Going into Cloud networking – Just peeping

Introduction

Chosen to work a bit with amazon. Because it seemed to have the most fair pricing range for what I was think of using it for. The load or uses of the systems are based on specification of the virtual machine and what kind of traffic that is supposed to go through it.
This exercise there has been working with the type EC2. The EC2 is a small micro instance running Ubuntu with 618Mb ram and 8 Gb HDD.

AWS Free Usage Tier (Per Month):

Elastic Compute Cloud (EC2)

750 hours of Amazon EC2 Linux enough hours to run continuously each month.
750 hours of Amazon EC2 Microsoft Windows Server.
750 hours of an Elastic Load Balancer plus 15 GB data processing.
30 GB of Amazon Elastic Block Storage, plus 2 million I/Os and 1 GB of snapshot storage
This is what is giving to first time users to AWS to get people starting for free each month in 1 year from the sign up date. This is really cool and gives a lot of hours to play with deferent setups and configurations

Creation of an account starts with the normal entering of user information then the confirmation of your identity. A code is presented on the screen and amazon phone you up and the code has to be entered. And the site is automatic updated.
At first all ports are closed except the ssh port. And that is protected with authorized_key option so only the *.pem key that is handed out by amazon is allowed.

I began with a trying to have a simple webserver running. A server just to show the default page “It works” and as framed as that it I could test it by typing the public IP of the instance. It just needs apache installed this is down by the apt-get method. And the security group used with the instances has to be updated to listen on port 80 for the http traffic.loadbal

Next thing was implementation of an EC2 instance more for testing the elastic load balancing function. This should be “easy” – point and click setup. But somewhere in the way I made it hard for my self. The services were not responding in the load balancer as “in service” but “out of service – instant stop”. To fix this the instance in the load balancer was removed and the added one more time and then it worked. Used the domain name of the web balancer to connect to the two instances.

S3 storage – The easiest way to fast storage

Same as the EC2 there is a few great benefits by being a new customer as part of the AWS Free Usage Tier and new AWS customers receive 5 GB of storage, 20,000 Get Requests, 2,000 Put Requests, and 15GB of data transfer out each month for one year. Extra space and requests is 0.010USD per GB and 0.005 per 1000 request.
Created a bucket name with a proper name for the purpose. There are two ways of upload/download files. First and properly the easiest way is by the web interface within the S3 bucket. Other way is to use a external program like cyberduck or 3Hub for mac. Both of them need security information. Used the 3Hub that needs the Access Key ID and the Secret Access Key to gain access the to storage.

WEB Proxy

proxy

A simple web Proxy using a EC2 micro instance, properly not the best solution in the long run.

What the plan was

  1. Add content filtering to an existing Ubuntu system
  2. Prevent users from bypassing the filtering system

Starting by installing the filtering software and proxy
sudo apt-get install dansguardian squid

Configuration:

Squid

sudo nano /etc/squid3/squid.conf

Edit the squid3 configuration file by changing following look around line 1295 for it

http_port 3128 >> http_port 3128 transparent

sudo service squid3 restart

Dansguardian

sudo nano /etc/dansguardian/dansguardian.conf

Change this line:

UNCONFIGURED >> #UNCONFIGURED

This tells that the configuration has been made.
As it is already running in the EC2 instance do a stop/start

sudo /etc/init.d/dansguardian stop
sudo /etc/init.d/dansguardian start
EC2 instace
Add a custom tcp rule to the security group with port 8080

Test Proxy

  1. Open a browser.
  2. Go to http://tits.com for testing. This is a NSFW site. An adult site that should at the moment not be blocked. The site is accessed without any problems

tits
Now setup the proxy in the browser with manual proxy configuration.Apply the new proxy settings

Testing by going to http://tits.com again

The site is shown as blocked. At this point, the proxy is working.

Conclusion

There is a lot of possibilities in cloud networking. Have just started to peel of the first layer and taking a small peek into what is next. The stuff we have been doing the last couple of weeks has been easy and very interesting. The things I have setup and used at fairly easy but still it ends up being a difficulty task when the load balance gave me this error that the instance not was in service. I did not get around setting the dns settings to round robin so I properly could test the load balancer changing server. But adding a webserver that maybe can be used for security purposed then browsing and maybe together with vpn? Then when being in 3rd world contries like China hardere to find the real IP to attack

One thought on “Going into Cloud networking – Just peeping

Leave a Reply to Hermawan Wiwit Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress. Caos designed by Quema Labs.