Secure Your Web Traffic From Prying Eyes

Here’s a quick article/tip that I just read from a book called “Network Security Hacks” by O’Reilly Publishing. Please puchase the book to see the full article details. I have made some modification to the tip to include steps for properly configuring the Squid daemon/service using Squidman on the Mac OS X. Other Unix platforms are also supported, but for our purposes this will do.

Secure your web traffic from prying eyes and improve performance in the process

Suppose, you are at work and you need to quickly check your webmail or surf around on your free time. However, you don’t want your web traffic to be monitored and captured by the network admin at work. The solution is to connect to your home PC/Mac that is on a cable/DSL Internet connection using secure shell client to tunnel the connection. All of this assumes that the network admin has not closed off the network ports 3128 (squid) or 22 (ssh).

> After installing Squidman, bind the Squidman daemon/service port to the default standard 3128. Also, make sure to enter the clients’ IP address/address range that the daemon will accept connections from. Start the daemon/service.

> Configure the secure shell daemon (sshd). On Mac OS X, it is simply a matter of going into Apple Preferences/Sharing and enabling the Remote Login service. If you have enabled the firewall, there is the additional step of adding the Squid daemon port 3128 to the firewall rules. ;

> Now that the Squid web proxy server and ssh daemon server are properly setup and running, you need to setup your client at work. If you are on a Windows PC, there is a prior step of installing and configuring Cygwin. This allows you to run Unix commands on the standard DOS prompt. Otherwise, if you are on Mac OS X, consider yourself lucky since all the commands you need to run are already installed and configured.

> From the Unix shell or DOS prompt (via Cygwin), run the following command (replacing the username with your real login, and replacing proxy.example.com with the servername/ip address of your home sshd/squid server):

ssh -L 3128:127.0.0.1:3128 username@proxy.example.com -f -N

> Now, we need to open up your browser’s Connection Settings and enter the servername/ip address and port of your local machine, 127.0.0.1.

squidssh01.gif

Hit OK button. Now, test it out by entering your favorite URL on the browser. That’s all there is to it. Another useful tip is to use SSH to secure your VNC traffic.