service providers will have to offer Service Level Agreements (SLAs) that guarantee the protection of data, and to do that, they will have to be able to test the virtual environment end to end, from where the content or data enters the cloud to where it is delivered.

“You also have new things in the cloud environment that you didn’t have in the past — for instance, if you are moving a service from one infrastructure location to another, what is the impact of that and how do security policies get mapped?” Chadda says.

What Spirent is providing to Chungwa Telecom is the ability to test the performance of its cloud environment in a lab setting to determine how it will perform and how security is impacted, in the case of a major denial-of-service attack or other security threat, for example. Spirent also can test Secure Socket Layer (SSL) and IP Sec–based traffic and virtual firewalls.

“In the testing environment, we don’t necessarily look just at the attack; it is also important to look at how your performance was impacted for the secure traffic,” Chadda says. “Even if you stop the attack, if the network performance takes a huge hit, your security solution might not be good enough.”