How do you install your own 'data cloud' ?

The expression 'data cloud' is a synonym for an Ethernet hard disk drive within a computer network which can be addressed from outside via an external static IP address. Big data volumes of any kind can be outsourced and retrieved with several, different computer systems. In the simplest case the Ethernet drive is connected to the router with an Ethernet cable. Let us assume that the default gateway of the router is 192.168.100.1. In the settings of the router we assign the Ethernet hard disk drive, for example, the local IP 192.168.100.115. Since devices within a local network normally have different functions, which are grouped in ranges of port addresses, the port addresses of the drive have also to be deposited in the router. Reading, writing and controlling a hard disk drive are characterized with the port addresses 20 and 21. In addition, the port address 80 must be used in order to define the hard disk drive as default file server. Summarized, the local IP address 192.168.100.115, the LAN port addresses 20,21,80 and public port addresses 20,21,80 are entered in the router. In case several Ethernet hard disk drives are in one network, each drive has to be additionally labelled with an individual public port address, for example, a port address between 8000 and 8888. In the above case the public ports 20,21,80 of the first drive have to be changed to 20,21,8234. The port address 8234 is arbitrarily selected. This data setting doesn't include a secure data transfer between an external laptop and the local network. Hackers could intercept the data transfer and read the data in plaintext. For an encrypted data transfer the router and the drive need additional trust worthy transfer properties. A secure data tunnel between the external laptop and the drive can be achieved with a SFTP (Secure File Transfer Protocol) and a SSH (Secure Shell) software, which has to be installed on the laptop. Router and drive must be able to handle the software. An encrypted data transfer can now be selected for a second Ethernet hard disk drive with the local IP 192.168.100.116, the LAN ports 22,80 and the public ports 22,8235. The port address 22 assures with SFTP and SSH the encrypted data transfer. An external static IP address e.g. 80.156.86.78 and one particular public port address, in our case 8234 or 8235, are combined together to a socket address. The socket addresses for the Ethernet hard disk drives are written in the form 80.156.86.78:8234 and 80.156.86.78:8235. The router can now identify the 2 drives within your private local network as file server. Although the entrance of each Ethernet hard disk drive is secured with username and password, only the second drive allows an encrypted data transfer.

The following table summarizes the most important data of the 2 drives for the router:

router settings hard disk drive 1 hard disk drive 2
secure data transfer no with SFTP and SSH
external IP 80.156.86.78 80.156.86.78
local IP 192.168.100.115 192.168.100.116
socket address 80.156.86.78:8234 80.156.86.78:8235
LAN ports 20,21,80 22,80
public ports 20.21,8234 22,8235

In the next step the settings of the drives are discussed.

Most commercial Ethernet hard disk drives are equipped with a variety of additional features which aren’t necessarily important for the first start up so that one could lose easily the overview of the installation. Therefore, it is recommended to focus the setup to the access data of the Ethernet hard disk drive, the data for the device manager, and the data for the file browser. The access data are username, password and possibly your email address. The data for the device manager are the network settings, and you might have to activate the file transfer protocols (FTP or SFTP). Finally, the file names of the shares have to be written down in the file browser. That’s all what we need at first.

For the test of the installation we need an external static IP address of the World Wide Web to the router from a net provider. How the further access is carried out will be demonstrated with the static IP address 80.156.86.78. (This IP address is only illustrative, it isn’t really activated for this purpose). The access to the drive with an external static IP is feasible from any point of the world with a laptop, a tablet or a mobile phone. The up- and downloading can be done via an internet browser or a FTP client. The second way is the better one for frequent accesses, since the necessary input data can be stored in an editable mask of the FTP client. The program ‘FileZilla’ can be recommended as FTP client for Windows operating systems, and for Android operating systems the app ‘AndFTP’ from Google's Play Store.

The login data using an internet browser or a FTP client are slightly different: Using an internet browser, the socket address is entered first as http://80.156.86.78:8234, respectively for the second drive, http://80.156.86.78:8235. It pops up a window for the login data to the hard disk drive. After the input of username and password the top data level of the drive is opened. Using a FTP client, you only write once the login data in an editable mask. After that, you press only one button for the login. The input data are: Coming from the intranet, use as server or hostname the local IP address 192.168.100.115 or 192.168.100.116, respectively, coming from the internet, use the external IP address 80.156.86.78. After that, activate the type of file transfer protocol (FTP, SFTP or FTPS), the standard port address 21, respectively, 22 and finally the top file name of the file browser. These data together with username and password are stored in the FTP client. In this case the socket addresses aren’t used in the FTP client since the different Ethernet drives are defined within the router and the FTP client with their standard port addresses 21 and 22. The login data as plaintext are a weak point of the system, especially in case of using an internet browser, since the login data can be intercepted by hackers. The FTP client offers advantages when username and password are retrieved from the previously editable mask via the SFTP protocol. Username and password should only be transported through an encrypted data tunnel or another secure shell, which had been set up in forehand. For Windows, Android and other operating systems, the 'openVPN' software offers security benefits for a save entrance to the Ethernet hard disk drive. Unfortunately, not all routes and networks allow VPN (Virtual Private Network) applications. How does the application of VPN (Virtual Private Network) work? It creates a secured data tunnel from a starting point to an end point that cannot be attacked from outside. The starting point of the data tunnel is generally an external PC, a laptop or a mobile phone. The end point is typically the router with its network clients, such as an Ethernet hard disk drive, a printer, a scanner, a fax machine, a telephone, or a network camera. The network clients are controlled within the local network with the router. A public network (LAN, WLAN, or cellular network) can be used for a VPN connection between the starting point and the end point. A specific certificate is used for the communication, which contains not only the network data but also the encryption codes, thus creating a secure data tunnel. The devices within the local network, including the routers, are addressed from outside with their local IP address, as if the external device had been integrated in the local network. The VPN communication technique shall not be discussed here in detail, it would go beyond the scope of this description, never the less, the application is recommended in case matching network functions are available.

If the net provider and your router support the internet telephony, you could also call from abroad through the VPN tunnel as if it were a local phone call from at home. In other words: You call with tariff fares which are valid in your homeland provided you have a free WLAN network abroad. Vice versa, you are called at home and you answer the phone from abroad in a free WLAN network without any additional costs. For the installation of openVPN on the router, the laptop or mobile phone specialized knowledge of the VPN communication technique is required.

The advantage of using a SFTP client is that the ‘data cloud’ is protected within the local network against the interception of your data and foreign data storages. In addition to this secure data transmission you could encrypt your messages in advance with a public and a private key. Many program versions are available; the more popular these are the more interesting are these for hackers. The application of a little-known program seems to be an advantage, as the one under the link here. The version V 3 of the cryptograph is the safest.

An alternative for using a static IP address is a dynDNS client. It is an internet service which allows setting up a privately defined host name as a pseudonym for a static IP address. This service performs the task that the server always responses to the same private host name even in case no predefined IP address for the file server is available. By buying an Ethernet hard disk drive, many manufacturers offer a corresponding software service.

I hope these explanations are stimulating you to create your own ‘data cloud’ since we never know what happens with stored data on a so called free cloud. It happened and it might happen again that in a free cloud the data are suddenly lost or encoded, and the owner of the data cannot read them anymore. However, the connection of the Ethernet hard disk drive with the internet contains also risks. Additional free software of the drive manufacturer might detect the user’s application behaviour for third party information, although this is forbidden in many countries. You might be forced to accept a public share folder which cannot be deleted but only shared with a public community using the same branded drive. Why does the drive manufacturer want to know an email address with each new share folder, even though, you don’t use the dynDNS-service of the manufacturer? Be cautious, test the new drive with less important files, play around a bit and find out how everything works. After that, you will know more about the function of the drive. Answer for yourself the questions: How should the file structure look like and what is really needed to keep everything save? For the final installation you should reset the Ethernet hard disk drive again. The advantage of one’s own ‘data cloud’ is that you can open it without an internet connection from your local computer network at home and simply switch it off for whatever reason. No cloud means, the sky is blue and you can enjoy the sunshine and the clear horizon!



Copyright © : Dr. Günter R. Langecker

Langecker@a1.net

Date: May 2016