DOCSLIB.ORG

Salmon: Robust Proxy Distribution for Censorship Circumvention

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Salmon: Robust Proxy Distribution for Censorship Circumvention Proceedings on Privacy Enhancing Technologies ; 2016 (4):4–20 Frederick Douglas*, Rorshach, Weiyang Pan, and Matthew Caesar Salmon: Robust Proxy Distribution for Censorship Circumvention Abstract: Many governments block their citizens’ ac- action. This last point has become a particular concern cess to much of the Internet. Simple workarounds are in the past few years, as social media platforms have unreliable; censors quickly discover and patch them. proven excellent for coordinating protests. Previously proposed robust approaches either have As a result, many countries impose restrictions on non-trivial obstacles to deployment, or rely on low- their citizens’ Internet use. These restrictions can take performance covert channels that cannot support typi- the form of dropping packets to/from particular IP ad- cal Internet usage such as streaming video. We present dresses, disrupting resolution of DNS queries, and even Salmon, an incrementally deployable system designed inspecting packets headed to search engines to filter out to resist a censor with the resources of the “Great Fire- undesirable queries. Any attempt to circumvent censor- wall” of China. Salmon relies on a network of volunteers ship must defeat all of these techniques. The simplest in uncensored countries to run proxy servers. Although solution is to tunnel all traffic through an encrypted con- any member of the public can become a user, Salmon nection to a secret proxy server: the secure tunnel hides protects the bulk of its servers from being discovered destination IP addresses, and guards against DNS inter- and blocked by the censor via an algorithm for quickly ference and deep packet inspection. The vulnerability is identifying malicious users. The algorithm entails identi- then the server’s identity: the server is viable for by- fying some users as especially trustworthy or suspicious, passing the censorship only so long as the censor does based on their actions. We impede Sybil attacks by re- not know there is a proxy server at that IP address. quiring either an unobtrusive check of a social network Salmon starts with the simple approach of assem- account, or a referral from a trustworthy user. bling a collection of proxy servers, and fixes the vulner- ability with an algorithm for distributing those proxy Keywords: Censorship servers to the general public, while minimizing the num- DOI 10.1515/popets-2016-0026 ber of servers a censor whose agents control some user Received 2016-02-29; revised 2016-06-02; accepted 2016-06-02. identities can discover and block. Salmon’s algorithm has three core components. 1) We track the probability that each user is an agent of the 1 Introduction censor (suspicion), and ban likely agents. 2) We track how much trust each user has earned, and distribute The Internet has proven to be an extremely powerful higher-quality servers accordingly. Trust also helps keep tool for enabling the free flow of information. Authori- innocent users out of trouble, by isolating them from tarian governments have always been highly concerned newer users, where the censor agents are more likely to with the control of information, and so they perceive the be found. 3) Highly trusted users are allowed to rec- Internet in its natural form to be a grave threat. They ommend their friends to Salmon. We maintain a social seek to eliminate dissemination of inconvenient facts, to graph of user recommendations, and assign members of stifle free discussion of viewpoints different from their the same connected component — a recommendation own, and especially to prevent the coordination of mass ancestry tree — to the same servers, whenever possible. Other works [16, 22] have employed techniques with the same overall theme of gradually identifying and punishing suspicious users. Salmon is more robust than *Corresponding Author: Frederick Douglas: University other approaches, thanks mainly to its trust levels. Our of Illinois Urbana-Champaign, [email protected] simulations show that the addition of our trust level Rorshach: [email protected] logic significantly reduces how many users the censor Weiyang Pan: University of Illinois Urbana-Champaign, can cut off from access to proxy servers. rBridge [22], [email protected] Matthew Caesar: University of Illinois Urbana-Champaign, the most robust previous server distribution technique, [email protected] Salmon: Robust Proxy Distribution for Censorship Circumvention 5 allows over three times as many users to be cut off from – The censor cannot identify proxies via traffic finger- the system as Salmon (§5.5). printing. Anti-fingerprinting is important and has Salmon’s other main advantage over similar systems been studied [18, 21, 23], but is orthogonal to server lies in striking the proper balance between making the distribution. system easily accessible to the general public, and mak- – The censor may try to block as many servers as it ing it difficult for the censor to insert many of its agents can immediately, or may be willing to simply dis- into the system. Previous proposals have gone a bit too cover servers, and not take action for months. far in one of those directions. In addition to recommen- dations, Salmon can optionally accept new users who To reiterate, we are assuming that the censor cannot can prove ownership of a well-established Facebook ac- identify proxies via traffic fingerprinting only because count. If Facebook is blocked, existing robust but low- proxy distribution is not an interesting question if the bandwidth techniques are sufficient for getting the user censor has this capability. Careful proxy distribution through Salmon’s registration process. The system can schemes are useful when the censor can block circum- therefore be made open even to people who do not know vention resources if and only if it receives the same in- any longtime Salmon users. formation that a legitimate user needs to utilize them. Salmon’s name comes from its trust levels: just as If the censor can identify circumvention traffic, it has salmon swimming upstream must hop up small water- no reason to bother attacking the distribution mecha- falls, and might briefly fall backwards, users need to nism. Both the fingerprinting problem and its solutions advance up the trust levels. As a bonus, ‘salmon’ can are generic to most circumvention systems. be translated to Persian as ‘free (as in freedom) fish’! 2.2 Problem statement 2 Salmon Salmon is built to solve a single deceptively simple prob- lem. We are in possession of some sensitive information 2.1 Threat model that we wish to distribute to a large group of users, most of whom are strangers to us. Mixed in among those users We assume that the censor is a branch of a national gov- are agents of an adversary — in our case, the censor. The ernment, able to take full control of any router or server adversary can use the secret information to damage us, inside the country. We also assume that the censor is and so tries to learn as much as possible. When the content to merely block access, rather than seek out adversary inflicts that damage, the fact that they have and arrest those who attempt to access forbidden ma- learned the information is revealed to us. However, we terial. If the government did decide to carry out large- do not know how they learned it. scale arrests against our users, they could easily do so In terms of censorship circumvention, we have: by contributing many servers to our system as honey- – We want to give proxy server IP addresses to any pots, and recording the users they receive. There is no interested user living under censorship. good solution to this problem, short of manually verify- – The censor’s employees can pose as ordinary users. ing server volunteers. Even using onion routing will not – A censor can choose to block any proxy it discovers. prevent the censor from observing that specific citizens – Such a block reveals to us that the censor somehow are evading censorship. learned there was a proxy server at that address. We assume the censor can employ large amounts of human labor. A task that requires tens or hundreds This problem’s difficulty comes from the requirement to of full-time employees is within the capabilities of our keep the system open to all potential users, combined censor. The Chinese government already has a much with censors’ ability to behave identically to good users larger force monitoring posts on Chinese social media for as long as they wish. In fact, it’s clear from these two sites such as Weibo and Renren [1]. facts that a perfect solution — one that keeps all servers In summary, we assume: from being blocked — is impossible: until the censor – The censor has enough employees to perform labor- blocks a server, its agents can remain indistinguishable intensive tasks, such as examining a list of servers. from good users. – Our users are not personally targeted by the censor. Salmon: Robust Proxy Distribution for Censorship Circumvention 6 20000 Level 6 14000 Level 6 Level 5 Level 5 12000 15000 Level 4 Level 4 Level 3 Level 3 10000 Level 2 Level 2 Level 1 8000 Level 1 10000 Level 0 Level 0 Users Users 6000 5000 4000 2000 0 0 40 60 80 100 120 140 0 20 40 60 80 100 Time (days) Time (days) Fig. 1. Evolution over time of the proportions of users in different Fig. 2. Similar to fig. 1, but the system launches with 20 special trust levels. Every day, for every 30 users, one new user enters the users (friends of the administrators), who are considered to be system at level 0. above the trust hierarchy, and can recommend one level 6 user per day. Level 6 users recommend one level 5 user every four weeks.
Load more

Recommended publications
  • Arxiv:1907.07120V1 [Cs.CY] 16 Jul 2019 1 Introduction That China Hindered Access to I2P by Poisoning DNS Resolu- Tions of the I2P Homepage and Three Reseed Servers
    Measuring I2P Censorship at a Global Scale Nguyen Phong Hoang Sadie Doreen Michalis Polychronakis Stony Brook University The Invisible Internet Project Stony Brook University Abstract required flexibility for conducting fine-grained measurements on demand. We demonstrate these benefits by conducting an The prevalence of Internet censorship has prompted the in-depth investigation of the extent to which the I2P (invis- creation of several measurement platforms for monitoring ible Internet project) anonymity network is blocked across filtering activities. An important challenge faced by these different countries. platforms revolves around the trade-off between depth of mea- Due to the prevalence of Internet censorship and online surement and breadth of coverage. In this paper, we present surveillance in recent years [7, 34, 62], many pro-privacy and an opportunistic censorship measurement infrastructure built censorship circumvention tools, such as proxy servers, virtual on top of a network of distributed VPN servers run by vol- private networks (VPN), and anonymity networks have been unteers, which we used to measure the extent to which the developed. Among these tools, Tor [23] (based on onion rout- I2P anonymity network is blocked around the world. This ing [39,71]) and I2P [85] (based on garlic routing [24,25,33]) infrastructure provides us with not only numerous and ge- are widely used by privacy-conscious and censored users, as ographically diverse vantage points, but also the ability to they provide a higher level of privacy and anonymity [42]. conduct in-depth measurements across all levels of the net- In response, censors often hinder access to these services work stack.
    [Show full text]
  • Implementation Single Account Pdc Vpn Based on Ldap
    IMPLEMENTATION SINGLE ACCOUNT PDC VPN BASED ON LDAP Gregorius Hendita Artha Kusuma Teknik Informatika, Fakultas Teknik Universitas Pancasila [email protected] Abstrak Data is an important for the company. Centralized data storage to facilitate users for accessing data in the company. Data will be stored centrally with PDC (Primary Domain Controller). Build communicate between head office and branch office requires high cost for each connection is not enough to ensure safety and security of data. Exchange data between head office and branch office should be kept confidential. VPN (Virtual Private Network) makes communication more efficient, not only the cost affordable that connection, security and safety will be the primary facility of VPN (Virtual Private Network). Service were established in the system will be integrated using LDAP (Lightweight Directory Access Protocol) to create a single account in each services such as PDC (Primary Domain Controller) and VPN (Virtual Private Network). The purposes of this final project to design and implementation a system centralized data storage and build communicate between head office and branch office are integrated with LDAP (Lighweight Active Directory Protocol). Hopefully this system can give more advantage to each network users. Keyword: PDC, VPN, LDAP, Single Account. I. Introduction previous workstations. To support the performance of the employees of the company of course has a Centralized data storage makes it easy for users variety of network services are formed in it such as to access data. many companies need a ftp, mail server, file sharing etc. These services of centralized storage system, because the data is course have their respective accounts.
    [Show full text]
  • Applications Log Viewer
    4/1/2017 Sophos Applications Log Viewer MONITOR & ANALYZE Control Center Application List Application Filter Traffic Shaping Default Current Activities Reports Diagnostics Name * Mike App Filter PROTECT Description Based on Block filter avoidance apps Firewall Intrusion Prevention Web Enable Micro App Discovery Applications Wireless Email Web Server Advanced Threat CONFIGURE Application Application Filter Criteria Schedule Action VPN Network Category = Infrastructure, Netw... Routing Risk = 1-Very Low, 2- FTPS-Data, FTP-DataTransfer, FTP-Control, FTP Delete Request, FTP Upload Request, FTP Base, Low, 4... All the Allow Authentication FTPS, FTP Download Request Characteristics = Prone Time to misuse, Tra... System Services Technology = Client Server, Netwo... SYSTEM Profiles Category = File Transfer, Hosts and Services Confe... Risk = 3-Medium Administration All the TeamViewer Conferencing, TeamViewer FileTransfer Characteristics = Time Allow Excessive Bandwidth,... Backup & Firmware Technology = Client Server Certificates Save Cancel https://192.168.110.3:4444/webconsole/webpages/index.jsp#71826 1/4 4/1/2017 Sophos Application Application Filter Criteria Schedule Action Applications Log Viewer Facebook Applications, Docstoc Website, Facebook Plugin, MySpace Website, MySpace.cn Website, Twitter Website, Facebook Website, Bebo Website, Classmates Website, LinkedIN Compose Webmail, Digg Web Login, Flickr Website, Flickr Web Upload, Friendfeed Web Login, MONITOR & ANALYZE Hootsuite Web Login, Friendster Web Login, Hi5 Website, Facebook Video
    [Show full text]
  • 106-Atvar Jattana.Cdr
    Research Paper Engineering E-ISSN No : 2454-9916 | Volume : 3 | Issue : 5 | May 2017 VPNBROADBANDLANSHARINGWITHWI-FINANOBASED USBADAPTER Atvar Singh 1 | C.Er. Harisharan Aggarwal 2 1 Department of Electronics and Communication Engg., Guru Gobind Singh College Of Engg. & Technology, Guru kashi University, Talwandi sabo, Bathinda, Punjab, India. 2 HOD, Department of Electronics and Communication Engg., Guru Gobind Singh College Of Engg. & Technology, Guru kashi University, Talwandi sabo, Bathinda, Punjab, India ABSTRACT Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN (wimax) technology to enable remote users to securely connect to a private network. Many corporations are very seriously concerned about VPN security of networks. In this regards, the VPN (wimax) modem and antenna standard was developed to the standard address the security problems, no doubts virtual private networking is famous for good security for the clients past few years. But VPN Broadband connection is a major problem not make a multiuser clients, because it is a single user. In the thesis work ,VPN (wimax) broadband internet connect through Wi-Fi on android mobile with the help of nano technology based mini adapter clients sharing a broadband LAN also we make with the help of nano adapter make a multiuser KEYWORDS: Wimax antenna, Broadband VPN, Nano mini adapter(IEEE 802.11) I. INTRODUCTION Service (QOS) management over the Internet can cause packet loss and other per- A Virtual private network (VPN) extends a private network across a public net- formance issues.
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • 3. Security and Reliability
    3. Security and Reliability 3.1. Excellent Security and Reliability, Superior to Hardware You might have a question that whether SoftEther VPN is really secure as same as hardware VPN products or not. Someone might think that software VPNs is inferior to hardware VPNs. Of course, SoftEther VPN is implemented as a software code, not hardware as either specific integrated circuit. But it is absolutely correct that SoftEther VPN has an adequate security fulfillment as same as hardware's one, and moreover it might be superior to hardware VPN. What is Hardware VPN Products? Please see the fact that almost all hardware VPNs on the today's market is not a pure hardware. They are nearly software program, actually. Do you have any experience to open the top cover of any Cisco Router? You can see that inside devices on the Cisco Router is almost same as today's computer. The major differences are only the architecture of CPU. To reduce the manufacturing cost, Cisco and other VPN vendors adopts cheaper CPU than computers, such as MIPS, ARM and PowerPC. Anything more important differences are there between a desktop computer and a hardware VPN router. And you can analyze the inside mechanism of Cisco Router by some information leaked from the Internet or books. Cisco VPN Router and other manufacturer's router are running the software operating system on their device. On the operating system, the routing and VPN session-managing software is also working to process VPN communication. Virtually almost all important processes are implemented as software, not as hardware, on the existing hardware VPN products in the today market.
    [Show full text]
  • Fortigate Ipsec Vpn Certificate Authentication
    Fortigate Ipsec Vpn Certificate Authentication When Moore contour his blunderbusses sops not round-the-clock enough, is Marilu bigger? Unsearchable Jodie halts sympodially, he domineers his washerman very patrimonially. Sutton often eavesdrop discretionally when curly Anatol unwreathe apparently and unsteadies her hammerlocks. Once you see System is resetting to factory default, you can release the button. The remote gateway can be: A static IP address; A domain name with a dynamic IP address; A dialup client. Virtual private networks are known to be reliable, easy to use, and great for protecting your online activity. Svc closing connection still show you are simple really that fortigates can type the vpn fortigate ipsec certificate authentication for. Microsoft is doing some spring cleaning with its Edge browser. VPN tunnel is configured to be permanent. Enter in windows vpn certificate to work? Before you dive into the steps below, make sure you have followed this core Always On VPN setup guide. Review this topic for more information about what it is and why you should use it for your VPN connections. Be sure to disconnect the VPN when it is no longer in use. Note: IPsec tunnels between peers never traverse the Cloud. If you have only one compatible user type in the license file, your members will be assigned that user type. Send a packet from the remote system. Windows, Linux and Android. VNI of VXLAN tunnel. Security features and privacy features are not the same when we talk about a virtual private network. No more issues with Lag, Ping, Packet Loss and Jitter.
    [Show full text]
  • List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
    List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services.
    [Show full text]
  • Supported Software
    The following table identifies the log types that the Binary Defense SIEM supports out of the box. SUPPORTED SOFTWARE Vendor Supported Software A10 Thunder WAF Abas ERP Abas Accellion Kiteworks Actiontec Verizon FIOS router Adtran NetVanta Aerohive Networks Wireless Access Point Alcatel Arista Switch AlienVault Agent | Availability-Monitoring | HIDS | Monit | Monitor |Netflow Alerts | NIDS | Nmap Hosts | Nmap Monitor | OCS Monitor | Ping Monitor | Post-Correlation | TCPTrack Monitor | USBdev | User Activity | Whois Monitor | WMI Application Logger | WMI Monitor | WMI Security Logger | WMI System Logger Allot Communications NetEnforcer Amun Amun Honeypot Anti-Spam SMTP Proxy Anti-Spam SMTP Proxy Apache Software Foundation Apache HTTP Server | OpenLDAP | SpamAssassin | Tomcat | Apple AirPort Extreme | OS-X AQTRONiX WebKnight Arbor Networks Pravail APS Arista Switches Arpalert Arpalert Array Networks Secure Access Gateway Artemisa Artemisa Honeypot Artica Proxy Aruba Networks Airwave | ClearPass | Mobility Access Switches | Wireless Asterisk VoIP AsusTek Wireless Router Automatic Software Solutions HoneyBOT Automation Access Tarantella Avast Free Antivirus Avaya Media Gateway | VSP switches | Wireless LAN Barracuda Link Balancer | Next Gen Firewall | Spam Firewall | SSL VPN | Web Application Firewall | Web Filter Binary Defense Artillery Honeypot Bitdefender GravityZone Blackboard Learn Blue Coat PacketShaper | ProxySG Bomgar Remote Support and Privileged Access Bro Bro NSM Broadweb IPS-Netkeeper | Netkeeper NIDS Brocade Brocade Devices
    [Show full text]
  • Master's Thesis Template
    DEGREE PROGRAMME IN WIRELESS COMMUNICATIONS ENGINEERING MASTER’S THESIS Wireless Backhaul in Future Cellular Communication Author Munim Morshed Supervisor Mika Ylianttila Second Examiner Jari Iinatti (Technical Advisor Jaakko Leinonen) August 2018 Morshed Munim. (2018) Wireless Backhaul for Future Cellular Communication. University of Oulu, Degree Programme in Wireless Communications Engineering. Master’s Thesis, 64 p. ABSTRACT In 5G technology, huge number of connected devices are needed to be considered where the expected throughput is also very ambitious. Capacity is needed and thus used frequencies are expected to get higher (above 6 GHz even up to 80 GHz), the Cell size getting smaller and number of cells arising significantly. Therefore, it is expected that wireless backhaul will be one option for Network operators to deliver capacity and coverage for high subscriber density areas with reduced cost. Wireless backhaul optimization, performance and scalability will be on the critical path on such cellular system. This master’s thesis work includes connecting a base station by using the wireless backhaul by introducing a VPN in the proposed network. We find the bottleneck and its solution. The network is using 3.5 GHz wireless link instead of LAN wire for backhaul link between the EnodeB and the core network (OpenEPC). LTE TDD band 42 acting as a Wireless Backhaul (Link between EnodeB and Band 42 CPE Router). The status and attachment procedure are observed from different nodes of the openEPC and from the VPN machine. Step by step we have established a tunnel between the CPE device and the VPN server using PPTP and L2TP with IPSec tunneling protocol.
    [Show full text]
  • Banet-Adblock-2015.Pdf
    BA.NET ADBLOCK ADMINISTRATOR MANUAL ADBLOCK AND WEB SECURITY BA.NET MANAGED NETWORK ADMINISTRATOR MANUAL (c) BA.net/Adblock - May 2015 1 BA.NET ADBLOCK ADMINISTRATOR MANUAL AdBlock Filter Server Administrator Manual (c) ba.net [email protected] Chapter 3, 4 and 5 and portions of other chapters part of Linux HowTo´s and Linux Guides copyright Linux Documentation Project LDP. The optional FlashBoot Software Appliance contains software provided by GNU/Linux, Slackware and other providers covered by the GNU General Public License. 2 BA.NET ADBLOCK ADMINISTRATOR MANUAL 1 Introduction ...................................................................................................................... 9 1.1.1 AdBlock BA.net ................................................................................................. 9 1.1.2 Configure AdBlock DNS for iPhone, iPad .................................................... 9 1.2 Setting up AdBlock BA.net on Android devices ............................................... 10 1.3 Configure DSL or Wireless router settings ........................................................ 10 1.3.1 Configure AdBlock DNS for Mac OS X, Windows, or Linux .................... 12 1.4 Works with Safari. Any Web Browser / Any Platform ...................................... 14 1.4.1.1 User Benefits ............................................................................................ 14 1.4.1.2 Multi Device .............................................................................................. 14 1.4.1.3 Block
    [Show full text]
  • Openvpn with Mikrotik Routerboard Anthony, Duong Nguyen Sales Director Mobile: +84 9 7117 5115 – Email: [email protected] About Us Our Company
    OpenVPN with Mikrotik RouterBOARD Anthony, Duong Nguyen Sales Director Mobile: +84 9 7117 5115 – Email: [email protected] About Us Our Company Company Name: AD.TEK Joint Stock Company Brand name: Advanced Networks Technology Head quarter: No.9 Building 10, Lane 95 Chua Boc st., Dong Da dist., Hanoi Founded: November 2010 Resources: 30+ employees with 10+ Technical engineers Business: Datacenter and Enterprise Network solutions and products distribution Contact: [email protected] www.adtek.vn Hanoi Ho Chi Minh City Nha Trang City 45/140 Khuat Duy Tien st. 26F/11 Le Quoc Hung st. 25 Nguyen Van Bay st. Thanh Xuan, Hanoi Ward 12, Dist. 4, HCMC. Phuoc Long, Nha Trang Hotline: +84 98 672 8080 Hotline: +84 98 652 8080 Hotline: +84 97 235 8080 Our Solutions DataCenter: Cable Routing & Pathway system, Structured Cabling System, Network infrastructure, Network Routing & Switching, Cloud Storage, DCIM, UPS, Rack & Cabinet Enterprise: Structured Cabling system, Routing & Switching, Server & Storage, Security, Wireless Solution, Video Surveillance, UPS, Rack & Cabinet Wireless: Carrier grade Wireless PTP, PMP, Wifi Access Point, Hotspot & Billing solutions Our Vertical Market Healthcare Education Technology Finance Gov./Defense Our Partners OpenVPN with Mikrotik RouterOS Challenges Corporate with Head Quarter and multiple branch/offices need to sharing data between sites Corporate with mobile users working out of office and connect to Private/Local Applications system Central managed for IT networking equipments/devices from HQ. Over budget for leasedline/MPLS VPN from ISP. Prerequisites Equipments HQ networks (LAN, Servers) and Mikrotik Gateway router Branch networks with Mikrotik Gateway router Technical skill Networking basic: TCP/IP, NAT, IPSec, VPN, SSL knowledge based RouterOS features, Webfig/Winbox, RouterOS CLI What is OpenVPN? Open Source software application implements VPN (virtual private network) for creating secure point-to-point or site-to-site connection.
    [Show full text]