Passing data over the internet securely

[iamgenius]

Hi folks.

Say that I want to utilize the internet cloud to pass somewhat secret data (VoIP, files, instant messaging.....etc) between two geographically distant locations, how can that be done exactly?

I understand that a VPN can be used somehow to achieve this, right? Or maybe use two hardware firewalls in each site to let traffic pass through them?

Or maybe there is a software I can install in each of the sites' PC's ?

Of course I can always encrypt the files I want to send and attach them to regular emails, and have the other side do the decrypting with the same program I'm using, but what I want is something more seamless(i.e. having the end user use the internet just normally without involving extra steps).


Can you please provide me with some options so that I can look into them?

Thanks.

 

[iamgenius]

I can right away sign up here for example:

https://www.privateinternetaccess.com/pages/buy-vpn/

But I haven't done it before.......What would I need to do after I pay?? I don't want to pull the trigger before it is almost clear to me.

And say for example my goal is exchange traffic between 4 geographically distant locations, will I only need one VPN account? Or how does that work exactly?

Sorry for the so many questions, but I'm a noob when it comes to VPN.


Thanks.

 

[mammador]

If it were wifi, WPA2 with AES security should suffice.

For Ethernet and/or a WAN over fibre, a VPN may be best.

 

[iamgenius]

If it were wifi, WPA2 with AES security should suffice.

For Ethernet and/or a WAN over fibre, a VPN may be best.

It is not WiFi. Like I said PC's will be in different geographic locations. Say 100 Km apart. Both want to exchange data by utilizing the internet which available everywhere. But, the internet isn't safe and anybody with the appropriate knowledge can reach your data, hence my question.

Please expand on the VPN use, I'd really appreciate.

Thanks.

 

[JackMDS]

Given the level of your knowledge, if the issue is really important and you need high security you should get a consult from some one who is familiar with the way ISPs and Networking systems work in your country.

Otherwise, use a service like the one that you linked too they will explain to you how to configure your network to be used correctly their service.

 

[iamgenius]

Given the level of your knowledge, if the issue is really important and you need high security you should get a consult from some one who is familiar with the way ISPs and Networking systems work in your country.

Otherwise, use a service like the one that you linked too they will explain to you how to configure your network to be used correctly their service.

My knowledge level when it comes to networking is low..Yes. But I'm learning and now consulting you guys ^_^ . I think I can do it if somebody is nice enough to explain things for me and walk me through it. In general, I'm knowledgeable when it comes to computers and I like working with them.........That's a plus

 

[sze5003]

I can right away sign up here for example:

https://www.privateinternetaccess.com/pages/buy-vpn/

But I haven't done it before.......What would I need to do after I pay?? I don't want to pull the trigger before it is almost clear to me.

And say for example my goal is exchange traffic between 4 geographically distant locations, will I only need one VPN account? Or how does that work exactly?

Sorry for the so many questions, but I'm a noob when it comes to VPN.


Thanks.

I'll also recommend this VPN. It's a good one to be honest I did a speed test after being connected and it was the same as if I was not on the VPN. $6 bucks a month is pretty good too.

Just sign up and pay. You get a unique username and password which you can change only your password then you download the client and install. It installs tap drivers too. You can use their proxy if you want as well. If I like it after sometime I'll get it for a year or so but depends how often you need to use it.

 

[imagoon]

Maybe I am missing it but that site doesn't seem to offer point to point VPN. That is one of those "privacy" as in browsing privacy services. If you are linking 2 different locations you likely needs something like ASA's or some other controller to controller VPN.

 

[sze5003]

Maybe I am missing it but that site doesn't seem to offer point to point VPN. That is one of those "privacy" as in browsing privacy services. If you are linking 2 different locations you likely needs something like ASA's or some other controller to controller VPN.

Yeah I didn't realize you needed two secure areas. Which would mean the other person would also need to run the program. I think you are better off looking for another app.

 

[drebo]

You want a VPN. You'll need VPN firewalls at each site. Hire a consultant to set them up for you. In order of preference, here are my recommendations for firewalls:

Juniper SRX, Cisco ISR G2, Cisco ISR G1, Cisco ASA, Juniper Netscreen, Cisco SA500, Cisco SR, Cisco RV, with Watchguard, Sonicwall, and linux-based software firewalls as a very distant last place.

 

[iamgenius]

Maybe I am missing it but that site doesn't seem to offer point to point VPN. That is one of those "privacy" as in browsing privacy services. If you are linking 2 different locations you likely needs something like ASA's or some other controller to controller VPN.

You are right. I just discovered that this software isn't an option for what I want.

 

[iamgenius]

Yeah I didn't realize you needed two secure areas. Which would mean the other person would also need to run the program. I think you are better off looking for another app.

He doesn't need anything, I'm the OP ^_^ . I'm still looking and I feel confident you guys will help me do it.

Thanks.

 

[ch33zw1z]

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns142/index.html

 

[iamgenius]

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns142/index.html

If you are into this and have good understanding of the info found in that link, please allow me to ask you some questions after I go through that link.

For now I have two simple questions after quickly skimming through it:

1- If I go with one of the solutions mentioned there, will I need to purchase hardware, software, or both? Or maybe also purchase a service?

2- From my explanation in the OP, which one of the solutions offered will suit me more? To me it looks like Easy VPN or Dynamic multipoint VPN will do the trick if I'm not misunderstanding anything. Also, does IPsec offer stronger security?


Will need more and come back.

Thanks

 

[Lithium381]

What types of files? How big? How often? How much bandwidth available at each site?

Honestly you could get two Juniper Netscreen 5xp devices on ebay for $25 and get about 3 or 4mbps using 3des encryption. How sensitive is this data that you're passing? How many sites total?

I'd opt for using cisco ISR w/ DMVPN ;-) but that's probably excessive!

 

[JackMDS]

If your security need is Not on a level of Bank or Security agency you can use simple installation of free software.

Go to TeamViewer download the software install on computers in both locations and use it to transfer encrypted files over TeamViewer's secure connection.

http://www.teamviewer.com/en/download/windows.aspx

 

[Smoove910]

if it's a one time thing, burn your files/etc to disc and send through snail-mail. Doubt anyone on the net can access those files.

 

[Red Squirrel]

VPN is the best way, but is usually complex to setup. Have to generate certificates, know what to do with each file, setup proper routing etc... if you don't want to deal with that the next best thing is SSH tunnels, but keep in mind those work at the TCP port level (or maybe UDP too... never tried) so you'd have to setup a SSH tunnel for each port you need. Ex: for FTP you would SSH to the end server, and setup a tunnel for localhost port 21 to go to the host's port 21. Do this for each port you need. Easy to do with most SSH clients such as putty.

 

[Cooky]

No offense to the OP, but judging from his networking competency, VPN may not be the best solution.
It takes knowledge & effort to not only build, but maintain a issue-free VPN network.
Many financial institutes have a team of professionals just to manage their VPN networks.

If you're willing to spend some money to properly have it set up & maintained, (which it looks like you don't) VPN is the most secure, can can probably meet your needs.
Technically VPN adds additional transport overhead, so performance could be potentially impacted, which is a drawback as well.

Another option is a cloud-based service, which utilizes SSL/https.
It's encrypted, and secure.
However, you'd have to trust your cloud provider, since your data now traverses over their network & control.

You'll also want to test your voice calls extensively in any solution you pick, since you mentioned VoIP in your post.

 

[Lithium381]

How about dropbox or sugarsync?

 

[iamgenius]

How about dropbox or sugarsync?

I will have to trust them, and I can't trust a third party.

 

[iamgenius]

What types of files? How big? How often? How much bandwidth available at each site?

Honestly you could get two Juniper Netscreen 5xp devices on ebay for $25 and get about 3 or 4mbps using 3des encryption. How sensitive is this data that you're passing? How many sites total?

I'd opt for using cisco ISR w/ DMVPN ;-) but that's probably excessive!

The files will mostly be word docs, excel, and power point files. I can't use DES, the info is more sensitive than that.

The sites are three, and 1Mbps is more than enough.

 

[iamgenius]

If your security need is Not on a level of Bank or Security agency you can use simple installation of free software.

Go to TeamViewer download the software install on computers in both locations and use it to transfer encrypted files over TeamViewer's secure connection.

http://www.teamviewer.com/en/download/windows.aspx

No, that won't do it. You know guys, exchanging data files isn't really my main concern because you can always encrypt them manually and then send them. What i'm more interested in is doing audio/video chat securely.

if it's a one time thing, burn your files/etc to disc and send through snail-mail. Doubt anyone on the net can access those files.

LOOOOOOOOL

 

[ch33zw1z]

If you are into this and have good understanding of the info found in that link, please allow me to ask you some questions after I go through that link.

For now I have two simple questions after quickly skimming through it:

1- If I go with one of the solutions mentioned there, will I need to purchase hardware, software, or both? Or maybe also purchase a service?

2- From my explanation in the OP, which one of the solutions offered will suit me more? To me it looks like Easy VPN or Dynamic multipoint VPN will do the trick if I'm not misunderstanding anything. Also, does IPsec offer stronger security?


Will need more and come back.

Thanks

This isn't really my thing, I was just trying to point you towards information relevant to what you want to do so you kinda have an idea about what to expect.

Yes, you would have to purchase hardware and management software.

drebo's post towards the top of the thread is the best idea for you. Hire a consultant and get this going the right way. You'll avoid wasted time and money...

Once the VPN is setup, then you can start getting the services setup like VOIP, instant messaging, and file serving with site-to-site backups

 

[gsaldivar]

What i'm more interested in is doing audio/video chat securely.

Depending on the hardware/software you're using, there may already be sufficient encryption in use. Adding an additional layer of VPN may give you more perceived security, however, it also introduces additional latency to time-critical network traffic.

If this is for business use, you would be best served by having a good networking consultant look at your unique situation and give you some options.