Saturday, October 28, 2006

Browsing Safely On The Road

I recently went on two trips, a wedding and then a business trip, and both involved getting internet access at the hotel. The hotel we stayed at at the wedding had free wireless internet, which was completely unencrypted and definately visable from the other hotels grouped around it. The second hotel had strictly wired internet which required me to sign up. Neither of them really gave me a huge amount of confidence in them keeping my information safe. What does one do? If you have broadband and a dynamic DNS account (I suggest, I've used them for years without a problem), you have some options!

Remote Desktop

This is the easiest thing to set up. All you need is a broadband connection back home, a router, and a spare computer. If you don't want to spring for an extra Windows license for the machine, you can install Ubuntu Linux and use FreeNX to run a fully encrypted session through your home's internet connection. I prefer this solution over regular Windows XP Remote Desktop because it is faster, and there is less chance someone will hack your Linux box as opposed to a Windows XP machine sitting on the internet.

Tunneling via VPN

There are a couple of ways that people can tunnel their internet connection. The one that will give you the most control is a VPN. Both times I used OpenVPN to connect back home, and I did all my browsing via a remote Linux box. The tunnel kept everything encrypted just like a corporate VPN, and since I did everything through a remote computer's browser, there was no chance of my passwords being sniffed across the network. VPNing also does not restrict you to what is on a single machine. If you use iTunes or SlimServer to stream music across your network at home, you can access them just like you could if you were at home.

You can also have OpenVPN force all your traffic through the secure VPN connection. This way you do not have to set up a remote computer to do your surfing (in a normal non-tunneled VPN, all of your internet requests go through the ISP you are connected to, in this case the hotel). This is fine as long as you don't do any large downloads as that will quickly kill your VPN's bandwidth.

To set this up, I recommend replacing your home router with an IPCop linux router and installing the Zerina OpenVPN plugin for it. This will set up a VPN server (and a much nicer router than what most $50-$100 routers are) in less than 30 minutes. For your clients, you can install the command-line OpenVPN client for Linux (Ubuntu/Debian users should be able to just do a 'sudo apt-get install openvpn' if you have the extra repos set up), and Windows users can use the OpenVPN GUI.

TOR + Privoxy

This is a good last-ditch effort if you don't have broadband at home or can't set up either of the above options. TOR (The Onion Router) is a software router that takes all of your traffic through other random TOR servers out on the net. What this does is find a single TOR server, sends the request to it, which finds another TOR server and sends the request through it, so on and so on until you reach your destination. Slow, yes, but it gets the job done.

Privoxy allows you to set up a SOCKS4/5 proxy to filter different programs through TOR. You can point your IM programs, browsers, or anything else that supports SOCKS proxies to your local Privoxy install, which then pushes it through TOR. Brilliant! This will not speed up a TOR connection at all, but it gives you a good measure of protection from packet sniffers.

Well, I hope that this helps those road warriors out there a bit. In this day and age, the tools to do identity theft are free and getting easier and easier to use. The above suggestions on keeping your information private should help keep you a bit safer when it comes to the internet.

No comments: