Home page logo

basics logo Security Basics mailing list archives

Re: Question on appliances that do "decryption" of SSL
From: DaKahuna <da.kahuna () gmail com>
Date: Tue, 26 Apr 2011 19:20:27 -0400

On Apr 26, 2011, at 11:43 AM, Edd Burgess wrote:

If you want your connection to be confidential, even if you're sat on an untrusted network, use SSH tunneling to a 
box you trust and have connected to before (you know you have the correct RSA key, and it hasn't changed).

ssh -D 4444 -N user () trustedhost com

is what I use when travelling around in places that block/sniff connections - facebooking from China for example.

 That's what I use to do.  That method requires you to manually change configurations in your network configuration as 
well to have a sox proxy on your local box on port 4444.  What I am using now is much simpler.  It's OpenVPN installed 
on  server I trust.  I use an HTTPS Session to connect to OpenVPN and once that connection is established all my 
traffic is routed across the openVPN without me having to go in and make configuration changes to my network.  That way 
when I am in a hotel, airport or other place where I am forced to use an open wireless connection, I do not have to 
disable the proxy, set up the ssh session and then re-enable the proxy.  I simply connect to the WAP, get my ip address 
from the captive portal or whatever, and then https to the openVPN session. 

 I still use ssh -D from time to time though just for the fun of it. 

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]