<

Using SSH tunnels to secure network traffic from hackers / prying eyes

Published on
9,117 Points
2,617 Views
Last Modified:
Approved
When you send traffic on the network or on wireless it may be in plain text and it may reveal all your passwords and details.  Most programs do not use encryption by default.

This is acceptable if you own every device on the network and are sure that it can not be intercepted by anyone else.  If you are using wireless - especially if you are using a shared public wireless point (a coffee shop etc) then your passwords are flying round in the air just waiting to be grabbed with nothing more than a laptop and some software.

As soon as you are on the wireless network and attached to the internet using something like VPN will encrypt all your traffic and pass it to a known destination.  VPN is not always the simplest system to setup and may be blocked by the network you are on.  Another system is called SSH Tunnelling.

All you need for this to work is a Linux (or unix) server in a remote location (for example at home or at work) on a publicly accessible network.  This can be an old PC attached to your network or a web server on the internet from a hosting company (one where you get ssh access).

This server then becomes a stepping stone in the middle.  Your data is encrypted and sent to this server where it leaves and goes out onto the Internet. Check that this server has SSH server running on it.  If not install it and start it.

SSH is very easy to install for example -
http://www.cyberciti.biz/faq/ubuntu-linux-openssh-server-installation-and-configuration/

If you wish (or need) to use http proxy then you will also need to install squid.  This is fairly simple to do and there are lots of how-to docs on the internet.  Set it up for port 8080.

Now on your workstation install puTTY :
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Add in the IP (or hostname of your server) and save it with a name like my-server

Putty showing ip and port
On the menu on the left click CONNECTION and SSH and TUNNELS
Select Dynamic and source port 7070 and click 'add'
Select 'Local', source port '8080' and destination '127.0.0.1:8080' and click add again.

PuTTY showing tunnel settings
Click on SESSIONS on the top of the left menu and save this setup.

Now when you open it you get a terminal window.  If you do not wish to use this at all there is an option 'dont start a shall or command at all' under SSH on the menu.

While it is running you can run any application that works with a proxy.  If it allows Socks 5 or 4 proxy then point it to 127.0.0.1 on port 7070 and it will now tunnel and the data will come out from your linux server.  If it only supports HTTP proxy then use 127.0.0.1 port 8080.

Traffic sent over this system can not be grabbed out of the air (sniffed) by hackers as it is encrypted.
0
Comment
Author:edster9999
1 Comment
 

Administrative Comment

by:Eric AKA Netminder
Congratulations!

Your article has been published.

ericpete
Page Editor
0

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Join & Write a Comment

This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month