Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To

Introduction

A mobile user relying on public Internet access has to accept certain inherent risks. Unscrupulous individuals can intercept and record your traffic, or even interpose themselves into the session, taking the place of any party. Your traffic can also be blocked or filtered at will, with little notice.

While these risks can never truly be mitigated, measures can be taken that reduce the potential for harm. This article will show you how to use two applications, Hamachi and Squid, to set up a secure connection to a web proxy that can be used for secure web browsing no matter where you are.

In-the-clear browsing can be monitored

Figure 1: In-the-clear browsing can be monitored

Figure 1 is a simplified diagram of normal Internet traffic, in this case HTTP. A user's Internet browser sends a request for data to a web server, which then replies with the data requested. The Eavesdropper, an individual who gains access to the session traffic, is able to obtain passwords transmitted in plaintext, all without the knowledge or consent of the user.

If a wired connection is used, the Eavesdropper must have physical access to the network being used. A wireless network, however, such as a public Wi-Fi Hotspot can be monitored from afar with no physical connection.

Today, most e-commerce sites rely on SSL to encrypt passwords. But there are still many sites in use (forums and blogs being the most prevalent) that provide easy pickings for anyone with basic competency in packet sniffing. Although it would be ideal to have every site engage in secure communications with its users, the reality is that the responsibility of safeguarding credentials is too often placed squarely on the user.

If a secure session cannot be established between a site and user, the next best solution is to secure at least part of the connection. This is illustrated in Figure 2.

Secure connection to a Proxy server

Figure 2: Secure connection to a Proxy server

Figure 2 illustrates the data flow of a user relying on VPN to traverse an untrusted network. Instead of querying the web server directly (as in Figure 1), the Internet browser forwards the request to a proxy server, which then conducts a session with the web server on the client's behalf.

Communication between the client and proxy (which should be all the HTTP traffic) is routed through the tunnel established by VPN software (Hamachi). Since this tunnel encrypts traffic passing through it, Eavesdropper is unable to obtain any plaintext data. Without the ability to read traffic, the risk of someone hijacking the session is sharply reduced, resulting in an overall improvement in security.

More Stuff

Wi-Fi System Tools
Check out the new Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors



Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello!I own this Asus RT-AC68U router and does not want to give up on which NAND S34ML01G100TF100 has burned. I replaced nand but I do not find the co...
Is there a way of enforcing google safe search on the standard asus router firmware?I have it enforced on RMerlins.
Is there anybody out there running AiMesh using only the 2.4GHZ band? The reason I ask is that depending on your environment 5GHZ bands are next to us...
Hi there i have an old but trusty Asus RT-N66u router that i running the latest supported Merlin 380.70 code.Recently i have noticed some hacking atte...
In the past few weeks i have been getting emails around attempts to brute force my Admin account.Thankfully i had disabled the admin account in favour...

Don't Miss These

  • 1
  • 2
  • 3