{"id":841,"date":"2012-09-16T16:30:40","date_gmt":"2012-09-16T13:30:40","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=841"},"modified":"2012-09-16T16:41:41","modified_gmt":"2012-09-16T13:41:41","slug":"tip-secure-communication-channel-from-remote-site-to-your-home-computer-for-file-transfers-and-for-browsing-internet","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=841","title":{"rendered":"Tip, secure communication channel from remote site to your home computer, for file transfers and for browsing internet"},"content":{"rendered":"<p>This blog is miscellaneous add-on to the earlier blogs <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=472\">Tip, personal online file storage by using your home computer<\/a> and <a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=14\">Privacy and internet communication<\/a>.<\/p>\n<p><strong>In the first blog<\/strong>, the solution for online storage was build by using<\/p>\n<ul>\n<li>\n<div>In home computer:<\/div>\n<ul>\n<li>\n<div>freeftpd<\/div>\n<\/li>\n<li>dynamic dns service (for example dyndns) and<\/li>\n<li>\n<div>dynamic dns update client<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>In remote (client) computer:<\/div>\n<ul>\n<li>\n<div>WinSCP<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The tools were used to create secure (encrypted) communication to home computer.<\/p>\n<blockquote>\n<p>Please note that for storing files into a cloud environment, one also need to encrypt files for more secure storage (by using <a title=\"Truecrypt, Tool for accessing and keeping your files in secured storage\" href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=155\">Truecrypt<\/a>, for example. I&#8217;ll try to create a blog for that later).<\/p>\n<\/blockquote>\n<p><strong>In the second blog<\/strong>, the secure communication was setup in the client side by using tools like<\/p>\n<ul>\n<li>\n<div><a href=\"http:\/\/www.chiark.greenend.org.uk\/%7Esgtatham\/putty\/\">Putty<\/a> or <a title=\"MyEnTunnel, Tool for creating dynamic SOCKS tunnel over ssh connection\" href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=296\">MyEnTunnel<\/a> for creating secure connection<\/div>\n<\/li>\n<li>\n<div>Firefox for browsing via above mentioned secure connection<\/div>\n<\/li>\n<\/ul>\n<p><strong>In this blog<\/strong>, one secure connection is used to share both needs:<\/p>\n<ul>\n<li>\n<div>file transfer<\/div>\n<\/li>\n<li>\n<div>Internet browsing<\/div>\n<\/li>\n<\/ul>\n<blockquote>\n<p>For example, if one does not have a trusted host (provider) in internet to protect your communication, then one could consider using your home computer. In this way, one can protect the communication at least up to your home computer.<\/p>\n<\/blockquote>\n<p><strong>What is needed?<\/strong><\/p>\n<ul>\n<li>\n<div>In the home computer:<\/div>\n<ul>\n<li>\n<div>SSH server (see below chapter)<\/div>\n<\/li>\n<li>\n<div><a href=\"http:\/\/en.wikipedia.org\/wiki\/Dynamic_DNS\">dynamic dns<\/a> service (for example dyndns) and<\/div>\n<\/li>\n<li>\n<div>dynamic dns update client<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>In remote (client) computer:\n<ul>\n<li>\n<div><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=183\">WinSCP<\/a> for file transfer<\/div>\n<\/li>\n<li>\n<div><a title=\"MyEnTunnel, Tool for creating dynamic SOCKS tunnel over ssh connection\" href=\"http:\/\/saisa.eu\/blogs\/Guidance\/?p=296\">MyEnTunnel<\/a> for creating and maintaining secure connection<\/div>\n<\/li>\n<li>\n<div>Browser, like firefox, to connect to internet via MyEnTunnel (and via home computer)<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>SSH server<\/strong><\/p>\n<p>There are several variants to choose from (see licensing terms, free for personal\/non-commercial use):<\/p>\n<ul>\n<li>\n<div>OpenSSH (instructions <a href=\"http:\/\/www.petri.co.il\/setup-ssh-server-vista.htm\">example<\/a>)<\/div>\n<ul>\n<li>\n<div>no GUI and therefore more complex setup<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div><a href=\"http:\/\/www.bitvise.com\/ssh-server\">Bitwise SSH Server<\/a><\/div>\n<ul>\n<li>\n<div>Can forbid\/allow shell access, file transfer and forwarding separately (PLUS)<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div><a href=\"http:\/\/www.freesshd.com\/\">FreeSSHd<\/a><\/div>\n<ul>\n<li>\n<div>Allows also shell access (MINUS) together with file transfer, forwarding can be controlled<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div><a href=\"http:\/\/www.k2sxs.com\/silvershield\/\">SilverSHield<\/a><\/div>\n<ul>\n<li>\n<div>Can forbid\/allow shell access, file transfer and forwarding separately (PLUS)<\/div>\n<\/li>\n<li>\n<div>Can ban client IP address when brute force attack is detected (PLUS)<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>My favorites are Bitwise SSH Server and SilverSHield, since both can deny access to command shell. In addition, brute force detection in SilverSHield is important add-on if running these functions as service (mostly ON and active).<\/p>\n<p>BitWise SSH Server Screenshot:<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-bitwise.jpg\"><img loading=\"lazy\" height=\"359\" alt=\"ssh-server-bitwise\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-bitwise-small.jpg\" width=\"640\" \/><\/a><\/p>\n<p>SilverSHielD Screenshot:<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-silvershield.jpg\"><img loading=\"lazy\" height=\"538\" alt=\"ssh-server-silvershield\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-silvershield-small.jpg\" width=\"640\" \/><\/a><\/p>\n<p>The brute force detection setting is done in this page: number of failed attempts and ban time can be define.<\/p>\n<p><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-silvershield2-2.jpg\"><img loading=\"lazy\" height=\"535\" alt=\"ssh-server-silvershield2\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/09\/ssh-server-silvershield2-2-small.jpg\" width=\"640\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Note<\/strong><\/p>\n<p>Both these product do have commercial editions as well, and they are good choises since one can expect maintenance updates etc. With SilverSHielD, however, I was having connection problems with their main site?<\/p>\n<p><strong>Note<\/strong><\/p>\n<p>Creating secure connection to home computer also means that one need to have one port open that is accessable via internet. Some products contains filtering options for allowed client IP or IP range. However, monitoring is required to detect possible attacks, and one would need find a way to receive alerts from these tools.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog is miscellaneous add-on to the earlier blogs Tip, personal online file storage by using your home computer and Privacy and internet communication. In the first blog, the solution for online storage was build by using In home computer: &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=841\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,10],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/841"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=841"}],"version-history":[{"count":2,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/841\/revisions"}],"predecessor-version":[{"id":845,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/841\/revisions\/845"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}