Secure web tunnel setting
There are many ways to protect your data in case you need to access public Wi-Fi networks
Network Administration - If you're a mobile person, you'll probably have access to public wireless networks . Certainly fall into such circumstances you will have to prepare some ways to protect yourself. There are many ways to secure your data in situations where you need to access such networks, such as using the company's virtual private network - if possible - or an encrypted web tunnel. like Hotspot Shield.
However, if you don't have a corporate VPN and don't want to see a lot of administrators using Hotspot Shield, you still have another option to secure your wireless traffic, which is how to create a tunnel that they I will introduce you to the lesson.
Create a tunnel for data traffic
Even if the public wireless network you use is password protected or paid in minutes, anyone connected to that network can spy on your HTTP traffic.
However, we can overcome this problem by creating an encrypted tunnel through which to send web traffic, that tunnel will start from the laptop and end in a known location. as its known endpoint. From here, the tunnel can route your web requests to the public Internet.
Obviously, when the traffic is outside the tunnel, it will be the object of research - from ISPs, laws, or something like that - but while your data will be transmitted through a public hotspot, your surfing is safe.
In the diagram above, users at a cafe's wireless hotspot use a direct route to the website (red), but you use an encrypted tunnel to shield yourself from the hotspot network. When at the end of the tunnel, your web traffic will go through the Internet through conventional unencrypted methods (red) to the destination website.
Easy and save via SSH
The easiest way to set up your own secure web tunnel is to pay a monthly fee to a hosting company so that they can perform all the hard work such as setting up the server, installing the operating system. , and make sure that the server works 24 hours a day with plenty of energy consumed. Some people like this method because it is not annoying with firewalls, and it is not for the computer to run when you are on the road.
Any shared hosting provider can accomplish your purposes, provided that their company provides access to a secure shell (SSH) server. SSH is an encrypted version of telnet, one of the first protocols of the Internet, used to send information between two computers.
Some users may prefer to use HostGator, which has a large data center in Houston. The company's basic "Hatchling" hosting package only falls to about $ 5 per month, so if you spend a negligible amount you can get your own secure tunnel. When HostGator creates your account, you will receive your login information and the server will be assigned to you. From here, you can set up a Web proxy using SSH commands. We will demonstrate on both OS X and Windows versions; Linux users can follow and make some minor adjustments where needed.
Create an SSH client
OS X has a command line SSH client utility, so all you need to do is open Terminal (located in the Utilities folder within the Application folder). You will see a command prompt with your username and computer name followed by the $ symbol. All commands in the section below will be the ones you type next to the symbol.
On Windows, you need to download the SSH client program. There are many options for you, but the most popular free software is PuTTY.
Test SSH server
Using login information from the hosting provider, you can open an SSH session on OS X by entering the bold section below, after the $: symbol.
$ ssh username@server.websitewelcome.com
On a Windows computer, launch PuTTY and enter the server name provided by the hosting provider. Select the SSH button under 'Protocol'. Port field should be set to 22 (default SSH port). Click the Open button.
Since this is the first time you connect to this server, both the client of OS X and PuTTY will display a warning and prompt you to confirm the trace of the host. (This only happens once; then your SSH client will confirm that the trace has not been changed. If the trace is changed, it may indicate that your connection has been tampered with.) . You will see the text similar to the one below:
The authenticity of host 'server.websitewelcome.com' can't be established.RSA key fingerprint is 11: 22: 33: 44: 55.
Bạn có chắc muốn tiếp tục kết nối Yes
When confirming the trace, PuTTY will prompt you to enter your username and password. OS X will only prompt for the password because you have provided the username on the command line before.
After logging in, there will be a prompt indicating that you are currently connected to the command line of the remote server; Note that the host name preceding the $ symbol is changed to reflect the remote system:
login as: username
Using keyboard-interactive authentication.
Password: *********
Last login: Fri Jan 01 02:03:04 2010 from 1.2.3.4
username@server $
Now that the SSH server is working, you can continue to set up your tunnel. Type exit command to close the SSH session.
Internal listener and remote endpoints
This is where there are many things that are easy to confuse, so read carefully. You need to configure a port on your local computer (the listener) that will take the packets you inserted and switch to an encrypted SSH session. At the end of the tunnel, the traffic will dump on the SSH server. In the following sections, we will introduce how to configure your web browser to authorize traffic through this internal listener. Although conceptually it seems that you want to point the web browser to the remote server, but technically you will point it at 'localhost', which is a special name for the local computer.
Need to set up so that the SSH client connects to the SSH server and opens a tunnel starting on laptop ( localhost ) on port 8888 and ends at the SSH server, where the data will be forwarded to the final destination website.
Create SSH tunnel
The process of creating a very simple tunnel on OS X, can be shown in a command:
$ ssh -ND 8888 username@server.websitewelcome.com
The 'N' option instructs SSH client that you do not want an interactive session (a command prompt), because you only want to set up a tunnel. The 'D 8888' option instructs the SSH client to set up a 'dynamic' forwarding tunnel on port 8888. The tunnel here is dynamic because the destination website will change depending on where you are surfing; Other port forwarding tunnels have static rules, but to browse the web, you need a dynamic version. After issuing the command, you will be prompted for the password and then . nothing happens. Indeed, if the command works, the port will be opened, but you will not receive any confirmation within Terminal. OS X users can continue to move on to the next section.
With Windows, launch PuTTY again, look in the 'Category' section to the left of 'Connection', expand the 'SSH' category to select Tunnels . Select the Dynamic button, enter 8888 for 'Source port', then click Add .
Now, click the Open button. After entering your password, the tunnel will be created. No confirmation message is displayed inside the command prompt.
Try the new tunnel
This is when we go to test the tunnel we just created. Launch your web browser, access What Is My IP Address, write the IP address displayed in it. This is the public IP address that the rest of the world will see when you connect from your current location (home, work, school, or coffee too).
When changing Web proxy settings, you need to go back to this site to verify that the Internet believes you are accessing from your SSH server, confirming that browsing is safe from snooping by people. Use other hotspot Wi-Fi.
Internet Explorer users need to go to the Tools menu and select Internet Options . From this dialog box, select the Connections tab (fifth from the left) and click the LAN Settings button at the bottom. In the pop-up dialog box, select the check box next to Use a proxy server for your LAN . Click Advanced . Next to 'SOCKS' enter localhost for the address and 8888 for the port; Leave all other fields blank. Click OK three times and go to What Is My IP Address again. Your IP address will reflect that is the address of the SSH server.
Mozilla Firefox users on Windows need to go to the Tools menu and select Options , while OS X Firefox users need to go to the Firefox menu and select Preferences . Then, users on both platforms need to select the Advanced item (the tool icon), then the Network tab (second from the left) and click the Settings button.
Select Manual Proxy Configuration. Next to 'SOCKS Host', enter localhost for the address and 8888 for the port; Leave all other fields blank. Select the SOCKS5 button if it is not already selected. In Windows, click OK twice; on OS X, close both preferences windows. Access to What Is My IP Address again. Your IP address will reflect that is the address of the SSH server.
Safari users on OS X need to go to the Safari menu and select Preferences . Select the Advanced item (tool icon), then click the Change Settings button next to 'Proxies'. This will open the System Preferences window for your current network connection. On the Proxies tab , select the check box next to SOCKS Proxy and then enter localhost for the address and 8888 for the port. Click OK , Apply and then close System Preferences. Access What Is My IP Address. Your IP address will reflect that is the address of the SSH server.
Run the SSH server
Congratulations: You now have a secure tunnel to be able to use public Wi-Fi safely. But what happens if you ignore our advice and don't want to pay a monthly fee to the hosting company? You can run an SSH server of your own. However, this method is not for everyone, do not continue with the following steps unless the previous sections are too easy for you to understand. In addition, you also need to know how to allow connection through your DSL / cable router at home (or if at the office, you need to know how to change your firewall).
This method will also draw attention to your connection before network scanners are looking for open ports on the Internet. In addition, you will have to turn on your computer to run the server all the time when you return home, which can consume a lot of electrical energy and cause considerable noise.
We recommend that you choose a hosting provider solution, but if you really know the risks involved and want to manage your own SSH server then continue. This is what the configuration your configuration will have:
OS X users have a bit of luck: an SSH server is built into the operating system. So just open System Preferences and open the Sharing category . Under the Services tab , select the check box next to Remote Login (also known as SSH Server). That is all! You can skip to the section below.
For Windows users, you can use some inexpensive or free SSH servers available. The server we use in this example is WinSSHD version 5 of Bitvise; available and free of charge for personal use. Run the installer and select Personal Edition (for companies, the Standard Edition version will be a great choice and not too expensive).
The control panel will load after installation and display Easy Settings wizard. All default settings are suitable for your purposes now, so just click Cancel . Click the Start WinSSHD link highlighted in blue to launch SSH server.
Test SSH server
We won't go into details about properly disabling the internal laptop firewall or your network firewall to allow port 22 to receive incoming connections - if you've read it here, you've done an experienced user, whom we think knows how to do this. Your next step is to test the SSH server, so you'll use some of the commands described below in the previous sections. OS X users should enter the following command:
$ ssh username @ localhost
Windows users need to launch PuTTY and enter localhost as the server address. You can use your password, the password you use to log in to the laptop. Remember that this is a new connection, so you will definitely see a trace verification prompt. If not working, check your firewall or other security software because most likely these components are blocking your connection.
Next, try connecting from outside to your SSH server. Create a test account on the local computer and ask a friend to test the connection using the password for this test account. Your friend needs to follow the same steps in configuring the SSH client software and his web browser as we discussed in the previous sections.
Never surf the internet when not protected
Now you have found it easy to use a secure channel for browsing the web when you are in public Wi-Fi hotspots. Use the free Hotspot Shield service, set up your own SSH server at home, or use an inexpensive hosting provider - never, however, surf an unprotected network!
You should read it
- Install SSH on the Router for secure web access anywhere
- Hotspot Shield - Free VPN Software
- Review Hotspot Shield: The fastest VPN available with proprietary technology
- Download Hotspot Shield 10.9.4
- 5 applications to secure Wi-Fi Hotspot connections
- 8 ways to secure SSH server connections on Linux
- Using HotSpot Shield for security or Facebook access? Your IP is at risk of being exposed
- Free 1 year Steganos Online Shield 365 license
- Should I use Hotspot Shield's free VPN?
- How to activate and use SSH commands on Windows 10
- How to install Putty SSH Client on Ubuntu 20.04 LTS
- The best SFTP server and tools for secure file transfer
Maybe you are interested
How to Recognize Sent Messages in Apple Messages How to register IOE online English exam on computer The best iPad drag and drop apps running iOS 11 The list of foods that contain the most iron is easy to find 27 images show that work risks are inevitable Many fortresses on the Kent coast are about to turn into luxury resorts