Open Source Firewall Real Examples
Information Security

Open Source Firewall Real Examples

Posted On November 25, 2019 at 12:21 pm by / Comments Off on Open Source Firewall Real Examples

There are many people arguing that it is only possible to go for Enterprise firewall.  However, there are non-profit making organization or small businesses not able to afford top-end products like Checkpoint, WatchGuard, etc. Most of the open source firewall operating systems are developed for more than 1 decade and using by millions of individual and organization.  Our professional service team is delivering both Open Source and Enterprise firewall or UTM gateway solutions. In this article, we would like to share some of the real applications of Open Source firewall with happy users for at least 3 years. First of all, we would like to introduce a case for a primary school with around 100 devices connecting to the network and the internet.  This catholic school is not able to afford an Enterprise class UTM gateway and consequent annual maintenance fee.  They are using the IPCOP as a static firewall with additional add-ins to protect their web, email and even student database server.  Their solution was deployed in 2014 and there is no single case of failure by virus, malware and ransomware.  (Remarks: they are using an Enterprise Anti-virus endpoint in education discount together with the IPCOP firewall) Another case is the computer lab owned by a Data Science consulting company – Smart Data Institute Limited located in Hong Kong.  They are using 2 nodes installed OPNSense as a cluster in front of their own private cloud and their workstations in the lab.  However, Sensei is a plugin for firewalls which complement them with features like Application Filtering, Advanced Network Visibility and Cloud Application Control.  (Note: their production network is using another Enterprise firewall – contact us for details) Apart from IPCop and OPNsense, there are still many different open source firewall solutions available in the market.  pfSense and OPNsense are those options able to meet Enterprise class demand.  IPfire is the one easiest to use and maintain, which is fit for SOHO and small organization without dedicated internal IT resources. However, there is no perfect security solutions to protect everything.  In order to maintain better Information Security, it is important to apply corresponding security policies, such as Computer Security Policy, Data Retention Policy, etc.  It is important to review the related policies and the latest technologies in order to balance the productivity and security. Should you have any question, you can contact us to arrange a free consultation session for seeking the tailored solution for your organization.
Read More
Information Security

Protect Your Children with Security Suite

Posted On November 10, 2019 at 9:15 pm by / Comments Off on Protect Your Children with Security Suite

You can find anything in the internet including violence, sex and drugs information.  It is highly recommended parents should protect their own children with the help of Security Suite – such as Bitdefender Total Security.  For taking Bitdefender as an example, it is because the Bitdefender brand with OEM products are protecting over 500 million devices worldwide. In this example, we try to demonstrate the functions of a security suite with Child protection.  You should find similar functions and features in many different brands like Kaspersky, McAfee, Symantec, etc. First of all (in Bitdefender Total Security), open the Parental Advisor / Parental Control functions in other antivirus to input the child’s profiles and prepare the custom settings. Then, it will prompt for the owner’s account to avoid the “hacking” from your child. Next, you are about to create a new custom profile.  First of all, you should pick your chlid’s device(s) with Bitdefender product being installed. Input your chlid’s name It will show the related device for the settings. Pick the user for the device.
Important: For the device, it is only allowed user account(s) with profile to access the corresponding device with Parental Control switching on.
It is important to input the email account to receive alerts and for which alerts being active for the monitoring. Moreover, you can create or modify your own customized control by adding hostname(s) into the blacklist or whitelist.  In the example below, it shows “facebook.com” being blocked. You can also monitor for whom your child is always talking to. Further, you can check your chlid’s current location with the near real-time monitoring. Meanwhile, you can set for when your child is able to access or use the computer and / or surfing the internet. If your child is trying to log on outside the scheduled time, he / she should see the page below by asking the parents for special request or just switch it off as suggested. Conclusion Freedom is important for everyone.  However, it is basic responsibility for parents to protect their children from abuse or day-long usage to affect their children’s health both physically and psychologically.
Read More
Data Protection

UrBackup Server – free backup solution for SMB

Posted On November 4, 2019 at 12:48 pm by / Comments Off on UrBackup Server – free backup solution for SMB

Archsolution Professional Service Team (2019-11-4)

Backup is one of the most important method to protect your digital asset.  However, most of the backup solutions are very expensive and we would like to share one of the freeware options – UrBackup.

In this article, we will focus on the Windows installation only due to the ability to backup Windows client workstation – operating system image.  For download, you can go to the urbackup.org to download different versions.

Installation of UrBackup Software on Windows
  • Download the NSIS (.exe) or MSI installer. You can only use the MSI installer, if you have a 64-bit operating system and at least Windows Vista/2008.
Install the UrBackup Server.
  • Go to the web interface ( http://localhost:55414 ) and then go to the settings and configure the folder where UrBackup should store the backup. This folder should have following properties:
      • It should be on a NTFS formatted volume (not ReFS or FAT).
      • There should be enough free space to accommodate the backups
      • Preferably the volume should be dedicated to UrBackup backups
      • The volume should be persistently online while the UrBackup Server instance is running. UrBackup does not support different backup volumes/drives
      • While migration is possible it will be lengthy and difficult. So best plan ahead.
      • You can easily increase the size of the backup storage volume, if you use Windows dynamic volumes or a hardware raid. If you are using a plain volume change it to a dynamic volume before the first backup.
      • Turn on compression for the urbackup folder (in Explorer: Right click and properties). If you are not using a really old computer it should pay off without decreasing the backup speed. Possible exception: If you plan to backup files with more than 50GB or turn off the image compression and plan to backup volumes with more than 50GB you should not turn on compression. NTFS cannot compress files larger than about 50GB.
      • Alternative to the compression you can use the offline dedup and compression build into Windows Server 2012
      • Disable 8.3 name generation on the volume. See https://support.microsoft.com/en-us/kb/121007 on how to do this. 8.3 name generation causes errors in rare cases, lowers performance and the 8.3 names are only used in rare cases.
      • If you are using Windows Server 2008(R2) (or the equivalent Desktop versions) you should consider consider applying hotfix https://support.microsoft.com/en-us/kb/967351 and then formatting the backup storage volume with
        • Format <Drive:> /FS:NTFS /L
After you have installed the UrBackup server you should perform following steps:
  • Go to the user settings and add an admin account. If you do not do this everybody who can access the server will be able to see all backups!
  • Setup the mail server by entering the appropriate mail server settings.
  • If you want the clients to be able to backup via Internet and not only via local network, configure the public server name or IP of the server in the Internet settings.
  • If you want the clients to be able to access their backups via browser and “right click -> Restore/access backups“‘ enter a server URL. E.g. http://backups.company.com:55414/. Make sure your DNS is configured such that backups.company.com points to the internal IP of the backup server if accessed from the internal network and points to the external IP otherwise. You should put a real web server in front of UrBackup and setup SSL.
  • If you want to get logs of failed backups go the “Logs” screen and configure the reports for you email address.
  • Change any other setting according to your usage scenario.
Client installation (Windows/Mac OS X client installation) If you plan on using the client in the same local network as the server, or the client is in your local network during setup time:
  • Download the client from http://www.urbackup.org.
  • Run the installer.
  • Leave the backuped items at the default, manually select paths to backup or configure the client from the server.
  • The server will automatically find the client and start backups.
If the client is only reachable via Internet/through NAT:
  • Add a new Internet client on the status page.
  • Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
  • Select the backup paths you want to backup on the client or configure appropriate default directories to backup on the server.
  • The server will automatically start backups once the client is connected.
This is the easiest method to add new internet clients. Notes: There are 3 different colours of the “Urbackup” client icon.
  1. Red – not connected
  2. Yellow – backup running
  3. Green – backup complete recently
  Automatic rollout to multiple Windows computers First, if you want to deviate from the default backup path selection, configure the general default backup paths so that the correct folders get backed for each client. Then install the clients using one of the following methods. On local network: Add the MSI client installer as group policy to the domain controller. Alternatively you can use the NSIS (.exe) installer with the switch “/S” to do a silent install and use something like “psexec”. The server will automatically find and backup the new clients. For internet clients: Adapt the script at https://urbackup.atlassian.net/wiki/display/US/Download+custom+client+installer+via+Python to your server URL and create a python executable from the modified script via cx_Freeze (http://cx-freeze.sourceforge.net/). Executing the python executable on the client automatically creates a new internet client on the server, downloads a custom client and runs the installer. You could also add the silent install switch (“/S”) when starting the downloaded installer such that it needs no user intervention. Client installation on Linux If you plan on using the client in the same local network as the server, or the client is in your local network during setup time:
  • Download the portable binary Linux client from http://www.urbackup.org.
  • Run the installer.
  • Select one of the available snapshot mechanisms. If none is available consider installing your Linux on LVM or btrfs. Otherwise you will have to stop all applications during backups which are modifying files via pre/post-backup scripts.
  • The server will automatically find the client and start backups.
If the client is only reachable via Internet/through NAT:
  • Add a new Internet client on the status page.
  • Download the client installer for the Internet client and send it to the new client. Alternatively, create a user for the new client (in the settings) and send the user the username/password. The user can then download the client installer from the server on the status page and install it.
  • Select the backup paths you want to backup on the client via command line (“urbackupclientctl add-backupdir –path /” or configure appropriate default directories to backup on the server.
  • The server will automatically start backups once the client is connected.
Read More