Secure Web Browsing


The following topics are covered in this guide -

Browsing over an open Wi-Fi connection or other non-trusted network is a security risk as the data sent and received is not encrypted. Someone with network access might exploit this by monitoring traffic over the network and intercepting private data.

It is possible to connect to a Server from another network to browse via a SSH tunnel. The Client (the machine connecting to the non-trusted network) PC's web browser can be configured to use the internet connection on the Server to send and receive data. As all data is encrypted via the SSH tunnel whilst it is being forwarded to the Client it is much less vulnerable to security risks.

The same setup can also be used to bypass firewall settings that restrict access to certain web sites - e.g. on an office PC. As long as a SSH connection can be made to the Server then any sites that can be accessed directly from the server can be accessed on the Client PC.

Note - you will still be susceptible to security threats if your Server is not secure.

The browser you use to connect to the internet must support the SOCKS protocol. Firefox Portable (version 3.5.3) has been used in this guide as it does not need installing and can be run from a flash drive - this makes it ideal for use on Client PC's. If Firefox portable is configured following the instructions below it will only connect to the Server, refusing all other connections - this minimises the risk of accidently browsing the internet via a non-trusted network.

Configure Firefox (Portable)


To configure Firefox for SOCKS proxy forwarding -

  1. Goto the Tools menu and click on Options to open the Options menu.
  2. Click on the Advanced menu and select the Network tab and click on the Settings... button -

  3. Enter the following settings in Connection Settings, then click on the OK button -
  4. Enter about:config in the address bar -

    Note - if displayed, accept warning by clicking on I'll be careful, I promise!.
  5. Search for network.proxy.socks_remote_dns in the settings and ensure Value is set as True (double click on the network.proxy.socks_remote_dns menu option to change the Value) -

  6. Now restart Firefox. If the settings have been entered correctly you will not be able to browse the internet if a SSH tunnel is not open and will receive an error message stating that The proxy server is refusing connections -

SSH Client settings


To create a Secure Shell tunnel to connect to the SOCKS Proxy Server use PuTTY (follow the instructions here)

Browsing


To start browsing simply start Firefox once the SSH tunnel connection has been opened. To ensure that the proxy server is being used check your IP address using whatismyip.com or a similar service - the IP address of the Server should be displayed.