Home security with vpn’s and ipcameras Ryne Purcell Eastern Kentucky University Department of Technology NET Program
OUTLINE • Overview of topic • What is needed to create a VPN • IP Camera overview and configuration • Server overview and configuration • Client setup • Perimeter defense • Intended and actual outcome • Conclusion
PROBLEM STATEMENT • Increasing number of high priced items in the home • Need of a cheaper and effective security alternative
Assumptions • Has a desktop with the ability to run a server platform (Hardware & Software). • Has a fast enough internet connection. • Has control over both ends of connection (Router and Firewall). • User has a Gmail account.
Overview of topic • Use a Point-to-Point Transfer Protocol (PPTP) VPN to gain access to the internal network. • Gain access to server computer’s shared folder and control IP camera. • Snapshots sent to e-mail taken by camera. • All done from outside apartment or home.
Parts list • Server • MSI Mainboard (Micro-ATX) • 1TB Western Digital 3.5” Hard Drive • Intel Core i5 Processor/4 Cores/3.30 GHz • 8GB DDR3 1333 DRAM (Crucial) • NVIDIA GeForce GT 430 1024MB DDR3 Graphics • Rosewill PCI-Express Gigabit Ethernet Card • Samsung 22” Widescreen LCD • 180 Day Free Trial Microsoft Server 2008 R2 • Partition Editor (Parted Magic) • Free • IP Camera • <$40 • Perimeter Defense (Untangle) • Free • Router (Netgear WGR614v10) • <$40 • Total cost roughly around $1,200.
Perimeter defense • Untangle Perimeter Defense Server • Runs on limited resources • 80 GB Hard Drive • 1 GHz processer • 512 MB RAM (Minimum – not preferred) • Very powerful plug and play firewall • Easy rack snap-ins range from anti-virus and malware to generated reports.
Ip camera overview and configuration • Install software for initial setup. • Power up and connect with an Ethernet cable to the network. • Set a static IP for the Camera inside the router’s DHCP scope range. • Log in and create a username and password. • Set up preferred settings (Motion Detection, snapshot on detection, record on detection, alarm, etc.). • Set up SMTP e-mail settings with Google’s Gmail.
Server overview and configuration • Install Microsoft Server 2008 R2 onto second partition for a dual boot option. • Once installed apply protection with anti-virus and firewall. • Set a Static IP address on the External NIC. • Good idea to install Windows Server Backup under the Features snap-in.
Server overview and configuration (Continued) • Install and configure the required roles for PPTP VPN • Active Directory Domain Services • DNS • File Services • Create shared file to access snapshots and recordings. • Network Policy and Access Services • Make sure to configure Routing and Remote Access Services inside of NPAS role. • Web Server (IIS)
Client Setup • On your client laptop or desktop go into Network and Sharing Center and set up a new connection or network. • Select “connect to a workplace” and then select “use my Internet connection (VPN). • Next enter the Internet address of your network. • This will typically be the WLAN address given to your router from you ISP. • Then enter your user name and password in which you have created on your server inside the Active Directory. Connect!
Intended and actual outcome • Intended Outcome Use SSTP VPN to gain access to internal server’s shared folder and control IP Camera. Have camera save recordings and snapshots to shared folder on server. Use Google’s SMTP server to send camera’s snapshots to e-mail on Yahoo account.
Intended and actual outcome (continued) • Actual Outcome Everything in the intended outcome with the exception of the SSTP VPN. PPTP VPN was used here because of simplicity and the fact that the certificates for the SSTP VPN were not working properly. Everything else went as planned.
conclusion • Gained tons of information on Windows Servers, not just Server 2008 R2 • Learned a lot about Virtual Private Networks, specifically PPTP and SSTP, and the pros and cons of each as well as how to set them up • Learned you can use Google’s SMTP Server as a man in the middle.
References • Combs, K. (Performer) (n.d.). Technet webcast: 24 hours of windows server 2008. Technet Webcast. [Video podcast]. Retrieved from https://msevents.microsoft.com/CUI/WebCastRegistrationConfirmation.aspx?culture=en-US&RegistrationID=1310844671&Validate=false • Configure and use your windows 7 remote access. (2011, January 16). Brickhouse Labs. [Video podcast]. Retrieved from http://www.youtube.com/watch?v=CL8NuI9C01M • Ryan, G. (Performer), & Snow, J. (Performer) (2009, June 4). New backup features in windows server 2008 r2. TechNet Edge. [Video podcast]. Retrieved from http://technet.microsoft.com/en-us/edge/Video/ff710824
References (Continued) • Waggoner, R. (Performer) (2009, March 26). Dual boot between windows xp and windows 7. TechNet Edge. [Video podcast]. Retrieved from http://technet.microsoft.com/en-us/edge/Video/ff710733 • Hester, M., & Henley, C. (2010). Windows server 2008 r2 administration. (pp. 420-455). Indianapolis, IN: Wiley Publishing, Inc. • Untangle server user's guide. (n.d.). Retrieved March 22, 2012 from: http://wiki.untangle.com/index.php/Untangle_Server_User's_Guide
References (Continued) • Technet. (2007, Dec 08). Retrieved from http://technet.microsoft.com/en-us/library/cc731352.aspx • Technet. (2005, Apr 15). Retrieved from http://technet.microsoft.com/en-us/library/cc758271%28v=WS.10%29.aspx • Shinder, T. (2008, Januar 30). Windowssecurity.com. Retrieved from http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part1.html
References (Continued) • Shinder, T. (2008, Januar 30). Windowssecurity.com. Retrieved from http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part2.html • Shinder, T. (2008, Januar 30). Windowssecurity.com. Retrieved from http://www.windowsecurity.com/articles/configuring-windows-server-2008-remote-access-ssl-vpn-server-part3.html • Long, P. (2009, October 11). Set up remote access pptpvpn's in server 2008 . Retrieved from http://www.petenetlive.com/KB/Article/0000103.htm • Untangle image retrieved from: http://www.thebuzzmedia.com/untangle-offers-vpn-snort-firewall-and-much-more/
References (Continued) • Garcia, P. (2010, September 28). Remote access your home computer - setup a vpn with dd-wrt. Retrieved from http://geekyprojects.com/vpn/remote-access-your-home-computer-setup-a-vpn-with-dd-wrt/ • Shinder, D., & Shinder, T. (2005, September 1). Ten things you should know about troubleshooting vpn connections. Retrieved from http://www.techrepublic.com/article/ten-things-you-should-know-about-troubleshooting-vpn-connections/5845666 • Trapani, G. (2005, July 05). Lifehacker.com. Retrieved from http://lifehacker.com/111166/how-to-use-gmail-as-your-smtp-server
Acknowledgements • Professor Vigyan Chandra: Leading the way. • Professor Jeff Kilgore: Knowledgeable input and the use of a standalone PC for Untangled perimeter defense server. • Stephen Riddle and Zach Craig: Peer advising and insight. • For all those people who posted in the Technet and Windows forums that helped me through this project.