The main thing to keep in mind whenever you access a wireless network is that your information is broadcasted to everyone. There are loads of applications, widely and freely available, that can translate any broadcasted message. This means MSN messages and even usernames and passwords can be intercepted by a malicious individual. Often hotspots provide some sort of encryption, often WEP or WPA. However, again there are tons of applications and tutorials online that can break these encryptions. In the case of most universities/colleges they often make their encryption key available to the public. Therefore, even with encryption the messages you send through a wireless network are NOT SAFE.

Enter the SSH Tunnel.
A SSH Tunnel is an encrypted network tunnel through what is called a Secure Shell.
Think of it as an unbreakable tunnel that all your wireless messages travel through. Where to they end up? They travel to a network that you know is secure, most cases a home computer that is physically connected to a modem or router.

Here is an example of what a SSH tunnel does.
Assume you are on your laptop connected to a wireless hotspot at school and attempt to visit
www.google.com
1. your browser’s request for google.com travels the internet, via the tunnel, to your home computer.
2. your home computer receives your request for google.com and then requests google.com from the internet.
3. your home computer then passes the information received from google.com back to your laptop via the tunnel.
4. you receive google.com’s information

You will notice that the home computer acts as the middle-man between you and the internet. Any information you request from the laptop is requested and received by the home computer. More importantly, all your internet surfing data is protected by the SSH tunnel.

How to setup an SSH tunnel.
Here is list of things needed in order to set up a SSH Tunnel.
1. A home computer that is physically connected, by either USB or Ethernet cable, to the modem or router.
2. Create a hostname that points to your IP address provided by your home ISP. Read my notes on how this can be done.
3. Set up a SSH server on the home computer: Read my notes on that as well.
4. Install a SSH client on your laptop or any other machine using a wireless connection: My notes.
5. (If ssh server on a windows box) Configure Windows Firewall -> allow port 22.
6. (If ssh server is behind a NAT router) You will need to log into the router then usually under ‘Advanced Settings’ you should see ‘Virtual Server’, or even ‘Port Forwarding’. I would recommend configuring the ‘Virtual Server’ settings if available. Forward port 22 to the ssh server and save the settings.

7. Use the ssh client to connect to the ssh server, make sure to designate a local port whose data will be tunneled.

After completing steps 1-7 all data going in and out of the designated port will be ssh tunneled.

Now time to configure your internet browser to pass all it data through the tunnel.
Firefox: open Preferences->Advanced->”Network” tab->”Settings” button
Select “Manual proxy configuration”
Edit only “SOCKS Host”: type ‘localhost’ and for Port: the port you designated for tunneling
Click OK

Internet Explorer: open Internet Options->”Connection” tab-> “LAN settings” button
Select “Use a proxy server for your LAN”
Edit only “Socks” : address = ‘localhost’ and Port: = designated port
Cick OK

Now all data sent and received by your browser will be securely tunneled.

NOTE: the use of -C flag should only be used on a slow link or else compression is counterproductive.

For Windows boxes I recommend the use of PuTTY.
To connect simply enter the hostname and the port of the SSH server.

Free SSH Server Software:
OpenSSH for Windows
[reported to complicated to get up and running for Windows Server Editions]
copSSH
[NT/2000/XP/2003/Vista and my personal favourite, I have it running on Windows Server 2003]

Once they are installed they should run as a service.

If you are behind a firewall and/or NAT router you will need to configure some extra settings.

Windows Firewall -> open port 22

NAT router -> You will need log into your router and make an entry into “Virtual Server”, if that option is not available then “Port Forwarding”, which should be under the “Advanced” options.

You will have to assign port 22 to the computer running the SSH server. This will allow all connections from either internally or externally to connect to the SSH server.