Secure browsing

From Secure Computing Wiki
Revision as of 13:49, 8 February 2008 by Ecrist (Talk | contribs)

Jump to: navigation, search

There are a number of ways to browse the internet more securely. One way, which I use and highly suggest is SSH tunneling. As I have a suitable fast connection to the internet at my NOC, I route any network traffic I don't want discovered or sniffed at work across an SSH tunnel to my NOC and one of the systems there. If you have access to a remote ssh system, that your trust, simply run the following command from a *nix system (including Mac OS X) terminal:

# ssh -ND 9999 <username>@<host>

Change <username> for your valid username and <host> for your valid host name. In addition, I run ssh on a port that's different from the standard 22 to something that can be confused with other traffic, such as 443, which is generally allowed out of networks, completely unhindered. Your network admins cannot really see this traffic anyways, as it's already known to be encrypted.

Next, we need to configure our browser to use this secure tunnel. On my Mac, I use Safari for general browsing and Firefox for the more secure stuff. We need to configure Firefox to use a SOCKS proxy (our ssh tunnel):

  1. Open Firefox and go to File->Preferences.
  2. Next, select Advanced, and then the Network tab.
  3. Now, you should see a Settings... button. Click on this and you should get an new set of options.
  4. Click the radio button for Manual Proxy Configuration and enter localhost in the SOCKS host box, followed by 9999 in the port field following. The remaining defaults should be fine.
  5. Click 'OK' and close the preferences window

As long as you've still got your ssh tunnel open, you should be able to browse the internet. If you go to, you should see the IP address of the remote SSH system.