Articles about networks (network security, MyCrypNet…)
Windows® has a feature that allows one or more folders to be shared with computers on the local network. It is also possible to use this function with your MyCrypNet network to perform secure, simple and fast exchanges between your different machines.
It is based on SMB.
We’ll see the different configuration steps to perform.
If you want more general informations on how does a file sharing works or how to install it on other operating systems, check this article.
You need to have a MyCrypNet network set up. Check this help page in order to create one.
Step 1/4: Configure the firewall
In its default configuration, the Windows® integrated firewall does not allow file sharing connections. It must therefore be configured.
You have to go to the “Control Panel” then “System and Security” and finally in the “Windows Defender Firewall” section: “Allow an app through Windows Firewall”.
In order to modify the parameters, click on “Change settings”.
Find the “File and Printer Sharing” item in the list and check the box in the “Private” column.
Confirm the setting with “OK”.
If you want the technical informations for MyCrypNet, take a look here.
The client software needs the following files:
- a key/certificate duo (vpn.key/vpn.cert) signed with our certification authority set for OpenVPN, it is specific to each subscribed MyCrypNet access. It is a SSL compatible format working with the asymmetric algorithm RSA.
- A configuration file (MyCrypNet.conf or MyCrypNet.ovpn), common to all users and client softwares but different according to operating systems (Mac OS®, Windows®, Android™, IOS®, Linux®). This file contains a dissipation key that acts against DDOS attacks. It also contains the public certificate of our certification authority, common to all clients and the server, also based on RSA. The key corresponding to that certificate is stored protected and never communicated to the rest of the infrastructure, it is used to sign clients and servers certificates.
Handshake (authentication and session)
This process provides the opening of a VPN session or the renegotiation of it, at least per hour.
- The client software sends a packet with TLS headers signed with the dissipation key to the server trying to connect (SSL/TLS authentication).
- The server accepts or rejects it according to the validity of the dissipation key signature, reducing DDOS attacks risks. The TLS headers being light to generate, it provides a performant first authentication.
- The client software sends its certificate to the server.
- The server checks the certificate signature comparing it to the public certificate of the certification authority that it possesses and a crl (certificate revocation list) generated by the certification authority (currently internal but publishable in the future in order to invalidate servers with the client software).
- If the signature is right, the server sends its certificate to the client software.
- The client software checks the certificate signature by comparing with the public certificate of the certification authority it possesses (the crl will come later).
- If the signature is right, the client software and the server are sure on their mutual identities (as long as they trust the certification authority).