Category Archives: Security

Configuring a PPTP-VPN on iOS and Android

Posted on by
5

About a year ago, I wrote a blog posting about how to setup a PPTP VPN service on a Amazon EC2 node. This is a follow up to that posting which describes how to setup the VPN on an iOS or Android device.

Please note that some carriers might block PPTP traffic. I experienced problems with using the VPN connection via 3G, while connecting through Wifi works for me. On 3G I can connect to the server, but no data is being transferred. On the server I see a lot of messages of the type “Protocol-Reject”. So if your device seems to be connected to the VPN but you get no traffic, it might be blocked by your carrier. You then need to find a Wifi Hotspot to use the VPN.

Continue reading

Setting up a VPN-server on Amazon EC2

Posted on by
59

Amazon has recently announced the new Micro Instances in their Elastic Cloud service. A so called Micro Instance is a virtual machine with 620 MB main memory and CPU power in the area of an 1 GHz Opteron processor. The advantage of the Micro Instance is its low cost of only $0.02 per hour of operation (be advised, there are some additional costs for traffic and storage).

The EC2 Micro Instance is an ideal way to operate your own VPN-server, when you need it only a couple of hours per month. Let’s assume, that you want to use it for about 50 hours per month with around 10 GB of traffic, this means $1.00 for computation time + $1.50 for 15 GB of storage + $1.50 for 10 GB outgoing traffic. So for $4 this is quite a good offer. Granted, you can find commercial VPN providers for $5 per month, but it is more fun to do it yourself. In this article I will describe, how to setup an EC2 instance as a VPN-server.
Continue reading

Securing SSH server with fail2ban

Posted on by
4

When you are running your SSH server on the standard port 22, you likely see brute force login attempts multiple times a day. The SSH server does not limit unsuccessfull login attempts by itself. So there are multiple ways to deal with this problem.

One option is to move the SSH daemon to a non-standard port. But this means that you might get problems connecting yourself to the server if you are working from a restricted network. So another solution would be to use certificates for login. But then you need to make sure that you carry the certificates with you when you want to login to your server.

Now a good solution is to limit access to the SSH server. One way would be to use the so called port-knocking approach. Here the access to the SSH port is blocked until you use some kind of secret knock-sequence. Then the port will be unblocked for your IP for a certain time. This is very effective but has the downside that you always need to use this knock mechanism before connecting to your server.

Continue reading