Going into Cloud networking – Just peeping
Chosen to work a bit with amazon. Because it seemed to have the most fair pricing range for what I was think of using it for. The load or uses of the systems are based on specification of the virtual machine and what kind of traffic that is supposed to go through it.
This exercise there has been working with the type EC2. The EC2 is a small micro instance running Ubuntu with 618Mb ram and 8 Gb HDD.
AWS Free Usage Tier (Per Month):
Elastic Compute Cloud (EC2)
750 hours of Amazon EC2 Linux enough hours to run continuously each month.
750 hours of Amazon EC2 Microsoft Windows Server.
750 hours of an Elastic Load Balancer plus 15 GB data processing.
30 GB of Amazon Elastic Block Storage, plus 2 million I/Os and 1 GB of snapshot storage
This is what is giving to first time users to AWS to get people starting for free each month in 1 year from the sign up date. This is really cool and gives a lot of hours to play with deferent setups and configurations
Creation of an account starts with the normal entering of user information then the confirmation of your identity. A code is presented on the screen and amazon phone you up and the code has to be entered. And the site is automatic updated.
At first all ports are closed except the ssh port. And that is protected with authorized_key option so only the *.pem key that is handed out by amazon is allowed.
I began with a trying to have a simple webserver running. A server just to show the default page “It works” and as framed as that it I could test it by typing the public IP of the instance. It just needs apache installed this is down by the apt-get method. And the security group used with the instances has to be updated to listen on port 80 for the http traffic.
Next thing was implementation of an EC2 instance more for testing the elastic load balancing function. This should be “easy” – point and click setup. But somewhere in the way I made it hard for my self. The services were not responding in the load balancer as “in service” but “out of service – instant stop”. To fix this the instance in the load balancer was removed and the added one more time and then it worked. Used the domain name of the web balancer to connect to the two instances.
S3 storage – The easiest way to fast storage
Same as the EC2 there is a few great benefits by being a new customer as part of the AWS Free Usage Tier and new AWS customers receive 5 GB of storage, 20,000 Get Requests, 2,000 Put Requests, and 15GB of data transfer out each month for one year. Extra space and requests is 0.010USD per GB and 0.005 per 1000 request.
Created a bucket name with a proper name for the purpose. There are two ways of upload/download files. First and properly the easiest way is by the web interface within the S3 bucket. Other way is to use a external program like cyberduck or 3Hub for mac. Both of them need security information. Used the 3Hub that needs the Access Key ID and the Secret Access Key to gain access the to storage.
A simple web Proxy using a EC2 micro instance, properly not the best solution in the long run.
What the plan was
- Add content filtering to an existing Ubuntu system
- Prevent users from bypassing the filtering system
Starting by installing the filtering software and proxy
sudo apt-get install dansguardian squid
sudo nano /etc/squid3/squid.conf
Edit the squid3 configuration file by changing following look around line 1295 for it
http_port 3128 >> http_port 3128 transparent
sudo service squid3 restart
sudo nano /etc/dansguardian/dansguardian.conf
Change this line:
UNCONFIGURED >> #UNCONFIGURED
This tells that the configuration has been made.
As it is already running in the EC2 instance do a stop/start
sudo /etc/init.d/dansguardian stop
sudo /etc/init.d/dansguardian start
Add a custom tcp rule to the security group with port 8080
- Open a browser.
- Go to http://tits.com for testing. This is a NSFW site. An adult site that should at the moment not be blocked. The site is accessed without any problems
Testing by going to http://tits.com again
The site is shown as blocked. At this point, the proxy is working.
There is a lot of possibilities in cloud networking. Have just started to peel of the first layer and taking a small peek into what is next. The stuff we have been doing the last couple of weeks has been easy and very interesting. The things I have setup and used at fairly easy but still it ends up being a difficulty task when the load balance gave me this error that the instance not was in service. I did not get around setting the dns settings to round robin so I properly could test the load balancer changing server. But adding a webserver that maybe can be used for security purposed then browsing and maybe together with vpn? Then when being in 3rd world contries like China hardere to find the real IP to attack