Community Apps & Services 
ClearSDN provides critical updates for many of the ClearOS functions, such as virus and content management. Other cloud based services such as remote server backup and remote VPN are also provided via ClearSDN. Updates are available via subscription and are automatically installed into your ClearOS regularly to keep your system updated with the latest revisions. Read on for more of the innovative ClearSDN features...
Intrusion Detection & Prevention
Remote Security Audit
Remote Resource Monitor
Dynamic/Managed VPN
| Remote Server Backup
Bandwidth Monitor
Dynamic DNS Services
AntiSPAM
AntiVirus
|
Content Filtration Service
Domain Management
ClearSDN Dashboard
|
The Resource Monitor checks the status of your ClearOS network/gateway server on a regular interval and notifies the IT administrator of any event outside pre-determined settings. By monitoring often, anywhere from every 2 minutes to every 3 hours, systems can declare their status and keep an IT administrator informed of any problems. Two types system checks are performed: The port monitor checks the connection to services (for instance, a web server) and notifies of a connection failure and the resource monitor checks system load, disk space, and memory usage and will send an alert as needed.
ClearSDN Antivirus can is both cloud based or locally hosted, depending upon your local needs and requirements. Antivirus service protects against the dangers of virus infected e-mail. By scanning e-mail and comparing them against thousands of known virus and spam patterns, our Antivirus protection stops unwanted e-mail from ever reaching your mail server.
Because ClearOS serves a critical role as a network/gateway server, it is especially important to keep up with the latest bug and security updates. ClearSDN can automatically monitor and update your ClearOS software with the most recent updates. The ClearOS interface can check and provide reports on each element within the system.ClearSDN Topology
The Clear Service Delivery Network (ClearSDN) is comprised of servers that deliver additional advanced features to customers. ClearSDN is based on a distributed network topology and is able to provide services even in the event of a failure of multiple nodes on the ClearSDN. ClearSDN uses encrypted management protocols to communicate with ClearOS servers under management. ClearOS servers use these same encrypted protocols to send updates or request information when required.
Because of the distributed design of the Service Delivery Network, nodes can be added to co-location facilities worldwide with relative ease. This allows ClearCenter / ClearSDN to scale at will to support an increasing number of subscribers and services. Currently there are ClearSDN clusters in London, Toronto, Huston, Dallas, Washington DC, and Orem, Utah. Additional sites are targeted in Provo-Utah, Panama, Hamilton and the Four Corners areas in the US. Stay tuned for additional sites around Europe.
Check back for real-time status information about ClearSDN.
Intrusion Detection-Prevention Update
The advanced intrusion detection system uses a list of over 1500 rules to protect your system. With the Intrusion Detection Updates service activated, your rules are automatically kept up-to-date. Our staff takes the time to ensure the quality of the detection rules on every update. Intrusion detection updates occur at least once a month and when a fast-spreading virus or worm is detected on the Internet.
Requirements
The intrusion detection software module must be installed on your system
The Web Services software module must be running and WebServices management port open on the firewall.
Activation
Login to your accountClick on Network in the top navigation bar
Select the target system from the list of active systems in your account
Click on Intrusion Detection in the menu
Configuration
To enable the Intrusion Detection Update service, simply select on and click on the update button.Status Report
The Intrusion Detection Updates service includes a report of recent updates to your system.Remote Security Audit
ClearSDN can communicate with your local ClearOS server and conduct regular audits to detect errors, software revisions, bugs and irregularities. An automated ClearSDN Security Audit can give you peace of mind knowing that there is a consistent effort to detect and alert problems on the network. Remote Security Audits can also help to ensure compliance obligations are achieved. Requirements
The Web Services software module must be running and firewall openActivation
- Login to your account
- Click on Systems in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on Security Audits in the menu
Configuration
To enable the Security Audits service, simply select on and click on the update button.Status Reports
You will receive an e-mail when the security audit detects a change on your system. If no system changes are detected, you will not receive any reports.How It Works
The goal of the security audit is to pick up clues that typically result from a server being compromised. This can be determined by:- Detecting changes in critical files and directories
- Checking for a change in the number of hidden files and directories
- Monitoring the inventory of setuid/setguids files
- Detecting a change in the number of superuser accounts
- Auditing the number of accounts without passwords
- Connect to your system
- Make sure the audit tools have not been tampered with
- Signal the system to run the audit
- Wait for the audit to complete
- Save a simple hash of the results in our database
Detecting File Changes with Aide
The Security Audit uses Aide (an open source file integrity database) to create a snapshot of important system files. The database contains file permissions, modification times, file size, etc. You can take a look at this database on your machine (usually in /usr/local/suva/suvlets/net/clearcenter/SecurityAudit/db/aide.db).Thankfully, we do not need to store the entire file offline... all we do is compute a hash (a unique identifier) of the file and send this result back to our database. On the next system check, this hash is checked to make sure nothing has tampered with the Aide database.
The Aide software (which is also checked for tampering) can then run its normal audit knowing that the database is intact. Other system checks use the same model.
Give It a Test... Wait at least 24 hours for the security audit to run at least once. You can then "tamper" with one of your system files. For instance run the touch command on /usr/bin/last. (This command simply changes the timestamp on the file). You will receive an alert on the next audit.
System Monitor
The System Monitor checks the status of your gateway/server on a regular interval -- anywhere from every 2 minutes to every 3 hours. If a system problem occurs, an e-mail alert is sent to your inbox or e-mail-enabled pager service. Two types system checks are performed:- The port monitor checks the connection to services (for instance, a web server)
- The resource monitor checks system load, disk space, and memory usage
Requirements
- The Web Services software module must be running and firewall open (resource monitor only)
Activation
- Login to your account
- Click on Systems in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on Port Monitor or Resource Monitor in the menu
Configuration
Port Monitor
In the port monitor section, select the ports that you wish to monitor. The service provides a standard list of ports:- HTTP
- HTTPS
- FTP
- SSH
- TELNET
- SMTP
- SSH
- SUVA
Resource Monitor
The resource monitor checks four resources on your server today (more to come).System Load
Disk usageSwap memory usage
For each of the resources that you would like to monitor, you must i) enable the service and ii) set the threshold level.
System Load Average
The system load monitor tracks the load average over a 5-minute time span. Among other potential issues, this system check catches runaway processes, looping web scripts, and denial of service attacks. A load above 20 is busy, but manageable -- anything over 50 is trouble.Disk Space
The disk space monitor checks the size of each partition and total disk space. (The check ignores your /boot partition and CD-ROM drives).Swap Memory Usage
For speed and efficiency, the Linux operating system maximizes the use of physical memory (RAM) -- if your system has it, Linux will use it! A better indicator of memory usage is swap memory (definition: backing store/swap memory). If you find your swap memory stuck over 50%, you should either turn off unnecessary services or add more memory to your system.Dynamic/Managed VPN
ClearVPN is a managed VPN which is used to connect two or more networks across the Internet using a secure tunnel. ClearVPN is an intelligent, encrypted connection that is easily configured for a variety of environments. One significant advantage is support for dynamic IP addresses. This means that two servers can use public ISP services (with DHCP dynamic IP addresses) and still get a fully secure connection between points. This way you are not required to allocate an IP address for the host VPN server, saving valuable IP addresses for other purposes.Requirements
ClearOS Business or Enterprise 5.0 or higherThe IPSec gateway-to-gateway VPN software module installed on your system
The Web Services software module must be running and firewall open
Activation
The Managed VPN support is always available on registered Office and Enterprise Edition systems. The configuration page displays current settings for the selected system.Configuration
The Managed VPN automatically tracks IP addresses -- no configuration is required.Remote (Off-Site) Server Backup
ClearSDN is designed to provide comprehensive, secure offsite backup of the ClearOS server data. While configuration data backup is provided for every server free of charge, ClearSDN can provide a complete backup of all server data for secure and reliable remote access to all data if selected and turned on. Bandwidth Monitor
The Bandwidth Monitor provides information on the average upload and download speed of your system's Internet connection. The hourly test is a great tool for measuring your Internet provider's quality of service and detecting unauthorized usage. Though there are number of harmless variables that may change your bandwidth, it's a good idea to monitor for dramatic changes so you can assess whether there is a problem on the network.Requirements
The Web Services software module must be running and firewall openActivation
Login to your accountClick on Systems in the top navigation bar
Select the target system from the list of active systems in your account
Click on Bandwidth Monitor in the menu
Configuration
To enable the Bandwidth Monitor service, simply select on and click on the update button. The bandwidth is measured at least once an hour.Status Reports
Sample Report: (coming soon)
Dynamic DNS
Many DSL and cable broadband connections use dynamic IP addresses or cryptic hostnames like CPE0000C0F9AFEB.cpe.net.cable.rogers.com -- not particularly convenient! Once you activate your system, you can map a permanent domain name to your ClearOS system's changing IP address.Activation
- Login to your account
- Click on Systems in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on Network/Dynamic DNS in the menu
Configuration
Enable/Disable
If you have a static IP address, you can disable the Dynamic DNS service by specifying an IP or hostname.Subdomain and Domain
To use the free dynamic DNS service, type a subdomain that you desire and then select a domain from list. The subdomain can be left blank if you have registered your own domain.IP Address
The dynamic DNS system does IP address updates automatically. However, you can manually update the IP address from the configuration page.Personal Domains
If you have registered your own domain in the past or you are considering registering a domain to use with your server, the dynamic DNS service is fully integrated into ClearCenter's Domains and DNS services. If you already own a domain, you'll need to purchase DNS Service. If you need to register a domain, you can do so here.Anti SPAM/Virus
ClearSDN Anti-spam can be cloud based or local depending upon your needs and requirements. Anti-spam service reduces the amount of spam arriving in your mailbox by comparing e-mail against known spam patterns. This can greatly reduce the amount of unwanted email you receive and prevent spam email from introducing malware and viruses onto your computer systems.Requirements
SMTP mail server module must be installed on your systemActivation
- Login to your account
- Click on Systems in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on ASP Antispam in the menu
Configuration
You will see a configuration screen similar to the screenshot below. The domain list displays all domains configured in your account. Select a domain and the number of unique mailboxes on your system; click on the add button. Ensure that the antispam checkbox is active.Status Reports
You will find two reports in the Antispam ASP. If your mail server is offline, mail will start to queue on one or more of our mail scanning servers. You will see the number of queued messages in the Queued Mail report. In addition, an hourly log shows details of scanned mail for your configured domains.
Content Filter Updates
The content filter can be used not only to block inappropriate material, but also to enforce company policies. For instance, blocking personal webmail sites like Hotmail can decrease lost productivity at the office. New sites appear, old sites disappear and current sites move around. By enabling the Content Filter Updates service, you will receive regular updates to the filter lists. The updates are maintained by human editors, not by automated computer "spiders".
Requirements
ClearOS 2.1 or higher must be installed
The content filtering software module must be installed on your system
The Web Services software module must be running and firewall open (help)
Activation
- Login to your account
- Click on Network in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on Content Filter in the menu
Configuration
To enable the Content Filter Updates service, simply select on and click on the update button. The filter lists are updated twice a month.
Status Reports
The Content Filter Updates service includes a report of recent activity on your system.
DNS - Domain Management
All domains registered with or transferred to your account can be updated to ensure the accuracy of information contained in the Whois database. In addition, you can:
- Modify the DNS / name servers associated with your domain
- Enable the domain locking feature to automatically reject any attempts to hijack your domain
- Update domain settings specific to the type of domain (for example .ca)
- Find the domain authorization code (auth code)
Activation
- Login to your account
- Click on DNS in the top navigation bar
- A DNS record summary for each domain name is listed on the summary page. To manage a domain, click on the Edit/Manage <your domain> link below the domain summary (see screenshot).
- On the domain/DNS summary page, you will see an Update link next to the WHOIS field. Click on this link to manage your domain's WHOIS information.
Configuration
Once you click on the Whois link for a particular domain, a menu system along the top of the page will be displayed (see screenshot - warning).
Whois Information
Select the appropriate link in the top navigation bar to manage the Whois information for the organization, admin, billing and technical contacts.
DNS / Name Servers
The link to DNS/ Name Servers allows you to change the organization designated to be the DNS / name servers for your domain. Unless you are using an alternative service for your DNS service, the entries should match the servers listed in the table below. If you have transferred an existing domain to your account, you should first set up your DNS records. When you have been notified of a successful transfer, you will then be able to change the name server information (screenshot - update).
Hostname IP Address
ns1.clearcenter.net 69.90.141.xxx
ns2.clearcenter.net 217.72.242.xxx
ns3.clearcenter.net 216.127.75.xxx
ns4.clearcenter.net 67.18.3.xxx
Domain Locking
When locking is enabled for your domain, any requests to transfer your domain to another registrar or hosting company will automatically fail. This feature prevents fraudulent transfers. To lock/unlock your domain
- Login to your account
- Click on the DNS link
- Click on "Edit/Manage <Your Domain Name>"
- The lock status will be displayed on domains registered through your account
- To change the lock status, click on the "Update" link
- A new window will be created, linking you directly to your domain's WHOIS management interface. Click on the "Locking" link and update your domain's lock status as desired.
Authorization Code / Auth Code
A transfer authorization code is required when transferring any .com/.net, .org, .info, .biz, .us, and .name domain name from one registrar to another. The transfer authorization code is created at the time of registration.
The authorization code can be obtained by clicking on the "Domain Extra's" section of the WHOIS manager.
DNS - Domain Registration
ClearSDN provides an integrated system for registering domain names. The annual fee of $US 25 includes:
- Registrar fee
- Domain Management
- DNS Services
- Mail/MX Backup
The following top-level domains are supported:
- .com
- .net
- .org
- .biz
- .info
- .ca
- .de
- .us
- .co.uk, .org.uk, .me.uk
Activation
- Login to your account
- Click on DNS in the top navigation bar
- Click on Register Domain in the menu
- Lookup your domain and continue on to domain owner information
- Complete your domain registration by proceeding through the online store checkout
Configuration
Though your domain will appear in our DNS servers within minutes, it can take up anywhere from 5 minutes to 24 hours for the domain to appear in the domain system. This is unavoidable propagation time. Once the domain is registered, you can proceed to DNS configuration:
- DNS Primer
- Host / A Records
- Alias / Cname Records
- Mail / MX Records
- Mail/MX Backup
The DNS and domain services allow you to use a registered domain name with your ClearOS system. Our service gives you access to fast, reliable and secure DNS servers distributed across multiple geographic locations and network providers.
If the Domain Name System (DNS) is a new topic for you, please read the DNS Primer. If you are ready to add a domain to your ClearOS system, you can either transfer an existing domain or register a new domain.
ClearSDN Dashboard
The ClearSDN Dashboard reporting tool can be easily configured to provide a weekly PDF report summarizing the ClearSDN services on a system. The report includes information on remote server backups, intrusion detection services, content filtration reports, service monitoring, cloud-based anti-spam and antivirus status, remote security audits and other subscriptions / updates and much more. The ClearSDN Dashboard can also offer a real-time tangible report.
Overview
The weekly reporting tool provides a PDF report summarizing the Gateway Services activities on a system. The report includes information on:
- Subscription information
- Content filter updates
- Intrusion detection updates
- Port and system monitoring reports
- Antivirus and Antispam ASP reports
- Bandwidth statistics
- Security audits
Requirements
- You must be subscribed to a service
Activation
- Login to your account
- Click on Systems in the top navigation bar
- Select the target system from the list of active systems in your account
- Click on Weekly Reports in the menu
Sample Report
A sample PDF report can be found here
