Category: Network

With VPN connection, you can connect securely via the company’s network or the Internet(when working in a public place like a coffee shop).

Before connecting to VPN, it is necessary to prepare a VPN profile on the PC. You can create a VPN profile yourself or set up a workplace account to get a VPN profile from your company.

On the add VPN connection screen, do the following:
Under VPN Provider, select Windows(built-in). In the Connection name box, enter the friendly name of the VPN connection profile(for example, your VPN). This is the name of the VPN connection search for when connecting. In the server name and address box, type the VPN server address.
Under [VPN type], select the type of VPN connection to be created. You need to know the type of VPN connection used by user computer or VPN service. In the type of sign-in information, select the type of sign-in information (credential information) to use. It will be a user name and password, a one-time password, a certificate, or a smart card if you connect to VPN at work. Enter a user name and password in each box(optional).

VPN is a virtual private network built using public lines. It is a technology that allows you to share data and information using a VPN device such as a router with VPN function even if you are a remote location. The merit of VPN is that it costs less than leased line. Especially for Internet VPN it is inexpensive because it uses normal internet line contract.

VPN is a network technology that has been in use since the 2000s, with the background of the development of IT technology and virtualization technology in the background. Besides low-cost merits, data communication is also secured for safety, so more enterprises are introducing it.

Mechanism and features of VPN connection using the Internet
To establish a VPN connection between business offices located in geographically remote places, connect a LAN by installing a VPN dedicated router at both offices. This creates a virtual leased line via the Internet and allows you to access data on each other’s servers even if you are at a remote place. Because it becomes like connected to a common LAN, even you are away, you can share files and the work the same way.

In the PAC file, describe the processing condition for specifying the proxy server to use based on the information such as the URL of the access destination. Within script processing, it returns the destination(URL or IP address) and port number of the proxy server matching the condition such as the host name of the URL and the IP address.

PAC file sample

function FindProxyForURL(url, host){
  if(isPlainHostName(host)){
    return "DIRECT";
  } else {
    if (shExpMatch(url, "http://www.bing.com/")){
      return "PROXY www.bing-proxy.com:6060";
    } else if (shExpMatch(url, "http://www.microsoft.com/")){
      return "PROXY www.microsoft-proxy.com:7070";
    } else {
      return "PROXY www.other-proxy.com:8080"
    }
  }
}

When browsing a web page on the internet, it may be set to access via a specific server. This server is called “Proxy server”. It can also be used for non-web access.

The main advantages of this setting are as follows.

Caching can be used when viewing the same web page from multiple personal computers.
(It is unnecessary for all the personal computers to acquire the same data, and the communication volume is reduced)
You can use the “filter” function of not accessing specific URLs.
It is possible to collectively record access histories of all personal computers.

Let’s see how to set “proxy server” on Windows 10.

Open setting and chose network and internet.

Here you can see proxy.

Use setup script
use automatic configuration script
Just specify the location of the PAC file. In what cases proxy to use is described in the PAC file (programming language, a file written in JavaScript)

Specify the URL of the PAC file
Manual proxy set up
specify your own proxy server(specify address and port)
setting method
specify the proxy server address and port number

ネットワークの入り口:ゲートウェイから全てのパケットが入ってくるので、サーバ毎にFirewallを設定する必要がある
Linuxであればiptables

22番以外を開ける理由は、22番ポートへの侵入を目的とするアタックを回避する

VPN経由で内部からしかリモートログインできない、特定のIPアドレスからのみリモートログイン出来る、という場合はFirewallが守る

代表的なプロトコル
ssh: tcp 22
http: tcp 80
https: tcp 443

ftpを使うなら tcp20, telnet 23, smtp 25, dns 53, dhcp 67, dp 68, pop3 110, ntp 123

なるほどね。

よくみたら、cyberduckの接続にwebDAVありますね。。

WebDAV,FTP,FTP-SSL,SFTP,Windows Azure Storage, Backblaze B2 Cloud Storage, DRACOON, Google Cloud Stroage, Amazon S3, Rackspace Cloud Files, Swift, Dropbox, Google Drive, Microsoft One Drive

なるほど、オンラインストレージはそれぞれ独自の通信技術を使っているのですな。なんだかなー

XXX.XXX.XXX.XXX – – [05/Apr/2018:13:07:49 +0900] “PROPFIND / HTTP/1.1” 405 166 “-” “-”

https://docs.microsoft.com/en-us/previous-versions/office/developer/exchange-server-2003/aa142960(v=exchg.65)
WebDAVのよう。
WebDAVって何？

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release. The WebDAVPROPFIND Method retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). The PROPFIND Method can be used on collection and property resources.

ProfpindはWebDAVメソッドの一つ
WebDAVとはサーバー上のファイルを読み取りや編集を、Webブラウザ上で行えるようにする仕組み

WebDAVクライアント: Webフォルダ、CyberDuck, cadaver, SkunkDAV
WebDAVサーバー:Apache+mod_dav, nginx+ngx-dav-ext-module, IIS5, jigsaw, Zope

WebDAVとはサーバー上のファイルを読み取りや編集を、Webブラウザ上で行えるようにする仕組みのことを言います。
オンラインストレージはWebDAVに似ている。
Microsoftが1999年に発表

自組織への不正侵入を防ぐためにプロトコルに応じて出入りを許可したり禁止したりすることでセキュリティレベルを維持している。
HTTPを拡張し、WebDAVでファイル共有という別の機能を実現

HTTPだけで全てのコンテンツ管理を完結できる。また、HTTPの拡張のみによって実装されているため、ファイアウォールによって既存のファイル転送サービスが利用できない環境や、HTTPプロキシを経由した環境でも利用できる。

PROPFIND
指定したURIが示す資源の属性を取得する。具体的には、要求する属性をクライアントがWebサーバに送信すると、サーバはそれに対応した属性値を返す。また、その資源の属性全てを取得することも出来る。

さくらでもあるが、マネージドサーバー

### WebDAVに関する本
2003年の本なので、古すぎて読む気がしませんが、一応、WebDAVの解説本があるようです。