VPN Services Research Articles

ПРОЕКТУВАННЯ МОДЕЛІ ХМАРНОЇ ІНФРАСТРУКТУРИ ВНЗ НА ОСНОВІ ПЛАТФОРМИ APACHE CLOUDSTACK

This paper describes the problems of using cloud computing in education. In the article it has been investigated the concept of cloud infrastructure in higher educational institutions. The model of cloudy infrastructure is offered. The hybrid model is most recent for higher educational institution. Conceptual provisions (technical and methodical) of designing of cloud are formulated. Described experience of deployment corporate clouds on the basis of the Apache CloudStack platform. The diagram of the organization of physical components of cloudy infrastructure (a hypervisor, physical and virtual area networks, routers, the domain controller, the VPN server) is provided.

Impact of Internet and mobile communication on cyber resilience: A multivariate adaptive regression spline modeling approach

Impact of Internet and mobile communication on cyber resilience: A multivariate adaptive regression spline modeling approach

АКТИВНАЯ ДЕАНОНИМИЗАЦИЯ ЛИЧНОСТИ ПРЕСТУПНИКА В СЕТИ ИНТЕРНЕТ С ИСПОЛЬЗОВАНИЕМ CANARYTOKENS

The article discusses the possibility of using the Internet resource canarytokens.org for active de-anonymization of the identity of a secure network on the Internet. A study of the features of setting up the work of canarytokens both in normal conditions of user equipment and when using means of increased anonymity in a computer network. The author's thoughts on the forms of using ca-narytokens during the investigation of crimes are given. In conclusion, outcomes are drawn about the advantages and disadvantages of the considered method of identifying an Internet user. The first in-clude: the efficiency of obtaining information even in cases where the criminal uses Internet re-sources that are outside the jurisdiction of the Russian Federation; obtaining information not only about the IP address, but also about the software and hardware characteristics of the computer de-vice used; the ability to obtain information relevant to a criminal case in cases where a criminal uses a VPN service. The disadvantage is the low efficiency when a criminal uses the Tor browser.

OpenVPN is Open to VPN Fingerprinting

VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using “dual use” DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 “obfuscated” VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.

Implementation of auto failover on SD-WAN technology with BGP routing method on Fortigate routers at XYZ company

The current technological development is SD-WAN (Software-Defined Wide Area Network) which provides highperformance access for users located far from the head office so as to allow faster network connections and has been facilitated automation techniques for branch offices. This research solves the problem of XYZ company because it is known that the company requires network connectivity with a high SLA (Service Level Agreement) and no downtime in the information exchange process. This research hypothesis assumes that using SD-WAN would be ideal and the problems with XYZ company were resolved. The purpose of this research is the implementation of a WAN network using SD-WAN technology against two ISPs on the FortiGate router, as well as testing QoS (Quality of Service) that has been configured using the BGP (Border Gateway Protocol) routing method. This research plan consists of ISP-A using IP-VPN (Internet Protocol-Virtual Private Network) and ISP-B using broadband Internet. The test scenario was carried out using 3 methods, namely Full Service Scenario, Fail Over Scenario-1 when the IP VPN service is down and Fail Over Scenario-2 when the broadband Internet service is down. The final results of the research have obtained "Satisfactory" results for both services, including the average index on ISP-A and ISP-B of 3.7.

Polymedia, de-territorialization, and cultural transformation: Pakistani students’ digitally mediated acculturation journeys in China

ABSTRACT In light of the increasing trend of inter-Asian migration within China, this qualitative research explores the socio-cultural and technological implications of the de-territorial and digitally-mediated acculturation journeys of Pakistani higher education students in China. A comprehensive analysis of the polymedia experiences of Pakistani higher education students reveals paradoxical trends. The research findings illustrate China’s controlled approach to cultural and technological diversity. The study highlights the dominance of Chinese apps, notably WeChat, and VPN services in strengthening co-national bonds, fostering transnational connections, and cultivating cultural belonging. Conversely, the article contends that the students’ polymedia interactions demonstrate China’s evolving cultural and technological landscape. For instance, digital access, availability, and literacy empower sojourners to reinforce their ethnic identities and communities, promote increased usage of US-based digital platforms, and further accelerate the adoption of the English language within China’s socio-cultural landscape. Understanding these digitally influenced creative pathways and information ecologies presents a significant opportunity for Chinese institutions to foster stronger connections with the expanding South Asian student communities.

ДОСЛІДЖЕННЯ МОДЕЛЕЙ АНОНІМНОЇ МАРШРУТИЗАЦІЇ

Numerous solutions have been created for online anonymous communication. We do evaluations of security on several systems. We examine features such as Onion Routing, anonymous VPN services, probabilistic anonymity, and deterministic anonymity among different systems. There are also additional forms of anonymous communication that are discussed, including messaging, peer-to-peer communication, using the web, emailing, and using other Internet apps. We then go on to show several attack methods that aim to identify people who communicate anonymously. The objective of the research is to achieve an exact adjust between guaranteeing the adequacy and dependability of message delivery and ensuring customer anonymity. The NIAR model's non-interactive highlight makes it more valuable since it licenses secure communication without requiring nonstop client support. Communication privacy is threatened by an ever-growing volume of data generated by an ever-growing number of networked devices. Because of this, Anonymous Communication Systems (ACSs)—which offer the privacy qualities of anonymity, unsinkability, and observability—are recommended to conceal the relationship between transmitted communications and their senders and recipients. The objective of this essay is to evaluate the literature on Dining Cryptographers Networks (DCNs) in the subject of ACSs. Since the DCN-based techniques offer unconditional guarantees of observability, they are information-theoretically safe. Their computation and communication expense was considered high at the time, and scalability issues arose, which originally impeded their use for anonymous communications. By satisfying these targets, the research improves the state of encrypted communication systems and opens the door to a day when protecting client security will be a best need without sacrificing message delivery's significant dependability and efficiency.

An Experiment to Prevent Malicious Actors from Compromising Private Digital Assets Over a Public Network

In the current millennium, human society has immensely improved its ability to obtain and distribute information. This change on the other hand, has caused the majority of daily routines to actively involve the usage of computers and mobile devices, which in turn has made people rely heavily on the availability of internet access. This fact was taken advantage of, causing a massive increase in public networks by people or businesses to draw in customers or just as simple public service. This increase gives both ease and risks which this paper will address, specifically on the security measures in network devices that are nearby, and the solution proposed to provide complementary insight on securing the technologies. The authors of this paper supply the main point of the research through experimental efforts i.e., by testing the solution in a real-life scenario. The solution itself involves the configuration of a Raspberry Pi into a VPN server and rerouting all traffic into the Raspberry server so that it will be encrypted and safe from the dangers that will be mentioned in later parts of this paper. The result of the experiment shows that the proposed solution can successfully encrypt the targeted packet so it can’t be read by malicious attackers. Although the solution works it can’t be simply applied to every public network due to internet connection protocols and its inconvenience. Future research will involve the improvement or rework of the solution until the issues mentioned above are solved.

Teleworking effective practices on engineering groups, a contrast of paradoxical features through thematic analysis in search for practical outcomes

Teleworking effective practices on engineering groups, a contrast of paradoxical features through thematic analysis in search for practical outcomes

Sistem Keamanan Work From Anywhere Menggunakan VPN Generasi Lanjut


 
 
 
 Working remotely or what we know as Work From Anywhere is still a trend after the COVID-19 pandemic. Working from anywhere and anytime can increase productivity and reduce transportation costs, and is accompanied by fast internet support, good communication and collaboration platforms so this is very popular and in demand. When implementing WFA, it has its own challenges, namely data security. Not all organizations are supported by a reliable IT infrastructure that can protect employee data during WFA. One of the security system technologies that can be used during WFA is VPN. Currently there are many VPN protocols that can be used for WFA. However, in implementing a VPN network, there are several things that must be considered to ensure that the VPN network is successful and functional, such as security, choosing the right architecture, selecting technology and protocols, scalability, quality of service, management and monitoring, as well as security and privacy policies. ZeroTier is a next-generation VPN that is easy to configure, can support multiple devices, and uses an end-to-end connection, eliminating the need for a centralized VPN server. In implementing VPN ZeroTier the method used is the Network Development Life Cycle (NDLC). This methodology is used to plan, implement, and manage a VPN network with ZeroTier to function according to WFA needs.
 
 
 

Цифровые технологии как инструменты кибермошенничества: типологический подход

Cyber fraud is the subject of study of a whole cluster of sciences, the area of verification of various conceptual approaches, general scientific and special research methods. In the present article, the heuristic merits of such a method of studying cyber fraud as typological analysis are substantiated, as well as the existing variants of various aspects of cyber fraud typology are considered. As part of the given approach, the authors proposed a typology of cyber fraud practices based on the application of current digital technologies (phishing sites, deep-fakes, cookies, digital imitation of documents, scam pages, file hosting services, MVNO-operators, SIM card duplicates, Bluetooth, chatbots, QR code, VPN services), which allows diversifying specific cyber fraud tech-niques, including both manipulation of personal data and creation of special malicious content.

Comparative analysis of VPN protocols

The aim of the study was to check the performance of the set-up internet connection using the three VPN protocols: Wireguard, OpenVPN and L2TP / IPSec. The Docker applications were used for the tests, on which the VPN server configuration file was launched. The containers were running on the Amazon server. The tests were performed on a laptop and a virtual machine with Windows 10 Pro. The virtual machine has been run in the Microsoft Azure cloud. The next step was to launch three docker containers and start performance tests using three tools: ping command, Speedtest-cli and Iperf3. The result of the research is the analysis of the measurement results and drawing conclusions.

Design and Implementation of a Secure Virtual Private Network Over an Open Network (Internet)

Aim: The main objective of this research project is to design and implement a functional secure virtual private network over the internet considering that use of traditional fixed telephones lines is not cost effective and it is unsecured especially in the context of Cameroon.
 Methods: In the VPN, internet is used as the data pipelined replacing the traditional data lines. This approach was deployed through simulation with CISCO Packet Tracer.
 Results: Simulation results showed that the system can provide a secured, reliable and cost effective transmission system over the Internet for organizations in Cameroon. As such, VPNs form an integral part of remote business communications across the internet due to the inherent risks that exist when sending private information over a public network.
 Conclusion: VPNs not only prevent unethical use of private business correspondence by unauthorized parties but they also play an important role in reducing the environmental impact of business travel.
 Recommendations: This study recommend an organization which considers security as its top priority to embrace the rather expensive solution of implementing an email/Web/DNS/FTP server at each site rather than using only a single email/web/DNS/FTP server for the entire intranet. This will reduce the amount of information that organization sends across the Internet and increase information access speeds. Home users or small office can equally be installed with an email/web/DNS/FTP server. Also, in the remote access case, a company can outsource the installation and management of their remote access VPN server to the ISP. Moreover, just using IPSec for remote access users is not enough. Remote access IPSec VPN implementation should always be associated with a tunneling protocol such as PPTP.

Detection Technique to trace IP behind VPN/Proxy using Machine Learning

Cybercriminals use a variation of techniques to fleece their digital footprints, that creates a barrier for law enforcement agencies to impossibly catch and prosecute them. With the known universal truth that whenever a machine tries to connect in adversely to target system. The victim’s machine can see only requests coming from the “proxy” or the VPN server. Now as VPN hides IP addresses it leads the network to be redirected through some special configured remote server which are run by a VPN host. As its consequences, the user’s digital footprint is hidden. the footprint of a VPN server is received by the receiver. This challenges the entire organization or one’s personal system to be in risk. One such solution to the problem is to design “Honeypot system” that will trace an IP address running behind VPN/proxy servers. The machine learning algorithm will able to trace the actual IP address with ISP details. The paper discusses a detection mechanism that will dupe the attackers. Showing inability in locating and identifying real honeypot file. The methods were tested on various platforms and technique outperform in detecting attacker’s system smartly using machine learning.

Organization of remote interaction of employees with the information infrastructure of the enterprise

Currently, an acute problem is the issue of providing remote connection of foreign institutions and enterprise personnel to its information network through the public Internet network, while other users of the public network cannot access information resources within the enterprise. The paper describes the sequential steps of configuring a server based on Ubuntu 20.04 using StrongSwan, an IPsec daemon that supports both IKEv1 and IKEv2. During the setup process, a 4096-bit RSA key was generated to sign the root CA. The VPN server's private key was then generated, which was signed by the VPN server's certificate using the certificate authority's key. IPsec configuration was also performed by making the necessary changes to the configuration file. Further, the work describes the process of setting up authentication, including setting up an identifier (login) and password. The final step was to configure the firewall, allow access for OpenSSH to remotely manage the server, specify the standard IPsec ports, and set the forwarding settings. This type of communication provides a high level of security, as the server asks the client for a certificate and authentication data. Another advantage is the use of encryption, which is compatible with all platforms. This provides an encrypted and secure network connection, which is important for remote workers as it gives them direct access to the organization's resources without being in the office. Users can connect to the network from different regions around the world using their devices.

Development of an intelligent decision-making system to support scientific and industrial formations VPN connections

The development of information systems to ensure the safe coordination of information flows in scientific and industrial clusters makes it possible to automate a number of tasks aimed at increasing the cooperative interaction productivity. The use of existing traffic encapsulation solutions or the new client-server algorithms development for network interaction affects the decision-making component for managing the TCP/IP structure, authorization of subjects, and support for correct load distribution. At the moment, most VPN servers do not have the specified functionality, which does not allow integrating solutions into existing scientific and industrial clusters. As the main solution, a flexible decision support system is proposed that takes into account all aspects of the virtual tunnel software component. The proposed solution is based on the use of complex methods for assessing the software modules state to make decisions on changing the operation of functional modules. The development result of the proposed system and the conducted functional testing made it possible to automate the operation of VPN tunnels when working with a complex network interaction structure.

Enterprise-Grade Hosted VPN Services with AWS Infrastructure

In this groundbreaking research paper, we delve into the realm of enterprise-grade hosted VPN services, leveraging open-source, cost-effective tools within the robust AWS infrastructure. In the dynamic landscape of information technology, the pursuit of solutions that are both effective and financially prudent is imperative. Notably, the conventional approach to VPN services often involves substantial expenditures, with industry giants like Palo Alto demanding millions of dollars annually for their services. However, this paper advocates for a transformative paradigm shift wherein organizations can develop and host their VPN services, offering heightened customization and control through proprietary infrastructure. The proposed solution represents a significant milestone, especially for security-focused companies aiming to host comprehensive VPN services independently, thereby gaining complete oversight of each facet of the service edge. Despite the promise of this approach, successful implementation necessitates thorough research and meticulous planning. Nonetheless, the potential benefits are substantial, with the ability to deploy such solutions within a few weeks across diverse business units. Hosted VPN services, implemented in this manner, have the capability to fortify the entire infrastructure from end to end, markedly enhancing security measures and access control. The foundation of this approach lies in the strategic utilization of OpenVPN as the client and pfSense as the firewall/ router, orchestrating traffic routing and providing a robust security layer for internet-bound traffic. Through the integration of various certificates within the OpenVPN client, precise management of user connections to the firewall is achieved. The resultant configuration ensures enterprise-grade firewall security, effectively mitigating internet threats by blocking access to non-essential sites. The synergistic use of OpenVPN and pfSense not only bolsters security but also offers a scalable and flexible solution that aligns with the specific needs of diverse business environments.

Implementasi VPN Menggunakan Metode Point to Point Tunneling Protocol

The XYZ office is a government agency covering various fields, ranging from government, economy, development, people's welfare, community life development and public service affairs. However, work activities in agencies were disrupted due to the COVID-19 pandemic which caused the government to impose a Large-Scale Social Restriction (PSBB) policy to suppress the spread of this virus, resulting in agency workers having to work from home. Therefore we need an appropriate means to be able to support these activities. One of them is making a technology design by implementing a VPN on a proxy router with the PPTP (Point to Point Tunnelling Protocol) method so that it can make it easier for employees to communicate without thinking about location. In addition, users can still remotely access the local network even though they are outside the office network. more secure. Based on the results of testing the network security at the XYZ Office before using the VPN Server, it proved that the wiretapping attackers could still obtain data in the form of website login information, proxy logins, or view data contents when exchanging data. Meanwhile, when the user connects to the VPN Server, the eavesdropper cannot see the contents of the data in it, then with the implementation of a VPN with the PPTP method, employees who are working from home can connect and communicate well with each other, with that work and information exchange will become more flexible and faster

Monetizing Spare Bandwidth

Residential Internet speeds have been rapidly increasing, reaching averages of ~100 Mbps in most developed countries. Several studies have shown that users have way more bandwidth than they need, only using about 20-30% on a regular day. Several systems exploit this trend by enabling users to monetize their spare bandwidth, e.g., by sharing their WiFi connection or by participating in distributed proxy or VPN (dVPN) services. Despite the proliferation of such systems, little is known on how such marketplaces operate, what are the key factors that determine the price of the spare bandwidth, and how such prices differ worldwide. In this work, we shed some light on this topic using dVPNs as a use-case. We start by formalizing the problem of bandwidth monetization as an optimization between a buyer's cost and seller's income. Next, we explore three popular dVPNs (Mysterium, Sentinel, and Tachyon) using both active and passive measurements. We find that dVPNs have a large and growing footprint, and offer comparable performance to their centralized counterpart. We identify Mysterium (in the US) as the most concrete realization of a bandwidth marketplace, for which we derive a value of spare Internet bandwidth ranging between 11 and 14 cents per GB. We also show that both buyers and sellers utilize ad-hoc "rules-of-thumb" when choosing their prices, which results in a sub-optimal marketplace. By applying our optimization, a seller's income can be tripled by setting a price lower than the default one which allows to attract more buyers. These observations motivate us to create RING, a first and concrete system which helps sellers to automatically adjust their prices and traffic volumes across multiple marketplaces.

Apnavpn Project

Abstract: A VPN is an essential tool for securing your personal data and protecting your privacy online. We’ve put together the ultimate guide to VPNs to show you what a VPN does, how VPNs work, and how they protect you. Learn how to choose the right VPN, or secure your privacy right now by downloading our own powerful and lightning-fast VPN app. A VPN works by using encryption protocols to funnel all your internet traffic through an encrypted tunnel a virtual private network between your computer and a remote VPN server. This hides your IP address and secures your data, preventing others from intercepting it. Without a VPN, all your internet traffic is potentially exposed to your internet service provider (ISP), the government, advertisers, or other people on your network. That’s why VPN connections boost your privacy and security online. VPN is virtual because it’s created digitally there isn’t a physical cable that reaches from your device directly to the VPN server.