Professional Documents
Culture Documents
Detyre Kursi Siguri Informacioni Dhe Rrjeta PDF
Detyre Kursi Siguri Informacioni Dhe Rrjeta PDF
DETYRE KURSI
2
Abstrakt
1 OpenVPN - https://en.ikipedia.org/iki/OpenVPN
2 Spotify https://.spotify.com
3
Hyrje
Siguria sht nj ndr problemet m madhore t biznesit n ditt e sotme. Shum kompani
kan hasur thyerje t siguris pr shkak t keqkonfigurimit apo prdorimit t paissjeve t
paazhornuara. Shum nga kto thyerje t siguris mund t ishin shmangur nse kto
kompani do t perdornin nj izolim t rrjetit t tyre t brndshm duke e mbrojtur at nga
rreziqet q i kanosen nga aksesimi i drejtprdrejt nga interneti. VPN vjen n ndihme duke
krijuar tunele lidhjeje pr aksesimin e rrjetitt privat t organizats nga punonjsit e saj n
mnyr t kontrolluar dhe t garantuar. N ditt e sotme VPN po gjen prdorim edhe nga
individt t cilt krkojn t aksesojn prmbajtje t padisponueshme n rajonin e tyre ose
duan t mbrojn privatsin3 duke e enkapsuluar trafikun prmes tunelit VPN.
Permes nj ambjenti t sigurt si CentOS i cil na lejon t mbrojm informacionin pa shum
konfigurim mund t implementojm nj server OpenVPN pr t mbrojtur trafikun e
transmetuar nga paisja jone drejt Internetit dhe e kundrta. Njkohsisht ky tynel VPN
mund t prdoret dhe pr komunikim me miqt dhe persona t tjer me t cilt ndajm
aksesimin e ktij serveri.
Pune te lidhura
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
nga Praveen Likhar mbi sigurimin e trafikut Wi-Fi permes nj lidhje VPN end-to-end.
TRUSTED ROUTING VS. VPN FOR SECURED DATA TRANSFER OVER IP-
NETWORKS/ INTERNET Osuolale mbi sigurine qe jep perdorimi i VPN kundrejt
rrugzimeve te sugurta.
PERFORMANCE INVESTIGATION OF VIRTUAL PRIVATE NETWORKS WITH
DIFFERENT BANDWITH nga Natarajan, Muthiah, & Nachiappanmbi performancn e
nj rrjeti VPN.
3 https://en.ikipedia.org/iki/Net_neutrality
4
Subjekti
Instalimi i Sistemit
Pr instalimin e sistemit operativ u shkarkua imazhi ISO nga faqja zyrtare e prodhuesit
CentOS4. Pas shkarkimit ndrtuam nj VM n Cloud Providerin e zgjedhur Vultr 5. Pr t
kursyer burimet dhe nj eficence sa m t lart t serverit vpn zgjodhm versionin minimal
te CentOS.
CentOS zotron nj procedur shum t thjsht dhe intuitive pr instalimin e sistemit t
operimit duke br t mundur q dhe prdoruesit t cilt vijn nga sistemet e tjara t
4 CentOS https://.centos.org
5 Vultr https://.vultr.com
5
operimit si Microsoft indos, Apple macOS apo Canonical Ubuntu t orientohen
lehtsisht dhe t jen produktiv n pak koh.
Instalimi vijoi si m posht:
3. Prcaktuam Time Zonn n t ciln ndodhet makina virtuale dhe aktivizuam kartn e
rrjetit me domainin perkates
6
Konfigurimi baz i prdoruesit
Gjat instalimit CentOS lejon caktimin e nj passordi pr prdoruesin root dhe krijimin
e nj useri i cili mund t ket akses n nivel administratori ose jo. Duke qn se perdorimi
i userit root nga nj makin remote sht i dekurajuar prdoruesit ton i japim akses
administratori.
export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
7
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="AL"
export KEY_PROVINCE="DU"
export KEY_CITY="Durres"
export KEY_ORG="TeknologjiInformacioni "
export KEY_EMAIL="albi.abdyli@nethex.com"
export KEY_OU="SiguriRrjeti"
export KEY_NAME="albi"
port 11735
#You can use udp or tcp
proto udp
8
# "dev tun" will create a routed IP tunnel.
dev tun
#Certificate Configuration
#ca certificate
ca /etc/openvpn/keys/ca.crt
#Server Certificate
cert /etc/openvpn/keys/server.crt
#Server Key and keep this is secret
key /etc/openvpn/keys/SiguriRrjeti.key
#See the size a dh key in /etc/openvpn/keys/
dh /etc/openvpn/keys/dh2048.pem
#Internal IP will get when already connect
server 192.168.226.0 255.255.255.0
#this line will redirect all traffic through our OpenVPN
push "redirect-gateay def1"
#Provide DNS servers to the client, you can use goolge DNS
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#Enable multiple client to connect with same key
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
log-append /var/log/myvpn/openvpn.log
verb 3
9
$ sudo firewall-cmd --zone=public --add-service=https --permanent
$ sudo firewall-cmd --zone=public --add-service=https
$ sudo firewall-cmd --zone=public --add-port=11735 --permanent
$ sudo firewall-cmd --zone=public --add-port=11735
10
Celesin e gjeneruar e vendosim n ndrfaqen e aksesimit t pritun dhe kryejm llogimin e
par:
11
Testimi dhe Rezultatet
Me konfigurimin ton kemi mundsi t krijojm disa servera t ndryshm pr klient t
ndryshm duke prdorur n mnyr m eficente burimet n gjndje.
Per testim kemi krijuar dy perdorues , nje organizat t lidhur me nj server OpenVPN n
t njejtin host.
~ traceroute www.google.com
traceroute to www.google.com (172.217.22.100), 64 hops max, 52 byte packets
1 192.168.238.1 (192.168.238.1) 65.812 ms 63.357 ms 64.924 ms
2 ***
3 vl199-br1-cer.fkt3.choopa.net (104.207.130.1) 152.143 ms 301.818 ms 172.734 ms
4 xe-11-3-3-30.cr1-fra2.ip4.gtt.net (46.33.81.29) 61.540 ms 61.409 ms 61.702 ms
5 xe-1-0-1.cr3-fra2.ip4.gtt.net (89.149.186.38) 63.075 ms
xe-1-3-0.cr3-fra2.ip4.gtt.net (89.149.183.74) 62.301 ms
xe-1-1-1.cr3-fra2.ip4.gtt.net (89.149.184.86) 61.597 ms
6 72.14.221.74 (72.14.221.74) 62.461 ms 84.878 ms 67.601 ms
7 216.239.58.243 (216.239.58.243) 63.159 ms 62.965 ms
216.239.58.235 (216.239.58.235) 62.346 ms
8 72.14.234.113 (72.14.234.113) 62.114 ms
72.14.234.115 (72.14.234.115) 62.516 ms
12
72.14.234.113 (72.14.234.113) 61.858 ms
9 fra15s18-in-f100.1e100.net (172.217.22.100) 62.081 ms 78.206 ms 61.958 ms
~ ping www.google.com
PING www.google.com (172.217.22.100): 56 data bytes
64 bytes from 172.217.22.100: icmp_seq=0 ttl=53 time=77.634 ms
64 bytes from 172.217.22.100: icmp_seq=1 ttl=53 time=77.367 ms
64 bytes from 172.217.22.100: icmp_seq=2 ttl=53 time=77.909 ms
64 bytes from 172.217.22.100: icmp_seq=3 ttl=53 time=77.142 ms
64 bytes from 172.217.22.100: icmp_seq=4 ttl=53 time=76.324 ms
64 bytes from 172.217.22.100: icmp_seq=5 ttl=53 time=74.956 ms
64 bytes from 172.217.22.100: icmp_seq=6 ttl=53 time=76.859 ms
--- www.google.com ping statistics ---
7 packets transmitted, 7 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 74.956/76.884/77.909/0.922 ms
~ traceroute www.google.com
traceroute to www.google.com (172.217.23.68), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 45.307 ms 2.805 ms 1.850 ms
2 217.21.144.6 (217.21.144.6) 4.255 ms 6.293 ms 5.091 ms
3 217.21.144.29 (217.21.144.29) 5.204 ms 5.708 ms 4.791 ms
4 217.24.245.125 (217.24.245.125) 8.813 ms 8.202 ms 7.758 ms
5 93.186.128.94 (93.186.128.94) 168.631 ms 154.893 ms 136.423 ms
6 100ge1-0-2-51.milano1.mil.seabone.net (195.22.192.188) 163.219 ms 166.983 ms
100ge1-0-2-50.milano1.mil.seabone.net (195.22.196.98) 126.862 ms
7 74.125.51.148 (74.125.51.148) 159.644 ms
72.14.209.236 (72.14.209.236) 38.777 ms
74.125.146.168 (74.125.146.168) 55.008 ms
8 108.170.245.81 (108.170.245.81) 51.403 ms 52.024 ms
108.170.245.65 (108.170.245.65) 38.881 ms
9 108.177.3.77 (108.177.3.77) 41.815 ms 40.776 ms
108.177.3.79 (108.177.3.79) 37.710 ms
10 mil04s22-in-f68.1e100.net (172.217.23.68) 37.279 ms 36.586 ms 38.890 ms
13
~ ping www.google.com
PING www.google.com (172.217.23.68): 56 data bytes
64 bytes from 172.217.23.68: icmp_seq=0 ttl=54 time=36.953 ms
64 bytes from 172.217.23.68: icmp_seq=1 ttl=54 time=49.095 ms
64 bytes from 172.217.23.68: icmp_seq=2 ttl=54 time=39.975 ms
64 bytes from 172.217.23.68: icmp_seq=3 ttl=54 time=37.279 ms
64 bytes from 172.217.23.68: icmp_seq=4 ttl=54 time=37.329 ms
64 bytes from 172.217.23.68: icmp_seq=5 ttl=54 time=37.838 ms
--- www.google.com ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 36.953/39.745/49.095/4.298 ms
Pa VPN Me VPN
14
Konkluzione
Implementimi i VPN nuk wshtw mw njw e mirw vetwm pwr biznesin por edhe pwr
konsumatorwt e thjeshtw. Me njw procedurw disi tw thjeshtw cdokush mund tw
implementojw njw VPN server pa pasur nevojw tw shpenzojw shuma tw mwdha dhe ka
mundwsinw tw mbrojw veten nga monitorimi i ISP dhe tw krijojw kanale tw sigurta
komunikimi pwr veten dhe personat qw ndan kwtw aplikacion. Megjithwse VPN shton
njw shtresw sigurie pwr pwrdoruesin nuk mund tw themi asnjwherw se duke lundruar nw
internet jemi 100% tw mbrojtur nga cdo lloj rreziku qw na kanoset.
Referencat
CentOS. (n.d.). Documentation - CentOS. Retrieved from
https://wiki.centos.org/Documentation
Likhar, P., Yadav, R. S., & M, K. R. (n.d.). SECURING IEEE 802.11G WLAN USING
OPENVPN AND ITS IMPACT ANALYSIS. Bangalore, India.
Natarajan, M. C., Muthiah, R., & Nachiappan, A. (n.d.). Performance Investigation of
Virtual Private Networks with Different Bandwidth Allocations. Tamil Nadu,
India.
OpenVPN. (n.d.). OpenVPN Documentation. Retrieved from
https://openvpn.net/index.php/open-source/documentation.html
Osuolale, T. A. (n.d.). TRUSTED ROUTING VS. VPN FOR SECURED DATA
TRANSFER OVER IP-NETWORKS/ INTERNET. Shwn Petersburg, Rusi.
Pritunl. (n.d.). Pritunl Documentatuion. Retrieved from https://docs.pritunl.com
15