10
Jun
These days we are carrying a lot of secure data on our mobile devices and increasing prevalence of free wireless internet access offers huge convenience. But how can we make sure we’re not being watched?
If you find yourself in a coffee shop using the free wireless broadband keep in mind that you are operating on the same network as anybody else in that coffee shop. As such your device, and all the other connected devices are visible. When something can be seen, it means it’s easier to access.
You first line of security when working on open networks is to disable File Sharing. Under Windows this can be accessed via network properties, on a Mac via System Preferences, File Sharing. By disabling this feature you substantially increase the effort required to browse your computers hard drive remotely.
If you are mobile then make sure you’re running a firewall. This includes Mac users. No matter what anybody tells you about Mac security at then end of the day we all need a good firewall when working away form your own trusted network. Both Windows and Mac OS X have built in firewalls that can easily be enabled.
If you implement the above you will have adequate security for the majority of the worlds coffee shops. Unless you are unfortunate enough to be using one at the same time as a master hacker. So it is with this in mind I would suggest you avoid accessing your banking information whilst sat in Starbucks.
There is another way to seriously boost your coffee shop security and that’s by using a secure tunnel or SOCKS. This basically sets up an encrypted link between you and another computer (that you trust). The trusted computer retrieves the websites you ask for on your behalf and then sends them to you in an encrypted form. All you need is an SSH account which many web hosting companies include as part of their hosting services.
ssh -d 9999 [name_of_your_ssh_server] -l [username]
By typing the above command into an MS-Command window or a Mac OS terminal window you are asking a program called SSH to create a secure tunnel between your computer and the remote computer, using the supplied username. In the above example you would substitute the [name_of_your_server] with your actual SSH server, and [username] with the appropriate username.
On pressing return you will be prompted for you password, and then you will have access to the SSH server. The above code also BINDS the secure tunnel to port 9999, something which we will not use to ensure your internet traffic is directed via the tunnel.
If you now access your advanced internet browser settings, or direct through network proxies in system preferences for Mac OS X, you will be able to establish a SOCKS proxy. Simple enter localhost as the server address and 9999 as the port address.
All of this wizardry seems a little confusing but basically all your internet browsing will take place on your behalf by the SSH server.
There is another great feature of this workaround. Assuming your SSH server is based in the UK, services that must have a UK IP address such as BBC iPlayer will happily work elsewhere in the world when ordinarily they would be blocked.
[N.B - This above guide contains technical details that are best followed by those with some understanding of computer networking. The guide is not the most technical, but neither is it a step by step guide]