Securing data transfer between public network and personal accounts

Question

I would be traveling soon and I am looking for all kinds of ways to encrypt the data transfer (usernames, passwords, emails ...) between the new networks to which I will connect my Laptop, that is running Ubuntu Oneiric (11.10), and my server, my accounts, my everything that I will connect to.

So, what do you recommend me to do so?

+1 For being concerned to do the right thing, as against falling for the wicked [firesheep](http://codebutler.com/firesheep) — CodeExpress, Feb 22 '12 at 17:38

score 4 · Answer 1 · answered Feb 20 '12 at 17:29

4

This is the classic use case for a Virtual Private Network (VPN).

If you're technically savvy, you could set up your own VPN server at home. Strongswan is the one packaged with Ubuntu.

Or, you could use a third party VPN provider. Obviously though you have to find one you trust with your data. Note also that they won't typically get you inside your home network, they'll just get you to their network.

answered Feb 20 '12 at 17:29

Graham Hill

15,394
37
62

Exactly what I thought, VPN. Thanks, I will go ahead and learn all the things I can before leaving. Thanks – w0rldart Feb 20 '12 at 17:52

score 3 · Answer 2 · answered Feb 20 '12 at 21:57

3

If you are conversant with network administration, another good tool to set up a VPN of your own is OpenVPN. You run an OpenVPN server on your server, and an OpenVPN client on your laptop, and then you have a secure VPN between the two. I have spent some time with the OpenVPN source code in the past, and I was impressed: my conclusion was that OpenVPN is well-designed and provides strong security.

answered Feb 20 '12 at 21:57

D.W.

98,420
30
267
572

+1, that's what I have found over the internet and decided to test. Thanks for confirming it – w0rldart Feb 20 '12 at 22:10

CodeExpress · Accepted Answer · 2012-02-22T17:42:21.417

2

VPN is always an option, since everyone else has already covered that, I'll not repeat the details.
I'll tell you a easier and quicker way: SOCKS proxy
From the requirement point of view, all you require is a SSH server running at your home computer/server that you trust. Once that is set, this is your workflow:

You create a local socks proxy server on your laptop- $ ssh -D 1080 user@yourserver.com
- This creates a ssh connection between your laptop and your home computer, and dynamically forwards all your ports to remote machine.
Thereafter just point your browser to the local socks proxy. As shown in the image below (for firefox). Similar settings applies to other browsers.
Now all your browser data is routed though your home server/computer over the ssh tunnel.
Most programs (ftp, browsers, IM clients) support socks proxy support. Configure them likewise to use your ssh tunnel.
For programs that don't inherently provide socks support, you can socksify it using tsocks. For your Ubuntu machine you can just $ sudo apt-get install tsocks

Personally I find this method much easier to route my internet traffic via my home computer whenever I am browsing from a public wifi/network.
No setup required whatsoever, just run a ssh server on your always on home PC and you are done !!

edited Feb 22 '12 at 17:42

answered Feb 22 '12 at 17:32

CodeExpress

2,422
13
10

this is really great, but I always wondered if someone can sniff any data wile I am trying to connect to the ssh server? – w0rldart Feb 23 '12 at 12:34
If you meant the possibility of sniffing your data (which is essentially your ssh creds) while your are connecting to the ssh server, then the answer is NO. Thats because your credentials are transferred only after the ssl (yeah ssh is ssl under the hood) has been established.
So everything that goes over the proxy after that cannot be sniffed.
– CodeExpress Feb 23 '12 at 15:16
I'd however bring this point here. The SSH fingerprint that any SSH client asks you to accept authenticates your server. Hence, you should only accept keys after verifying if you are truly paranoid. What I'd do is that I'd connect to the SSH server form my home network once (when I know there is no MITM going on). It saves the key for future connections thereafter. At this point, I have reasons to be alarmed if the same ssh client asks me to verify a new fingerprint sometime in future. 2 reasons it can happen is - 1.) SSH server got restarted. 2.) you are being MITMed. – CodeExpress Feb 23 '12 at 15:20

score 1 · Answer 4 · answered Feb 23 '12 at 11:40

We've had VPN suggested, and proxy over ssh suggested, so I'll very quickly mention a third option for completeness.

You could establish an ssh conenction, as above, and then use a remote access method to control a pc at home - ssh itself, or vnc, or remote X.

That's probably the least convenient option, but in some circumstances it's a good answer.

By the way, all these methods can be made to work with a Ubuntu Live CD option to give even more security (essentially turning the laptop into a disposable computer, so there's less chance of the laptop itself being compromised on the untrusted network.)

The remote access to a computer isn't a choice for me, I am going for the VPN and the ssh socket traffic redirect — w0rldart, Feb 23 '12 at 12:35

score 0 · Answer 5 · answered Feb 21 '12 at 21:28

0

Something I often do is run a private proxy at home. I then ssh tunnel to my home computer and set my browsers to always use my private proxy.

answered Feb 21 '12 at 21:28

Davis

1

Securing data transfer between public network and personal accounts

5 Answers5