Difference between revisions of "Secure browsing"

From Secure Computing Wiki
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
There are a number of ways to browse the internet more securely.  One way, which I use and highly suggest is SSH tunneling.  As I have a suitable fast connection to the internet at my NOC, I route any network traffic I don't want discovered or sniffed at work across an SSH tunnel to my NOC and one of the systems there.  If you have access to a remote ssh system, '''that your trust''', simply run the following command from a *nix system (including Mac OS X) terminal:
+
There are a number of ways to browse the internet more securely.  One way, which I use and highly suggest is SSH tunneling.  As I have a suitable fast connection to the internet at my NOC, I route any network traffic I don't want discovered or sniffed at work across an SSH tunnel to my NOC and one of the systems there.  If you have access to a remote ssh system, '''that you trust''', simply run the following command from a *nix system (including Mac OS X) terminal:
 
<pre># ssh -ND 9999 <username>@<host></pre>
 
<pre># ssh -ND 9999 <username>@<host></pre>
 
Change <username> for your valid username and <host> for your valid host name.  In addition, I run ssh on a port that's different from the standard 22 to something that can be confused with other traffic, such as 443, which is generally allowed out of networks, completely unhindered.  Your network admins cannot really see this traffic anyways, as it's already known to be encrypted.
 
Change <username> for your valid username and <host> for your valid host name.  In addition, I run ssh on a port that's different from the standard 22 to something that can be confused with other traffic, such as 443, which is generally allowed out of networks, completely unhindered.  Your network admins cannot really see this traffic anyways, as it's already known to be encrypted.
Line 16: Line 16:
 
<li>Click 'OK' and close the preferences window</li>
 
<li>Click 'OK' and close the preferences window</li>
 
</ol>
 
</ol>
As long as you've still got your ssh tunnel open, you should be able to browse the internet.  If you go to [https://www.secure-computing.net/ip.php https://www.secure-computing.net/ip.php], you should see the IP address of the remote SSH system.
+
As long as you've still got your ssh tunnel open, you should be able to browse the internet.  If you go to [http://www.secure-computing.net/ip.php https://www.secure-computing.net/ip.php], you should see the IP address of the remote SSH system.

Latest revision as of 10:50, 22 October 2008

There are a number of ways to browse the internet more securely. One way, which I use and highly suggest is SSH tunneling. As I have a suitable fast connection to the internet at my NOC, I route any network traffic I don't want discovered or sniffed at work across an SSH tunnel to my NOC and one of the systems there. If you have access to a remote ssh system, that you trust, simply run the following command from a *nix system (including Mac OS X) terminal:

# ssh -ND 9999 <username>@<host>

Change <username> for your valid username and <host> for your valid host name. In addition, I run ssh on a port that's different from the standard 22 to something that can be confused with other traffic, such as 443, which is generally allowed out of networks, completely unhindered. Your network admins cannot really see this traffic anyways, as it's already known to be encrypted.

Next, we need to configure our browser to use this secure tunnel. On my Mac, I use Safari for general browsing and Firefox for the more secure stuff. We need to configure Firefox to use a SOCKS proxy (our ssh tunnel):

  1. Open Firefox and go to File->Preferences.
    Firefox-prefs.png
  2. Next, select Advanced, and then the Network tab.
    Firefox-net-adv.png
  3. Now, you should see a Settings... button. Click on this and you should get an new set of options.
  4. Click the radio button for Manual Proxy Configuration and enter localhost in the SOCKS host box, followed by 9999 in the port field following. The remaining defaults should be fine.
    Firefox-proxy-config.png
  5. Click 'OK' and close the preferences window

As long as you've still got your ssh tunnel open, you should be able to browse the internet. If you go to https://www.secure-computing.net/ip.php, you should see the IP address of the remote SSH system.