Securely surf the net on a wireless link
This article is intended for anyone that surfs the internet wirelessly. For example, University/College students, home users connected to a wireless network and even users of local hotspots.
The main thing to keep in mind whenever you access a wireless network is that your information is broadcasted to everyone. There are loads of applications, widely and freely available, that can translate any broadcasted message. This means MSN messages and even usernames and passwords can be intercepted by a malicious individual. Often hotspots provide some sort of encryption, often WEP or WPA. However, again there are tons of applications and tutorials online that can break these encryptions. In the case of most universities/colleges they often make their encryption key available to the public. Therefore, even with encryption the messages you send through a wireless network are NOT SAFE.
Enter the SSH Tunnel.
A SSH Tunnel is an encrypted network tunnel through what is called a Secure Shell.
Think of it as an unbreakable tunnel that all your wireless messages travel through. Where to they end up? They travel to a network that you know is secure, most cases a home computer that is physically connected to a modem or router.
Here is an example of what a SSH tunnel does.
Assume you are on your laptop connected to a wireless hotspot at school and attempt to visit
www.google.com
1. your browser’s request for google.com travels the internet, via the tunnel, to your home computer.
2. your home computer receives your request for google.com and then requests google.com from the internet.
3. your home computer then passes the information received from google.com back to your laptop via the tunnel.
4. you receive google.com’s information
You will notice that the home computer acts as the middle-man between you and the internet. Any information you request from the laptop is requested and received by the home computer. More importantly, all your internet surfing data is protected by the SSH tunnel.
How to setup an SSH tunnel.
Here is list of things needed in order to set up a SSH Tunnel.
1. A home computer that is physically connected, by either USB or Ethernet cable, to the modem or router.
2. Create a hostname that points to your IP address provided by your home ISP. Read my notes on how this can be done.
3. Set up a SSH server on the home computer: Read my notes on that as well.
4. Install a SSH client on your laptop or any other machine using a wireless connection: My notes.
5. (If ssh server on a windows box) Configure Windows Firewall -> allow port 22.
6. (If ssh server is behind a NAT router) You will need to log into the router then usually under ‘Advanced Settings’ you should see ‘Virtual Server’, or even ‘Port Forwarding’. I would recommend configuring the ‘Virtual Server’ settings if available. Forward port 22 to the ssh server and save the settings.
7. Use the ssh client to connect to the ssh server, make sure to designate a local port whose data will be tunneled.
After completing steps 1-7 all data going in and out of the designated port will be ssh tunneled.
Now time to configure your internet browser to pass all it data through the tunnel.
Firefox: open Preferences->Advanced->”Network” tab->”Settings” button
Select “Manual proxy configuration”
Edit only “SOCKS Host”: type ‘localhost’ and for Port: the port you designated for tunneling
Click OK
Internet Explorer: open Internet Options->”Connection” tab-> “LAN settings” button
Select “Use a proxy server for your LAN”
Edit only “Socks” : address = ‘localhost’ and Port: = designated port
Cick OK
Now all data sent and received by your browser will be securely tunneled.
Posted under Networking, Security